High Vulnerabilities

[CENTER][TABLE] [TR] [TH]Primary Vendor -- Product[/TH] [TH]Description[/TH] [TH]Published[/TH] [TH]CVSS Score[/TH] [TH]Source & Patch Info[/TH] [/TR] [TR] [TD][LEFT] projectworlds_pvt._limited -- online_art_gallery [/LEFT][/TD] [TD][LEFT]Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'fnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43737&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-43737]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43737') [MISC]('https://https://projectworlds.in/') [MISC]('https://fluidattacks.com/advisories/ono')[/TD] [/TR] [TR] [TD][LEFT] projectworlds_pvt._limited -- online_art_gallery [/LEFT][/TD] [TD][LEFT]Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43738&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-43738]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43738') [MISC]('https://https://projectworlds.in/') [MISC]('https://fluidattacks.com/advisories/ono')[/TD] [/TR] [TR] [TD][LEFT] projectworlds_pvt._limited -- online_art_gallery [/LEFT][/TD] [TD][LEFT]Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-44162&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-44162]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44162') [MISC]('https://https://projectworlds.in/') [MISC]('https://fluidattacks.com/advisories/ono')[/TD] [/TR] [TR] [TD][LEFT] projectworlds_pvt._limited -- online_art_gallery [/LEFT][/TD] [TD][LEFT]Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-44267&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-44267]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44267') [MISC]('https://https://projectworlds.in/') [MISC]('https://fluidattacks.com/advisories/ono')[/TD] [/TR] [TR] [TD][LEFT] projectworlds_pvt._limited -- online_art_gallery [/LEFT][/TD] [TD][LEFT]Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'gender' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-44268&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-44268]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44268') [MISC]('https://https://projectworlds.in/') [MISC]('https://fluidattacks.com/advisories/ono')[/TD] [/TR] [TR] [TD][LEFT] projectworlds_pvt._limited -- online_art_gallery [/LEFT][/TD] [TD][LEFT]Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-44375&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-44375]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44375') [MISC]('https://https://projectworlds.in/') [MISC]('https://fluidattacks.com/advisories/ono')[/TD] [/TR] [TR] [TD][LEFT] projectworlds_pvt._limited -- online_art_gallery [/LEFT][/TD] [TD][LEFT]Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-44376&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-44376]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44376') [MISC]('https://https://projectworlds.in/') [MISC]('https://fluidattacks.com/advisories/ono')[/TD] [/TR] [TR] [TD][LEFT] projectworlds_pvt._limited -- online_art_gallery [/LEFT][/TD] [TD][LEFT]Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-44377&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-44377]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44377') [MISC]('https://https://projectworlds.in/') [MISC]('https://fluidattacks.com/advisories/ono')[/TD] [/TR] [TR] [TD][LEFT]apache -- http_server[/LEFT][/TD] [TD][LEFT]Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.57.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-31122&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H')[/CENTER][/TD] [TD][CVE-2023-31122]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-31122') [MISC]('https://httpd.apache.org/security/vulnerabilities_24.html') [MISC]('https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/') [MISC]('https://security.netapp.com/advisory/ntap-20231027-0011/')[/TD] [/TR] [TR] [TD][LEFT]byzoro -- smart_s85f_firmware[/LEFT][/TD] [TD][LEFT]A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5683&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-5683]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5683') [MISC]('https://github.com/yaphetszz/cve/blob/main/upload.md') [MISC]('https://vuldb.com/?ctiid.243059') [MISC]('https://vuldb.com/?id.243059')[/TD] [/TR] [TR] [TD][LEFT]byzoro -- smart_s85f_firmware[/LEFT][/TD] [TD][LEFT]A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5684&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-5684]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5684') [MISC]('https://github.com/Chef003/cve/blob/main/rce.md') [MISC]('https://vuldb.com/?ctiid.243061') [MISC]('https://vuldb.com/?id.243061')[/TD] [/TR] [TR] [TD][LEFT]calibre-ebook -- calibre[/LEFT][/TD] [TD][LEFT]link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46303&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-46303]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46303') [MISC]('https://github.com/0x1717/ssrf-via-img') [MISC]('https://github.com/kovidgoyal/calibre/compare/v6.18.1...v6.19.0')[/TD] [/TR] [TR] [TD][LEFT]codeastro -- internet_banking_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5693&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-5693]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5693') [MISC]('https://vuldb.com/?ctiid.243131') [MISC]('https://vuldb.com/?id.243131') [MISC]('https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%201.pdf')[/TD] [/TR] [TR] [TD][LEFT]color -- demoiccmax[/LEFT][/TD] [TD][LEFT]In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46602&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46602]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46602') [MISC]('https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53')[/TD] [/TR] [TR] [TD][LEFT]color -- demoiccmax[/LEFT][/TD] [TD][LEFT]In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46603&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46603]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46603') [MISC]('https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53')[/TD] [/TR] [TR] [TD][LEFT]dell -- unity_operating_environment[/LEFT][/TD] [TD][LEFT]Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43066&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-43066]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43066') [MISC]('https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities')[/TD] [/TR] [TR] [TD][LEFT]dell -- unity_operating_environment[/LEFT][/TD] [TD][LEFT]Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43074&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-43074]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43074') [MISC]('https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities')[/TD] [/TR] [TR] [TD][LEFT]edm_informatics -- e-invoice [/LEFT][/TD] [TD][LEFT]Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5443&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-5443]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5443') [MISC]('https://www.usom.gov.tr/bildirim/tr-23-0610')[/TD] [/TR] [TR] [TD][LEFT]f5 -- big-ip[/LEFT][/TD] [TD][LEFT]Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46747&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46747]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46747') [MISC]('https://my.f5.com/manage/s/article/K000137353')[/TD] [/TR] [TR] [TD][LEFT]f5 -- big-ip[/LEFT][/TD] [TD][LEFT]An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46748&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46748]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46748') [MISC]('https://my.f5.com/manage/s/article/K000137365')[/TD] [/TR] [TR] [TD][LEFT]frostming -- pdm[/LEFT][/TD] [TD][LEFT]pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious [ICODE]pdm.lock[/ICODE] file that could allow e.g., an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project [ICODE]foo[/ICODE] can be targeted by creating the project [ICODE]foo-2[/ICODE] and uploading the file [ICODE]foo-2-2.tar.gz[/ICODE] to pypi.org. PyPI will see this as project [ICODE]foo-2[/ICODE] version [ICODE]2[/ICODE], while PDM will see this as project [ICODE]foo[/ICODE] version [ICODE]2-2[/ICODE]. The version must only be [ICODE]parseable as a version[/ICODE] and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version [ICODE]2-2[/ICODE] is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in [ICODE]pyproject.toml[/ICODE] (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit [ICODE]6853e2642df[/ICODE] which is included in release version [ICODE]2.9.4[/ICODE]. Users are advised to upgrade. There are no known workarounds for this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45805&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-45805]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45805') [MISC]('https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831') [MISC]('https://github.com/frostming/unearth/blob/eca170d9370ac5032f2e497ee9b1b63823d3fe0f/src/unearth/evaluator.py#L215-L229') [MISC]('https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9') [MISC]('https://github.com/pdm-project/pdm/blob/45d1dfa47d4900c14a31b9bb761e4c46eb5c9442/src/pdm/models/candidates.py#L98-L99') [MISC]('https://peps.python.org/pep-0440/#post-release-spelling')[/TD] [/TR] [TR] [TD][LEFT]ibm -- cognos_dashboards_on_cloud_pak_for_data[/LEFT][/TD] [TD][LEFT]IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-38275&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-38275]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38275') [MISC]('https://exchange.xforce.ibmcloud.com/vulnerabilities/260735') [MISC]('https://www.ibm.com/support/pages/node/7031207')[/TD] [/TR] [TR] [TD][LEFT]ibm -- cognos_dashboards_on_cloud_pak_for_data[/LEFT][/TD] [TD][LEFT]IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-38276&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-38276]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38276') [MISC]('https://exchange.xforce.ibmcloud.com/vulnerabilities/260736') [MISC]('https://www.ibm.com/support/pages/node/7031207')[/TD] [/TR] [TR] [TD][LEFT]ibm -- security_verify_governance[/LEFT][/TD] [TD][LEFT]IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2022-22466&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2022-22466]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-22466') [MISC]('https://exchange.xforce.ibmcloud.com/vulnerabilities/225222') [MISC]('https://www.ibm.com/support/pages/node/7057377')[/TD] [/TR] [TR] [TD][LEFT]ibm -- security_verify_governance[/LEFT][/TD] [TD][LEFT]IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-33839&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-33839]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-33839') [MISC]('https://exchange.xforce.ibmcloud.com/vulnerabilities/256036') [MISC]('https://www.ibm.com/support/pages/node/7057377')[/TD] [/TR] [TR] [TD][LEFT]ibm -- security_verify_governance[/LEFT][/TD] [TD][LEFT]IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-33837&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-33837]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-33837') [MISC]('https://www.ibm.com/support/pages/node/7057377') [MISC]('https://exchange.xforce.ibmcloud.com/vulnerabilities/256020')[/TD] [/TR] [TR] [TD][LEFT]ibm -- sterling_partner_engagement_manager[/LEFT][/TD] [TD][LEFT]IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43045&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-43045]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43045') [MISC]('https://exchange.xforce.ibmcloud.com/vulnerabilities/266896') [MISC]('https://www.ibm.com/support/pages/node/7057409')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26568&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-26568]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26568') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26568')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26569&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-26569]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26569') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26569')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Unauthenticated SQL injection in the GetExcursionList method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26572&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-26572]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26572') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26572')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the SetDB method in IDAttend's IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26573&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H')[/CENTER][/TD] [TD][CVE-2023-26573]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26573') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26573')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Unauthenticated SQL injection in the GetVisitors method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26581&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-26581]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26581') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26581')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26582&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-26582]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26582') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26582')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26583&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-26583]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26583') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26583')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26584&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-26584]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26584') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26584')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Unauthenticated SQL injection in the GetRoomChanges method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27254&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-27254]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27254') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-27254')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27255&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-27255]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27255') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-27255')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27260&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-27260]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27260') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-27260')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27262&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-27262]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27262') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-27260')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Arbitrary file upload to web root in the IDAttend's IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26578&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-26578]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26578') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26578')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the StudentPopupDetails_Timetable method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26570&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-26570]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26570') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26570')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the SetStudentNotes method in IDAttend's IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26571&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-26571]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26571') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26571')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the SearchStudents method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26574&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-26574]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26574') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26574')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the SearchStudentsStaff method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26575&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-26575]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26575') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26575')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the SearchStudentsRFID method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26576&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-26576]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26576') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26576')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Unauthenticated arbitrary file read in the IDAttend's IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26580&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-26580]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26580') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26580')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the GetActiveToiletPasses method in IDAttend's IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27257&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-27257]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27257') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-27257')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the GetStudentGroupStudents method in IDAttend's IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27258&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-27258]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27258') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-27258')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the GetAssignmentsDue method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27259&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-27259]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27259') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-27259')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27375&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-27375]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27375') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-27375')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27376&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-27376]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27376') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-27376')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27377&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-27377]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27377') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-27377')[/TD] [/TR] [TR] [TD][LEFT]inohom -- home_manager_gateway [/LEFT][/TD] [TD][LEFT]Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting. This issue affects Home Manager Gateway: before v.1.27.12.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5570&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-5570]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5570') [MISC]('https://www.usom.gov.tr/bildirim/tr-23-0609')[/TD] [/TR] [TR] [TD][LEFT]langchain -- langchain[/LEFT][/TD] [TD][LEFT]In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-32785&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-32785]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-32785') [MISC]('https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f')[/TD] [/TR] [TR] [TD][LEFT]langchain -- langchain[/LEFT][/TD] [TD][LEFT]In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-32786&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-32786]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-32786') [MISC]('https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1')[/TD] [/TR] [TR] [TD][LEFT]m-files -- web_companion[/LEFT][/TD] [TD][LEFT]Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution [/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5523&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-5523]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5523') [MISC]('https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5523/')[/TD] [/TR] [TR] [TD][LEFT]modoboa -- modoboa[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5690&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-5690]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5690') [MISC]('https://huntr.com/bounties/980c75a5-d978-4b0e-9bcc-2b2682c97e01') [MISC]('https://github.com/modoboa/modoboa/commit/23e4c25511c66c0548da001236f47e19e3f9e4d9')[/TD] [/TR] [TR] [TD][LEFT]mosparo -- mosparo[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5687&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-5687]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5687') [MISC]('https://huntr.com/bounties/33f95510-cdee-460e-8e61-107874962f2d') [MISC]('https://github.com/mosparo/mosparo/commit/fb3ac528b7548beb802182310967968a21c1354a')[/TD] [/TR] [TR] [TD][LEFT]netentsec -- application_security_gateway[/LEFT][/TD] [TD][LEFT]A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243138 is the identifier assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5700&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-5700]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5700') [MISC]('https://vuldb.com/?ctiid.243138') [MISC]('https://github.com/istlnight/cve/blob/main/NS-ASG-sql-uploadiscgwrouteconf.md') [MISC]('https://vuldb.com/?id.243138')[/TD] [/TR] [TR] [TD][LEFT]netentsec -- application_security_gateway[/LEFT][/TD] [TD][LEFT]A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][7.2]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5681&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-5681]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5681') [MISC]('https://vuldb.com/?ctiid.243057') [MISC]('https://vuldb.com/?id.243057') [MISC]('https://github.com/Wsecpro/cve1/blob/main/NS-ASG-sql-list_addr_fwresource_ip.md')[/TD] [/TR] [TR] [TD][LEFT]openimageio -- openimageio[/LEFT][/TD] [TD][LEFT]An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-42295&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-42295]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42295') [MISC]('https://github.com/OpenImageIO/oiio/issues/3947')[/TD] [/TR] [TR] [TD][LEFT]pleaser -- pleaser[/LEFT][/TD] [TD][LEFT]please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46277&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46277]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46277') [MISC]('https://gitlab.com/edneville/please/-/merge_requests/69#note_1594254575') [MISC]('https://gitlab.com/edneville/please/-/issues/13') [MISC]('https://rustsec.org/advisories/RUSTSEC-2023-0066.html') [MISC]('https://github.com/rustsec/advisory-db/pull/1798')[/TD] [/TR] [TR] [TD][LEFT]projectworlds_pvt._limited -- leave_management_system_project [/LEFT][/TD] [TD][LEFT]Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-44480&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-44480]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44480') [MISC]('https://projectworlds.in/') [MISC]('https://fluidattacks.com/advisories/martin/')[/TD] [/TR] [TR] [TD][LEFT]qnap -- qusbcam2[/LEFT][/TD] [TD][LEFT]An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 ( 2023/06/15 ) and later[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-23373&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-23373]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-23373') [MISC]('https://www.qnap.com/en/security-advisory/qsa-23-43')[/TD] [/TR] [TR] [TD][LEFT]radare -- radare2[/LEFT][/TD] [TD][LEFT]Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5686&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-5686]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5686') [MISC]('https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0') [MISC]('https://github.com/radareorg/radare2/commit/1bdda93e348c160c84e30da3637acef26d0348de')[/TD] [/TR] [TR] [TD][LEFT]reconftw -- reconftw[/LEFT][/TD] [TD][LEFT]reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46117&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46117]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46117') [MISC]('https://github.com/six2dez/reconftw/commit/e639de356c0880fe5fe01a32de9d0c58afb5f086') [MISC]('https://github.com/six2dez/reconftw/security/advisories/GHSA-fxwr-vr9x-wvjp')[/TD] [/TR] [TR] [TD][LEFT]secudos -- qiata[/LEFT][/TD] [TD][LEFT]SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-40361&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-40361]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40361') [MISC]('https://github.com/vianic/CVE-2023-40361/blob/main/advisory/advisory.md')[/TD] [/TR] [TR] [TD][LEFT]silabs -- gecko_bootloader[/LEFT][/TD] [TD][LEFT]An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-3487&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-3487]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-3487') [MISC]('https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV') [MISC]('https://github.com/SiliconLabs/gecko_sdk/releases')[/TD] [/TR] [TR] [TD][LEFT]sitolog -- sitolog_application_connect[/LEFT][/TD] [TD][LEFT]Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-37824&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-37824]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-37824') [MISC]('https://security.friendsofpresta.org/modules/2023/10/11/sitologapplicationconnect.html')[/TD] [/TR] [TR] [TD][LEFT]sollace -- unicopia[/LEFT][/TD] [TD][LEFT]Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-39680&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-39680]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39680') [MISC]('https://gist.github.com/apple502j/4ab77291c98e45f4a5bf780c8eda8afa')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_image.h[/LEFT][/TD] [TD][LEFT]stb_image is a single file MIT licensed library for processing images. It may look like [ICODE]stbi__load_gif_main[/ICODE] doesn't give guarantees about the content of output value [ICODE]*delays[/ICODE] upon failure. Although it sets [ICODE]*delays[/ICODE] to zero at the beginning, it doesn't do it in case the image is not recognized as GIF and a call to [ICODE]stbi__load_gif_main_outofmem[/ICODE] only frees possibly allocated memory in [ICODE]*delays[/ICODE] without resetting it to zero. It would be fair to say the caller of [ICODE]stbi__load_gif_main[/ICODE] is responsible to free the allocated memory in [ICODE]*delays[/ICODE] only if [ICODE]stbi__load_gif_main[/ICODE] returns a non-null value. However, at the same time the function may return null value but fail to free the memory in [ICODE]*delays[/ICODE] if internally [ICODE]stbi__convert_format[/ICODE] is called and fails. The issue may lead to a memory leak if the caller chooses to free [ICODE]delays[/ICODE] only when [ICODE]stbi__load_gif_main[/ICODE] didn't fail or to a double-free if the [ICODE]delays[/ICODE] is always freed[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45666&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-45666]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45666') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_image.h[/LEFT][/TD] [TD][LEFT]stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger [ICODE]stbi__load_gif_main_outofmem[/ICODE] attempt to double-free the out variable. This happens in [ICODE]stbi__load_gif_main[/ICODE] because when the [ICODE]layers * stride[/ICODE] value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first "free", the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45664&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-45664]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45664') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993-L6995')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_image.h[/LEFT][/TD] [TD][LEFT]stb_image is a single file MIT licensed library for processing images. When [ICODE]stbi_set_flip_vertically_on_load[/ICODE] is set to [ICODE]TRUE[/ICODE] and [ICODE]req_comp[/ICODE] is set to a number that doesn't match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger [ICODE]memcpy[/ICODE] out-of-bounds read because [ICODE]bytes_per_pixel[/ICODE] used to calculate [ICODE]bytes_per_row[/ICODE] doesn't match the real image array dimensions.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][8.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45662&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H')[/CENTER][/TD] [TD][CVE-2023-45662]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45662') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1235') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_image.h[/LEFT][/TD] [TD][LEFT]stb_image is a single file MIT licensed library for processing images. If [ICODE]stbi__load_gif_main[/ICODE] in [ICODE]stbi_load_gif_from_memory[/ICODE] fails, it returns a null pointer and may keep the [ICODE]z[/ICODE] variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls [ICODE]stbi__vertical_flip_slices[/ICODE] with the null pointer result value and the uninitialized [ICODE]z[/ICODE] value. This may result in a program crash.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45667&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H')[/CENTER][/TD] [TD][CVE-2023-45667]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45667') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1442-L1454') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1448') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_image.h[/LEFT][/TD] [TD][LEFT]stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in [ICODE]stbi__gif_load_next[/ICODE]. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][7.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45661&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H')[/CENTER][/TD] [TD][CVE-2023-45661]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45661') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6817') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7021-L7022') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_vorbis.c[/LEFT][/TD] [TD][LEFT]stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in [ICODE]f->vendor[i] = get8_packet(f);[/ICODE]. The root cause is an integer overflow in [ICODE]setup_malloc[/ICODE]. A sufficiently large value in the variable [ICODE]sz[/ICODE] overflows with [ICODE]sz+7[/ICODE] in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45676&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-45676]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45676') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3656') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_vorbis.c[/LEFT][/TD] [TD][LEFT]stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in [ICODE]f->vendor[len] = (char)'\0';[/ICODE]. The root cause is that if [ICODE]len[/ICODE] read in [ICODE]start_decoder[/ICODE] is a negative number and [ICODE]setup_malloc[/ICODE] successfully allocates memory in that case, but memory write is done with a negative index [ICODE]len[/ICODE]. Similarly if len is INT_MAX the integer overflow len+1 happens in [ICODE]f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));[/ICODE] and [ICODE]f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));[/ICODE]. This issue may lead to code execution.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45677&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-45677]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45677') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3653') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3670C7-L3670C75') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L961')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_vorbis.c[/LEFT][/TD] [TD][LEFT]stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in [ICODE]start_decoder[/ICODE] because at maximum [ICODE]m->submaps[/ICODE] can be 16 but [ICODE]submap_floor[/ICODE] and [ICODE]submap_residue[/ICODE] are declared as arrays of 15 elements. This issue may lead to code execution.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45678&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-45678]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45678') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4074-L4079') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L753-L760') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_vorbis.c[/LEFT][/TD] [TD][LEFT]stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in [ICODE]start_decoder[/ICODE]. In that case the function returns early, but some of the pointers in [ICODE]f->comment_list[/ICODE] are left initialized and later [ICODE]setup_free[/ICODE] is called on these pointers in [ICODE]vorbis_deinit[/ICODE]. This issue may lead to code execution.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45679&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-45679]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45679') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_vorbis.c[/LEFT][/TD] [TD][LEFT]stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in [ICODE]start_decoder[/ICODE]. The root cause is a potential integer overflow in [ICODE]sizeof(char*) * (f->comment_list_length)[/ICODE] which may make [ICODE]setup_malloc[/ICODE] allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force [ICODE]setup_malloc[/ICODE] to return 0 and make the exploit more reliable. This issue may lead to code execution.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45681&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-45681]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45681') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_vorbis.c[/LEFT][/TD] [TD][LEFT]stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in [ICODE]DECODE[/ICODE] macro when [ICODE]var[/ICODE] is negative. As it can be seen in the definition of [ICODE]DECODE_RAW[/ICODE] a negative [ICODE]var[/ICODE] is a valid value. This issue may be used to leak internal memory allocation information.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][7.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45682&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H')[/CENTER][/TD] [TD][CVE-2023-45682]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45682') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1717-L1729') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1754-L1756') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3231')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_vorbis.c[/LEFT][/TD] [TD][LEFT]stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in [ICODE]f->vendor[len] = (char)'\0';[/ICODE]. The root cause is that if the len read in [ICODE]start_decoder[/ICODE] is [ICODE]-1[/ICODE] and [ICODE]len + 1[/ICODE] becomes 0 when passed to [ICODE]setup_malloc[/ICODE]. The [ICODE]setup_malloc[/ICODE] behaves differently when [ICODE]f->alloc.alloc_buffer[/ICODE] is pre-allocated. Instead of returning [ICODE]NULL[/ICODE] as in [ICODE]malloc[/ICODE] case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45675&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-45675]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45675') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960')[/TD] [/TR] [TR] [TD][LEFT]superwebmailer -- superwebmailer[/LEFT][/TD] [TD][LEFT]An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-38190&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-38190]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38190') [MISC]('https://herolab.usd.de/security-advisories/usd-2023-0014/') [MISC]('https://herolab.usd.de/security-advisories/')[/TD] [/TR] [TR] [TD][LEFT]superwebmailer -- superwebmailer[/LEFT][/TD] [TD][LEFT]An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-38193&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-38193]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38193') [MISC]('https://herolab.usd.de/en/security-advisories/usd-2023-0015/') [MISC]('https://herolab.usd.de/security-advisories/')[/TD] [/TR] [TR] [TD][LEFT]thingnario -- photon[/LEFT][/TD] [TD][LEFT]An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46055&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46055]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46055') [MISC]('https://gist.github.com/GroundCTL2MajorTom/eef0d55f5df77cc911d84392acdbf625')[/TD] [/TR] [TR] [TD][LEFT]tongda -- oa[/LEFT][/TD] [TD][LEFT]A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-243058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5682&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-5682]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5682') [MISC]('https://github.com/Godfather-onec/cve/blob/main/sql.md') [MISC]('https://vuldb.com/?ctiid.243058') [MISC]('https://vuldb.com/?id.243058')[/TD] [/TR] [TR] [TD][LEFT]totolink -- a3700r_firmware[/LEFT][/TD] [TD][LEFT]An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46574&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46574]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46574') [MISC]('https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46554&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46554]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46554') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/20/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46555&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46555]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46555') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/3/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46556&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46556]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46556') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/4/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46557&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46557]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46557') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/22/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46558&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46558]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46558') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/25/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46559&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46559]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46559') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/9/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46560&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46560]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46560') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/23/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46562&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46562]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46562') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/8/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46563&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46563]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46563') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/7/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46564&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46564]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46564') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/6/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46520&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46520]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46520') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/1/1.md')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46521&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46521]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46521') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/11/1.md') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46522&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46522]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46522') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/2/1.md')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46523&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46523]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46523') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/3/1.md') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46525&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46525]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46525') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/12/1.md') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46526&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46526]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46526') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/10/1.md')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46527&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46527]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46527') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/13/1.md')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46534&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46534]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46534') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/9/1.md')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46535&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46535]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46535') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/6/1.md') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46536&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46536]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46536') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/5/1.md')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46537&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46537]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46537') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/7/1.md') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46538&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46538]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46538') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/4/1.md')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wr886n_firmware[/LEFT][/TD] [TD][LEFT]TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46539&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46539]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46539') [MISC]('https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/8/1.md') [MISC]('https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165')[/TD] [/TR] [TR] [TD][LEFT]trtek_software -- education_portal[/LEFT][/TD] [TD][LEFT]Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: before 3.2023.29.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5807&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-5807]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5807') [MISC]('https://www.usom.gov.tr/bildirim/tr-23-0608')[/TD] [/TR] [TR] [TD][LEFT]vercel -- next.js[/LEFT][/TD] [TD][LEFT]Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46298&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H')[/CENTER][/TD] [TD][CVE-2023-46298]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46298') [MISC]('https://github.com/vercel/next.js/issues/45301') [MISC]('https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13') [MISC]('https://github.com/vercel/next.js/pull/54732')[/TD] [/TR] [TR] [TD][LEFT]vmware -- fusion[/LEFT][/TD] [TD][LEFT]VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-34045&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-34045]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-34045') [MISC]('https://www.vmware.com/security/advisories/VMSA-2023-0022.html')[/TD] [/TR] [TR] [TD][LEFT]vmware -- fusion[/LEFT][/TD] [TD][LEFT]VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][7]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-34046&vector=CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-34046]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-34046') [MISC]('https://www.vmware.com/security/advisories/VMSA-2023-0022.html')[/TD] [/TR] [TR] [TD][LEFT]wallix -- bastion[/LEFT][/TD] [TD][LEFT]WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46319&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-46319]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46319') [MISC]('https://www.wallix.com/support/alerts/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4668&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-4668]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4668') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/ce457c98-c55b-4b71-a80b-393eceb9effd?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2969942%40ad-inserter%2Ftags%2F2.7.31&old=2922718%40ad-inserter%2Ftrunk')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the 'zbscrmcsvimpf' parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2022-3342&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2022-3342]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3342') [MISC]('https://plugins.trac.wordpress.org/changeset/2805282/zero-bs-crm/trunk/includes/ZeroBSCRM.CSVImporter.php') [MISC]('https://plugins.trac.wordpress.org/browser/zero-bs-crm/trunk/includes/ZeroBSCRM.CSVImporter.php?rev=2790863') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/98ab264f-b210-41d0-bb6f-b4f31d933f80?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Brizy plugin for WordPress is vulnerable to authorization bypass due to an incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2020-36714&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2020-36714]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36714') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/9495e25d-a5a6-4f25-9363-783626e58a4a?source=cve') [MISC]('https://blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2020-36698&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2020-36698]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36698') [MISC]('https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-security-malware-scan-by-cleantalk-plugin/') [MISC]('https://wpscan.com/vulnerability/23960f42-dfc1-4951-9169-02d889283f01') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb9b039-eb04-4c27-89eb-1932c9c31962?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2022-4290&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2022-4290]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-4290') [MISC]('https://plugins.trac.wordpress.org/browser/cyr3lat/trunk/cyr-to-lat.php?rev=1117224#L69') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c29130-1b42-4edd-ad62-6f635e03ae31?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4999&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-4999]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4999') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/bf50922a-58a6-4ca4-80b7-cafb37b87216?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/horizontal-scrolling-announcement/trunk/horizontal-scrolling-announcement.php#L79')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4488&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-4488]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4488') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/647a2f27-092a-4db1-932d-87ae8c2efcca?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/UsosGenerales/js/editor-view.php?rev=2904670')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][7.2]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5414&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-5414]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5414') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcd-e85eb9219689?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/includes/classes/class-email-subscribers-logs.php?rev=2919465#L28') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977318%40email-subscribers%2Ftrunk&old=2972043%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=#file4')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2022-2441&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2022-2441]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-2441') [MISC]('https://github.com/orangelabweb/imagemagick-engine/blob/v.1.7.2/imagemagick-engine.php#L529') [MISC]('https://www.exploit-db.com/exploits/51025') [MISC]('https://github.com/orangelabweb/imagemagick-engine/blob/1.7.4/imagemagick-engine.php#L529') [MISC]('https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2441') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2801283%40imagemagick-engine%2Ftrunk&old=2732430%40imagemagick-engine%2Ftrunk&sfp_email=&sfph_mail=') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/b1f17a83-1df0-44fe-bd86-243cff6ec91b?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin td> [TD][CENTER]2023-10-21[/CENTER][/LEFT][/TD][LEFT] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46078&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46078]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46078') [MISC]('https://patchstack.com/database/vulnerability/wc-serial-numbers/wordpress-serial-numbers-for-woocommerce-license-manager-plugin-1-6-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4920&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-4920]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4920') [MISC]('https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/index.php?contextall=1&old=2968292&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Findex.php') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/58d25eeb-b12c-4850-8308-eaa30982b5a8?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/index.php#L805')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin td> [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46067&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-46067]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46067') [MISC]('https://patchstack.com/database/vulnerability/rocket-font/wordpress-rocket-font-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2021-4334&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2021-4334]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-4334') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=cve') [MISC]('https://support.fancyproductdesigner.com/support/discussions/topics/13000029981')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Simple:Press - WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2020-36706&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2020-36706]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36706') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=cve') [MISC]('https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-simple-press-wordpress-forum-arbitrary-file-upload-6-6-0/') [MISC]('https://blog.nintechnet.com/wordpress-simplepress-plugin-fixed-critical-vulnerabilities/') [MISC]('https://wpscan.com/vulnerability/27d4a8a5-9d81-4b42-92be-3f7d1ef22843')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][7.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5132&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-5132]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5132') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/d3c997cd-37b4-4b9c-b99e-397be484aa36?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/soisy-pagamento-rateale/trunk/public/class-soisy-pagamento-rateale-public.php#L465')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][8.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4386&vector=CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-4386]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4386') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4402&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-4402]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4402') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/Product.php?rev=2950425#L49')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][9.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5576&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-5576]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5576') [MISC]('https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.91/includes/customclass/client_secrets.json') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/4658109d-295c-4a1b-b219-ca1f4664ff1d?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset/2977863/')[/TD] [/TR] [TR] [TD][LEFT]zscaler -- client_connector[/LEFT][/TD] [TD][LEFT]An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-28805&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-28805]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-28805') [MISC]('https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023')[/TD] [/TR] [TR] [TD][LEFT]zscaler -- client_connector[/LEFT][/TD] [TD][LEFT]The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2021-26735&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2021-26735]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-26735') [MISC]('https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021')[/TD] [/TR] [TR] [TD][LEFT]zscaler -- client_connector[/LEFT][/TD] [TD][LEFT]Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2021-26736&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2021-26736]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-26736') [MISC]('https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021')[/TD] [/TR] [TR] [TD][LEFT]zscaler -- client_connector[/LEFT][/TD] [TD][LEFT]Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2021-26738&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2021-26738]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-26738') [MISC]('https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.7&deployment_date=2022-08-19&id=1414851')[/TD] [/TR] [TR] [TD][LEFT]zscaler -- client_connector[/LEFT][/TD] [TD][LEFT]Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-28793&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-28793]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-28793') [MISC]('https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19')[/TD] [/TR] [TR] [TD][LEFT]zscaler -- client_connector[/LEFT][/TD] [TD][LEFT]Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-28795&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-28795]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-28795') [MISC]('https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19')[/TD] [/TR] [TR] [TD][LEFT]zscaler -- client_connector[/LEFT][/TD] [TD][LEFT]Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-28796&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-28796]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-28796') [MISC]('https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19')[/TD] [/TR] [TR] [TD][LEFT]zscaler -- client_connector[/LEFT][/TD] [TD][LEFT]Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][7.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-28797&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-28797]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-28797') [MISC]('https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022')[/TD] [/TR] [TR] [TD][LEFT]zzzcms -- zzzcms[/LEFT][/TD] [TD][LEFT]File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][9.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45554&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-45554]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45554') [MISC]('https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md')[/TD] [/TR] [TR] [TD][LEFT]zzzcms -- zzzcms[/LEFT][/TD] [TD][LEFT]File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][7.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45555&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-45555]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45555') [MISC]('https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md')[/TD] [/TR][/LEFT][/TD] [/LEFT][/TD] [/TABLE][/CENTER] [TD][LEFT][TD][LEFT] [Back to top]('https://www.cisa.gov/uscert/ncas/#top') [/LEFT][/TD] [/LEFT][/TD] [TD][TD][LEFT]

Medium Vulnerabilities

[CENTER][TABLE] [TR] [TH]Primary Vendor -- Product[/TH] [TH]Description[/TH] [TH]Published[/TH] [TH]CVSS Score[/TH] [TH]Source & Patch Info[/TH] [/TR] [TR] [TD][LEFT]apache -- airflow[/LEFT][/TD] [TD][LEFT]Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2). Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46288&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-46288]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46288') [MISC]('https://github.com/apache/airflow/pull/32261') [MISC]('https://lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw')[/TD] [/TR] [TR] [TD][LEFT]apache -- santuario_xml_security_for_java[/LEFT][/TD] [TD][LEFT]All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][6.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-44483&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-44483]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44483') [MISC]('https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/20/5')[/TD] [/TR] [TR] [TD][LEFT]cmsmadesimple -- cmsmadesimple[/LEFT][/TD] [TD][LEFT]Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43353&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-43353]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43353') [MISC]('https://github.com/sromanhu/CVE-2023-43353-CMSmadesimple-Stored-XSS---News---Extra')[/TD] [/TR] [TR] [TD][LEFT]cmsmadesimple -- cmsmadesimple[/LEFT][/TD] [TD][LEFT]Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43354&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-43354]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43354') [MISC]('https://github.com/sromanhu/CVE-2023-43354-CMSmadesimple-Stored-XSS---MicroTIny-extension')[/TD] [/TR] [TR] [TD][LEFT]cmsmadesimple -- cmsmadesimple[/LEFT][/TD] [TD][LEFT]Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43355&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-43355]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43355') [MISC]('https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user') [MISC]('https://github.com/sromanhu/CMSmadesimple-Reflected-XSS---Add-user')[/TD] [/TR] [TR] [TD][LEFT]cmsmadesimple -- cmsmadesimple[/LEFT][/TD] [TD][LEFT]Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43356&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-43356]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43356') [MISC]('https://github.com/sromanhu/CVE-2023-43356-CMSmadesimple-Stored-XSS---Global-Settings')[/TD] [/TR] [TR] [TD][LEFT]cmsmadesimple -- cmsmadesimple[/LEFT][/TD] [TD][LEFT]Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43357&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-43357]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43357') [MISC]('https://github.com/sromanhu/CVE-2023-43357-CMSmadesimple-Stored-XSS---Shortcut')[/TD] [/TR] [TR] [TD][LEFT]codeastro -- internet_banking_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5694&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5694]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5694') [MISC]('https://vuldb.com/?ctiid.243132') [MISC]('https://vuldb.com/?id.243132') [MISC]('https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%202.pdf')[/TD] [/TR] [TR] [TD][LEFT]codeastro -- internet_banking_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25alert(9860) leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5695&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5695]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5695') [MISC]('https://vuldb.com/?ctiid.243133') [MISC]('https://vuldb.com/?id.243133') [MISC]('https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%203.pdf')[/TD] [/TR] [TR] [TD][LEFT]codeastro -- internet_banking_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input 357146928-->alert(9206)alert(1234)alert(9523)-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243136.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5698&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5698]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5698') [MISC]('https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%206.pdf') [MISC]('https://vuldb.com/?ctiid.243136') [MISC]('https://vuldb.com/?id.243136')[/TD] [/TR] [TR] [TD][LEFT]codeastro -- internet_banking_system[/LEFT][/TD] [TD][LEFT]A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pages_view_client.php. The manipulation of the argument acc_name with the input Johnnie Reyes'"()&% leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243137 was assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5699&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5699]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5699') [MISC]('https://vuldb.com/?ctiid.243137') [MISC]('https://vuldb.com/?id.243137') [MISC]('https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%207.pdf')[/TD] [/TR] [TR] [TD][LEFT]dell -- unity_operating_environment[/LEFT][/TD] [TD][LEFT]Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][6.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43067&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-43067]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43067') [MISC]('https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities')[/TD] [/TR] [TR] [TD][LEFT]dell -- unity_operating_environment[/LEFT][/TD] [TD][LEFT]Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43065&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-43065]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43065') [MISC]('https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities')[/TD] [/TR] [TR] [TD][LEFT]enhancesoft -- osticket[/LEFT][/TD] [TD][LEFT]A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27148&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-27148]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27148') [MISC]('https://www.esecforte.com/cve-2023-27148-osticket_xss/')[/TD] [/TR] [TR] [TD][LEFT]enhancesoft -- osticket[/LEFT][/TD] [TD][LEFT]A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27149&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-27149]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27149') [MISC]('https://www.esecforte.com/cve-2023-27149-osticket_xss/')[/TD] [/TR] [TR] [TD][LEFT]home-assistant -- home-assistant[/LEFT][/TD] [TD][LEFT]Home assistant is an open source home automation. The audit team's analyses confirmed that the [ICODE]redirect_uri[/ICODE] and [ICODE]client_id[/ICODE] are alterable when logging in. Consequently, the code parameter utilized to fetch the [ICODE]access_token[/ICODE] post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and [ICODE]homeassistant.local[/ICODE] represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim's [ICODE]access_token[/ICODE] the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a [ICODE]redirect_uri[/ICODE] that they control to the victim's own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in [ICODE]redirect_uri[/ICODE], which can then be leveraged to fetch an [ICODE]access_token[/ICODE]. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to [ICODE]homeassistant.local[/ICODE], which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-41893&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-41893]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41893') [MISC]('https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/') [MISC]('https://github.com/home-assistant/core/security/advisories/GHSA-qhhj-7hrc-gqj5')[/TD] [/TR] [TR] [TD][LEFT]home-assistant -- home-assistant[/LEFT][/TD] [TD][LEFT]Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the [ICODE]*.ui.nabu.casa[/ICODE] URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-41894&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-41894]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41894') [MISC]('https://github.com/home-assistant/core/security/advisories/GHSA-wx3j-3v2j-rf45') [MISC]('https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/')[/TD] [/TR] [TR] [TD][LEFT]i-doit -- i-doit[/LEFT][/TD] [TD][LEFT]I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46003&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-46003]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46003') [MISC]('https://www.i-doit.com/') [MISC]('https://medium.com/@ray.999/stored-xss-in-i-doit-pro-25-and-below-cve-2023-46003-17fb8d6fe2e9') [MISC]('https://github.com/leekenghwa/CVE-2023-46003')[/TD] [/TR] [TR] [TD][LEFT]ibm -- cognos_dashboards_on_cloud_pak_for_data[/LEFT][/TD] [TD][LEFT]IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER][6.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-38735&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-38735]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38735') [MISC]('https://www.ibm.com/support/pages/node/7031207') [MISC]('https://exchange.xforce.ibmcloud.com/vulnerabilities/262482')[/TD] [/TR] [TR] [TD][LEFT]ibm -- security_verify_governance[/LEFT][/TD] [TD][LEFT]IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-33840&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-33840]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-33840') [MISC]('https://exchange.xforce.ibmcloud.com/vulnerabilities/256037') [MISC]('https://www.ibm.com/support/pages/node/7057377')[/TD] [/TR] [TR] [TD][LEFT]ibm -- sterling_partner_engagement_manager[/LEFT][/TD] [TD][LEFT]IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-38722&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-38722]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38722') [MISC]('https://www.ibm.com/support/pages/node/7057407') [MISC]('https://exchange.xforce.ibmcloud.com/vulnerabilities/262174')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the DeleteAssignments method in IDAttend's IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][6.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27261&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L')[/CENTER][/TD] [TD][CVE-2023-27261]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27261') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-27261')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Stored cross-site scripting in the IDAttend's IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26577&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-26577]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26577') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26577')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the DeleteStaff method in IDAttend's IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][5.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-26579&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-26579]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26579') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-26579')[/TD] [/TR] [TR] [TD][LEFT]idattend -- idweb[/LEFT][/TD] [TD][LEFT]Missing authentication in the GetLogFiles method in IDAttend's IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][5.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-27256&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-27256]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27256') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-27256')[/TD] [/TR] [TR] [TD][LEFT]kaibutsunosato -- kaibutsunosato[/LEFT][/TD] [TD][LEFT]The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-39731&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-39731]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39731') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39731.md') [MISC]('https://liff.line.me/1657662489-pwEQNzJ4')[/TD] [/TR] [TR] [TD][LEFT]m-files -- classic_web[/LEFT][/TD] [TD][LEFT]Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-2325&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-2325]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-2325') [MISC]('https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2325/')[/TD] [/TR] [TR] [TD][LEFT]modoboa -- modoboa[/LEFT][/TD] [TD][LEFT]Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5688&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5688]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5688') [MISC]('https://huntr.com/bounties/0ceb10e4-952b-4ca4-baf8-5b6f12e3a8a7') [MISC]('https://github.com/modoboa/modoboa/commit/d33d3cd2d11dbfebd8162c46e2c2a9873919a967')[/TD] [/TR] [TR] [TD][LEFT]modoboa -- modoboa[/LEFT][/TD] [TD][LEFT]Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5689&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5689]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5689') [MISC]('https://github.com/modoboa/modoboa/commit/d33d3cd2d11dbfebd8162c46e2c2a9873919a967') [MISC]('https://huntr.com/bounties/24835833-3421-412b-bafb-1b7ea3cf60e6')[/TD] [/TR] [TR] [TD][LEFT]nagvis -- nagvis[/LEFT][/TD] [TD][LEFT]XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46287&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-46287]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46287') [MISC]('https://github.com/NagVis/nagvis/compare/nagvis-1.9.37...nagvis-1.9.38') [MISC]('https://github.com/NagVis/nagvis/pull/356') [MISC]('https://github.com/NagVis/nagvis/pull/356/commits/d660591b23e5cfea4d1be2d3fb8f3855aa6020fb')[/TD] [/TR] [TR] [TD][LEFT]opensolution -- quick_cms[/LEFT][/TD] [TD][LEFT]Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-43346&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-43346]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43346') [MISC]('https://github.com/sromanhu/Quick-CMS-Stored-XSS---Languages-Backend') [MISC]('https://github.com/sromanhu/CVE-2023-43346-Quick-CMS-Stored-XSS---Languages-Backend')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_image.h[/LEFT][/TD] [TD][LEFT]stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the [ICODE]stbi__hdr_load[/ICODE] function and in the [ICODE]stbi__tga_load[/ICODE] function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][5.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45663&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-45663]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45663') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L5936C10-L5936C20') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7221') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1664') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/')[/TD] [/TR] [TR] [TD][LEFT]stb_vorbis.c -- stb_vorbis.c[/LEFT][/TD] [TD][LEFT]stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in [ICODE]start_decoder[/ICODE]. In that case the function returns early, the [ICODE]f->comment_list[/ICODE] is set to [ICODE]NULL[/ICODE], but [ICODE]f->comment_list_length[/ICODE] is not reset. Later in [ICODE]vorbis_deinit[/ICODE] it tries to dereference the [ICODE]NULL[/ICODE] pointer. This issue may lead to denial of service.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][5.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45680&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H')[/CENTER][/TD] [TD][CVE-2023-45680]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45680') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3666') [MISC]('https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215') [MISC]('https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/')[/TD] [/TR] [TR] [TD][LEFT]superwebmailer -- superwebmailer[/LEFT][/TD] [TD][LEFT]An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-38191&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-38191]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38191') [MISC]('https://herolab.usd.de/security-advisories/') [MISC]('https://herolab.usd.de/security-advisories/usd-2023-0012/')[/TD] [/TR] [TR] [TD][LEFT]superwebmailer -- superwebmailer[/LEFT][/TD] [TD][LEFT]An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-38192&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-38192]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38192') [MISC]('https://herolab.usd.de/security-advisories/') [MISC]('https://herolab.usd.de/security-advisories/usd-2023-0011/')[/TD] [/TR] [TR] [TD][LEFT]superwebmailer -- superwebmailer[/LEFT][/TD] [TD][LEFT]An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-38194&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-38194]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38194') [MISC]('https://herolab.usd.de/security-advisories/') [MISC]('https://herolab.usd.de/security-advisories/usd-2023-0013/')[/TD] [/TR] [TR] [TD][LEFT]tauri -- tauri[/LEFT][/TD] [TD][LEFT]Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the [ICODE]Vite guide[/ICODE] to showcase how to use Tauri together with Vite. Copying the following snippet [ICODE]envPrefix: ['VITE_', 'TAURI_'],[/ICODE] from this guide into the [ICODE]vite.config.ts[/ICODE] of a Tauri project leads to bundling the [ICODE]TAURI_PRIVATE_KEY[/ICODE] and [ICODE]TAURI_KEY_PASSWORD[/ICODE] into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the [ICODE]envPrefix: ['VITE_'],[/ICODE] or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with [ICODE]tauri signer generate[/ICODE], saving the new private key and updating the updater's [ICODE]pubkey[/ICODE] value on [ICODE]tauri.conf.json[/ICODE] with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46115&vector=CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-46115]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46115') [MISC]('https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259') [MISC]('https://tauri.app/v1/guides/getting-started/setup/vite/')[/TD] [/TR] [TR] [TD][LEFT]vmware -- workstation[/LEFT][/TD] [TD][LEFT]VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][6]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-34044&vector=CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-34044]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-34044') [MISC]('https://www.vmware.com/security/advisories/VMSA-2023-0022.html')[/TD] [/TR] [TR] [TD][LEFT]vnote_project -- vnote[/LEFT][/TD] [TD][LEFT]A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input Click here leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5701&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5701]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5701') [MISC]('https://github.com/victorootnice/victorootnice.github.io/blob/main/2023/bbp-01.md') [MISC]('https://vuldb.com/?ctiid.243139') [MISC]('https://vuldb.com/?id.243139')[/TD] [/TR] [TR] [TD][LEFT]wbce -- wbce_cms[/LEFT][/TD] [TD][LEFT]Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-46054&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-46054]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46054') [MISC]('https://github.com/aaanz/aaanz.github.io/blob/master/XSS.md')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2022-3622&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2022-3622]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3622') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/blog2social/tags/6.9.10/includes/B2S/Settings/Item.php#L116') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2795052%40blog2social&new=2795052%40blog2social&sfp_email=&sfph_mail=') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2796598%40blog2social&new=2796598%40blog2social&sfp_email=&sfph_mail=')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin td> [TD][CENTER]2023-10-25[/CENTER][/LEFT][/TD][LEFT] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45769&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45769]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45769') [MISC]('https://patchstack.com/database/vulnerability/wp-report-post/wordpress-wp-report-post-plugin-2-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Amministrazione Trasparente plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45758&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45758]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45758') [MISC]('https://patchstack.com/database/vulnerability/amministrazione-trasparente/wordpress-amministrazione-trasparente-plugin-8-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5205&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5205]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5205') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/9841b57b-b869-4282-8781-60538f6f269f?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/add-custom-body-class/trunk/add-custom-body-class.php#L32')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45644&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45644]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45644') [MISC]('https://patchstack.com/database/vulnerability/cpt-shortcode/wordpress-cpt-shortcode-generator-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Biztechc Copy or Move Comments plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45634&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45634]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45634') [MISC]('https://patchstack.com/database/vulnerability/copy-or-move-comments/wordpress-copy-or-move-comments-plugin-5-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-3996&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-3996]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-3996') [MISC]('https://www.armemberplugin.com') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2905086%40armember-membership%2Ftrunk&old=2885708%40armember-membership%2Ftrunk&sfp_email=&sfph_mail=') [MISC]('https://plugins.svn.wordpress.org/armember-membership/tags/4.0.2/readme.md') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/c1022ac4-869e-415a-a7c8-3650421608ea?source=cve') [MISC]('https://plugins.svn.wordpress.org/armember-membership/tags/4.0.2/readme.txt')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4796&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-4796]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4796') [MISC]('https://plugins.trac.wordpress.org/changeset/2966325/woocommerce-jetpack#file1') [MISC]('https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/tags/7.1.0/includes/shortcodes/class-wcj-general-shortcodes.php#L450') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/a4cd49b2-ff93-4582-906b-b690d8472c38?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BuddyBoss BuddyPress Global Search plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45755&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45755]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45755') [MISC]('https://patchstack.com/database/vulnerability/buddypress-global-search/wordpress-buddypress-global-search-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2022-4712&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2022-4712]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-4712') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd9cbba-10b0-4fb0-ad49-4593a307a615?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/wp-cerber/trunk/admin/cerber-dashboard.php?rev=2721561#L1338')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2020-36759&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2020-36759]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36759') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368332%40insert-php&new=2368332%40insert-php&sfp_email=&sfph_mail=') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/') [MISC]('https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/') [MISC]('https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/e573c0a4-d053-400b-828c-0d0eca880776?source=cve') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'psres_button_size' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4271&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4271]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4271') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc98896-6ff9-40de-ace2-2ca331c2a44a?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset/2831424/photospace-responsive/trunk/includes/class-photospace-responsive-gallery.php?contextall=1&old=2544748&old_path=%2Fphotospace-responsive%2Ftrunk%2Fincludes%2Fclass-photospace-responsive-gallery.php') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2966110%40photospace-responsive%2Ftrunk&old=2875667%40photospace-responsive%2Ftrunk&sfp_email=&sfph_mail=')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45770&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45770]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45770') [MISC]('https://patchstack.com/database/vulnerability/fast-wp-speed/wordpress-fast-wp-speed-plugin-1-0-0-reflected-cross-site-scripting-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5668&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5668]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5668') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/77911b0f-c028-49ae-b85e-15909d806e30?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/whatsapp/tags/1.0.1/class-frontend.php#L46')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5200&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5200]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5200') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/31d6288d-87f0-4822-b3f4-541f70cf99fd?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset/2966821/flowpaper-lite-pdf-flipbook') [MISC]('https://plugins.trac.wordpress.org/browser/flowpaper-lite-pdf-flipbook/trunk/flowpaper.php?rev=2959754#L395')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Scroll post excerpt plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45764&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45764]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45764') [MISC]('https://patchstack.com/database/vulnerability/scroll-post-excerpt/wordpress-scroll-post-excerpt-plugin-8-0-cross-site-scripting-xss?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4648&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4648]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4648') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/f81950be-de32-4fa1-94fe-42667414fe2d?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset/2965658/wp-customer-reviews/trunk?contextall=1&old=2882143&old_path=%2Fwp-customer-reviews%2Ftrunk')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-3869&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-3869]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-3869') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/b30ac1b0-eae2-4194-bf8e-ae73b4236965?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/wpdiscuz/trunk/utils/class.WpdiscuzHelperAjax.php#L681')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-3998&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-3998]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-3998') [MISC]('https://plugins.trac.wordpress.org/browser/wpdiscuz/trunk/utils/class.WpdiscuzHelperAjax.php#L886') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/9d09bdab-ffab-44cc-bba2-821b21a8e343?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in HappyBox Newsletter & Bulk Email Sender - Email Newsletter Plugin for WordPress plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45829&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45829]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45829') [MISC]('https://patchstack.com/database/vulnerability/newsletter-bulk-email/wordpress-newsletter-bulk-email-sender-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Henryholtgeerts PDF Block plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45646&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45646]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45646') [MISC]('https://patchstack.com/database/vulnerability/pdf-block/wordpress-pdf-block-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45754&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45754]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45754') [MISC]('https://patchstack.com/database/vulnerability/easy-testimonial-rotator/wordpress-easy-testimonial-slider-and-form-plugin-1-0-18-cross-site-scripting-xss?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [ICODE]iframe[/ICODE] shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 4.6 and fully patched in version 4.7.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4919&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4919]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4919') [MISC]('https://plugins.trac.wordpress.org/browser/iframe/tags/4.5/iframe.php#L40') [MISC]('https://plugins.trac.wordpress.org/browser/iframe/tags/4.5/iframe.php#L28') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/3706deed-55f2-4dfb-bfed-7a14872cd15a?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset/2970787/iframe#file4')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The WP Mailto Links - Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 3.1.3 and fully patched in version 3.1.4.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5109&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5109]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5109') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/ec882062-0059-47ca-a007-3347e7adb70b?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/wp-mailto-links/tags/3.1.2/core/includes/classes/class-wp-mailto-links-validate.php#L582')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2020-36751&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2020-36751]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36751') [MISC]('https://plugins.trac.wordpress.org/changeset/2368658/coupon-creator/tags/2.5.2.1/plugin-engine/src/Pngx/Admin/Meta.php') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/') [MISC]('https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/') [MISC]('https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/ab57f010-4fd2-40c2-950f-c03888521c8f?source=cve') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii Sendle Shipping Plugin plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45761&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45761]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45761') [MISC]('https://patchstack.com/database/vulnerability/official-sendle-shipping-method/wordpress-sendle-shipping-plugin-5-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Copy Anything to Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5086&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5086]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5086') [MISC]('https://plugins.trac.wordpress.org/changeset/2969441/copy-the-code#file1') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/e834a211-ccc8-4a30-a15d-879ba34184e9?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/copy-the-code/tags/2.6.4/classes/class-copy-the-code-shortcode.php#L83')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime - Events Calendar, Bookings and Tickets plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45637&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45637]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45637') [MISC]('https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4482&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4482]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4482') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2961861%40amazon-auto-links%2Ftrunk&old=2896127%40amazon-auto-links%2Ftrunk&sfp_email=&sfph_mail=') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2022-4943&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2022-4943]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-4943') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/7267ede1-7745-47cc-ac0d-4362140b4c23?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2842228%40miniorange-2-factor-authentication%2Ftrunk&old=2815645%40miniorange-2-factor-authentication%2Ftrunk&sfp_email=&sfph_mail=')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-21[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4635&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4635]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4635') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/115ad0b2-febe-485a-8fb5-9bd6edc37ef7?source=cve') [MISC]('https://github.com/xsn1210/vul/blob/main/xss%5BEventON%5D%20.md')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-3962&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-3962]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-3962') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/6f8b75a1-f0f2-445b-a1c7-1628916470d3?source=cve') [MISC]('https://github.com/BlackFan/client-side-prototype-pollution')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2020-36754&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2020-36754]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36754') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368689%40paid-memberships-pro&new=2368689%40paid-memberships-pro&sfp_email=&sfph_mail=') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/d74553a4-0ef7-4908-a2e8-5e0216f7b256?source=cve') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/') [MISC]('https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/') [MISC]('https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2022-4954&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2022-4954]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-4954') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef5b0de-0b8b-4286-86ea-6dca0dbc1a52?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/waiting/trunk/waiting.php?rev=2826039')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5614&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5614]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5614') [MISC]('https://plugins.trac.wordpress.org/browser/theme-switcha/tags/3.3/inc/plugin-core.php#L445') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0937fe-3ea6-427a-aef7-539c08687abb?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset/2979783/theme-switcha#file1')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4923&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4923]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4923') [MISC]('https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L344') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/7a4db03d-ec40-4145-aa95-fee78bda5205?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4924&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4924]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4924') [MISC]('https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L344') [MISC]('https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/7dfd0246-4265-4dde-8a1e-18b7042eae74?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4926&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4926]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4926') [MISC]('https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulk/bulk.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulk%2Fbulk.php') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/ab633506-63a1-4be1-b402-c7f0bcc4ea7a?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulk/bulk.php#L159')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4935&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4935]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4935') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/639f3941-7783-4500-aca4-5e8155db6460?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/classes/models/profiles.php#L191') [MISC]('https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/classes/models/profiles.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fclasses%2Fmodels%2Fprofiles.php')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4937&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4937]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4937') [MISC]('https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L286') [MISC]('https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/40bf51bf-efb2-4504-815b-4681d1078f77?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4940&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4940]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4940') [MISC]('https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L521') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/31c5e524-ef4d-48c7-baa0-595f8060a167?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4941&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4941]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4941') [MISC]('https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L521') [MISC]('https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/bc20f303-cac3-4517-9c45-153c410a13af?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4942&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4942]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4942') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/26d8b75b-befa-4c6a-b072-0da44e437174?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L719') [MISC]('https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4943&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4943]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4943') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/2d10475f-83dd-4e59-83e4-aeaa72a22b96?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php#L719') [MISC]('https://plugins.trac.wordpress.org/changeset/2970262/woo-bulk-editor/trunk/ext/bulkoperations/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4961&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4961]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4961') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/778af777-4c98-45cd-9704-1bdc96054aa7?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset/2968210/poptin#file2') [MISC]('https://plugins.trac.wordpress.org/browser/poptin/tags/1.3/poptin.php#L659')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45750&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45750]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45750') [MISC]('https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2020-36755&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2020-36755]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36755') [MISC]('https://themes.trac.wordpress.org/browser/customizr/4.3.1/core/czr-admin-ccat.php?rev=135570#L1764') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/d9f6b600-a35a-49c2-8758-a7cc5c00e947?source=cve') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/') [MISC]('https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/') [MISC]('https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2020-36753&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2020-36753]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36753') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/') [MISC]('https://themes.trac.wordpress.org/browser/hueman/3.6.4/option-tree/includes/class-ot-meta-box.php#L207') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/') [MISC]('https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/') [MISC]('https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/d54b4dc9-8590-433c-873a-efb49e2e79cd?source=cve') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5618&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5618]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5618') [MISC]('https://plugins.trac.wordpress.org/changeset/2980695/modern-footnotes') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/c20c674f-54b5-470f-b470-07a63501eb4d?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify plugin settings, including retrieving arbitrary order information or creating/updating/deleting products, orders, or other sensitive information not associated with their own account.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][6.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2021-4335&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L')[/CENTER][/TD] [TD][CVE-2021-4335]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-4335') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/644624d8-c193-4ee6-bc82-7ccda5d7f2ac?source=cve') [MISC]('https://support.fancyproductdesigner.com/support/discussions/topics/13000029981')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5615&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5615]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5615') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/914bcc8f-fecd-450e-b2a7-0989b7a0dd4c?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/skype-online-status/tags/3.1/skype-classes.php#L316')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2021-4353&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N')[/CENTER][/TD] [TD][CVE-2021-4353]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-4353') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=cve') [MISC]('https://blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-3965&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-3965]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-3965') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/5909513d-8877-40ff-bee9-d565141b7ed2?source=cve') [MISC]('https://github.com/BlackFan/client-side-prototype-pollution')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Proofreading plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45772&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45772]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45772') [MISC]('https://patchstack.com/database/vulnerability/proofreading/wordpress-proofreading-plugin-1-0-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5308&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5308]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5308') [MISC]('https://plugins.trac.wordpress.org/browser/podcast-subscribe-buttons/tags/1.4.8/template-parts/inline-button.php#L30') [MISC]('https://plugins.trac.wordpress.org/changeset/2973904/podcast-subscribe-buttons#file529') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/17dbfb82-e380-464a-bfaf-2d0f6bf07f25?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to change the stripe connect token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4975&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4975]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4975') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/2cb5370f-14aa-445d-bda3-62a0dd068fc5?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/coming-soon/trunk/resources/views/builder.php#L164') [MISC]('https://plugins.trac.wordpress.org/changeset/2968455/coming-soon/trunk/resources/views/builder.php')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5071&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5071]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5071') [MISC]('https://plugins.trac.wordpress.org/changeset/2970788/sitekit') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/011c8a06-298e-4a53-9ef8-552585426d79?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/sitekit/trunk/inc/sitekit-shortcode-iframe.php#L3')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline - Application Form Builder and Manager plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45756&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45756]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45756') [MISC]('https://patchstack.com/database/vulnerability/apply-online/wordpress-applyonline-application-form-builder-and-manager-plugin-2-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephanie Leary Next Page plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45768&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45768]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45768') [MISC]('https://patchstack.com/database/vulnerability/next-page/wordpress-next-page-plugin-1-5-2-cross-site-scripting-xss?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed Balkhi WP Lightbox 2 plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45747&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45747]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45747') [MISC]('https://patchstack.com/database/vulnerability/wp-lightbox-2/wordpress-wp-lightbox-2-plugin-3-0-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2020-36758&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2020-36758]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-36758') [MISC]('https://plugins.trac.wordpress.org/changeset/2369394/feedzy-rss-feeds/trunk/includes/admin/feedzy-rss-feeds-admin.php') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/') [MISC]('https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/') [MISC]('https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/e3b916dc-3b94-4319-a805-0ea99d14429f?source=cve') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][5.4]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5613&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5613]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5613') [MISC]('https://plugins.trac.wordpress.org/browser/super-testimonial/tags/2.8/tp-testimonials.php#L214') [MISC]('https://plugins.trac.wordpress.org/changeset/2979378/super-testimonial#file9') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/52659f1c-642e-4c88-b3d0-d5c5a206b11c?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][6.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5070&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-5070]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5070') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e43c5b-a094-44ab-a8a3-52d437f0e00d?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset/2975574/ultimate-social-media-icons/tags/2.8.6/libs/controllers/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4021&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4021]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4021') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/f213fb42-5bab-4017-80ea-ce6543031af2?source=cve') [MISC]('https://webnus.net/modern-events-calendar/change-log/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][6.1]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-3933&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-3933]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-3933') [MISC]('https://github.com/BlackFan/client-side-prototype-pollution') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/c738e051-ad1c-4115-94d3-127dd5dff935?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wokamoto Simple Tweet plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-45767&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-45767]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45767') [MISC]('https://patchstack.com/database/vulnerability/simple-tweet/wordpress-simple-tweet-plugin-1-4-0-2-cross-site-scripting-xss?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][6.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4598&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N')[/CENTER][/TD] [TD][CVE-2023-4598]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4598') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/07c0f5a5-3455-4f06-b481-f4d678309c50?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.0.8/admin/view/wp-slimstat-db.php#L970')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4968&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4968]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4968') [MISC]('https://plugins.trac.wordpress.org/changeset/2976774/wplegalpages/trunk/public/class-wp-legal-pages-public.php#file0') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/wplegalpages/tags/2.9.2/public/class-wp-legal-pages-public.php#L150')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2021-4418&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2021-4418]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-4418') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/') [MISC]('https://plugins.trac.wordpress.org/browser/custom-css-js-php/trunk/modules/code/model.code.php#L85') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/d21dc02f-789c-497e-9d01-02fa49bf9e30?source=cve') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/') [MISC]('https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/') [MISC]('https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/') [MISC]('https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update EAN numbers for orders.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4947&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-4947]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4947') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/2760b183-3c15-4f0e-b72f-7c0333f9d4b6?source=cve') [MISC]('https://plugins.yanco.dk/product/woocommerce-ean-payment-gateway/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][6.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-4274&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H')[/CENTER][/TD] [TD][CVE-2023-4274]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4274') [MISC]('https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/class-wpvivid-setting.php#L200') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER][4.8]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-5120&vector=CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-5120]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5120') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/320f4260-20c2-4f27-91ba-d2488b417f62?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/upload-cleaner/class-wpvivid-uploads-cleaner.php#L161')[/TD] [/TR] [TR] [TD][LEFT]zscaler -- client_connector[/LEFT][/TD] [TD][LEFT]An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][6.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-28803&vector=CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N')[/CENTER][/TD] [TD][CVE-2023-28803]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-28803') [MISC]('https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023')[/TD] [/TR] [TR] [TD][LEFT]zscaler -- client_connector[/LEFT][/TD] [TD][LEFT]Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][5.5]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2021-26734&vector=CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N')[/CENTER][/TD] [TD][CVE-2021-26734]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-26734') [MISC]('https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021')[/TD] [/TR] [TR] [TD][LEFT]zscaler -- client_connector[/LEFT][/TD] [TD][LEFT]An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][5.3]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2023-28804&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N')[/CENTER][/TD] [TD][CVE-2023-28804]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-28804') [MISC]('https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023')[/TD] [/TR] [TR] [TD][LEFT]zscaler -- client_connector[/LEFT][/TD] [TD][LEFT]The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER][4.7]('https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2021-26737&vector=CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H')[/CENTER][/TD] [TD][CVE-2021-26737]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-26737') [MISC]('https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.6&deployment_date=2022-01-07&id=1388686')[/TD] [/TR][/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/TABLE][/CENTER] [TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT] [Back to top]('https://www.cisa.gov/uscert/ncas/#top') [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT]

Low Vulnerabilities

[CENTER][TABLE] [TR] [TH]Primary Vendor -- Product[/TH] [TH]Description[/TH] [TH]Published[/TH] [TH]CVSS Score[/TH] [TH]Source & Patch Info[/TH] [/TR] [TR] [TD][CENTER]There were no low vulnerabilities recorded this week.[/CENTER][/TD] [/TR] [/TABLE][/CENTER]

Back to top

Severity Not Yet Assigned

[CENTER][TABLE] [TR] [TH]Primary Vendor -- Product[/TH] [TH]Description[/TH] [TH]Published[/TH] [TH]CVSS Score[/TH] [TH]Source & Patch Info[/TH] [/TR] [TR] [TD][LEFT]abus_group -- tvip[/LEFT][/TD] [TD][LEFT]An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2018-16739]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-16739') [MISC]('https://sec.maride.cc/posts/abus/') [MISC]('https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen')[/TD] [/TR] [TR] [TD][LEFT]abus_group -- tvip[/LEFT][/TD] [TD][LEFT]Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2018-17558]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17558') [MISC]('https://sec.maride.cc/posts/abus/') [MISC]('https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen')[/TD] [/TR] [TR] [TD][LEFT]abus_group -- tvip[/LEFT][/TD] [TD][LEFT]Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2018-17559]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17559') [MISC]('https://sec.maride.cc/posts/abus/#cve-2018-17559') [MISC]('https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen')[/TD] [/TR] [TR] [TD][LEFT]abus_group -- tvip[/LEFT][/TD] [TD][LEFT]Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2018-17878]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17878') [MISC]('https://sec.maride.cc/posts/abus/#cve-2018-17878') [MISC]('https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen')[/TD] [/TR] [TR] [TD][LEFT]abus_group -- tvip[/LEFT][/TD] [TD][LEFT]An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2018-17879]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-17879') [MISC]('https://sec.maride.cc/posts/abus/#cve-2018-17879') [MISC]('https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen')[/TD] [/TR] [TR] [TD][LEFT]agevolt_slovakia_s.r.o. -- agevolt_portal[/LEFT][/TD] [TD][LEFT]An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38484]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38484') [MISC]('https://citadelo.com/download/CVE-2022-38484.pdf')[/TD] [/TR] [TR] [TD][LEFT]agevolt_slovakia_s.r.o. -- agevolt_portal[/LEFT][/TD] [TD][LEFT]A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-38485]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-38485') [MISC]('https://citadelo.com/download/CVE-2022-38485.pdf')[/TD] [/TR] [TR] [TD][LEFT]alexander_maier_gmbh -- eisbaer_scada[/LEFT][/TD] [TD][LEFT]EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42488]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42488') [MISC]('https://www.gov.il/en/Departments/faq/cve_advisories')[/TD] [/TR] [TR] [TD][LEFT]alexander_maier_gmbh -- eisbaer_scada[/LEFT][/TD] [TD][LEFT]EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42489]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42489') [MISC]('https://www.gov.il/en/Departments/faq/cve_advisories')[/TD] [/TR] [TR] [TD][LEFT]alexander_maier_gmbh -- eisbaer_scada[/LEFT][/TD] [TD][LEFT]EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42490]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42490') [MISC]('https://www.gov.il/en/Departments/faq/cve_advisories')[/TD] [/TR] [TR] [TD][LEFT]alexander_maier_gmbh -- eisbaer_scada[/LEFT][/TD] [TD][LEFT]EisBaer Scada - CWE-285: Improper Authorization[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42491]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42491') [MISC]('https://www.gov.il/en/Departments/faq/cve_advisories')[/TD] [/TR] [TR] [TD][LEFT]alexander_maier_gmbh -- eisbaer_scada[/LEFT][/TD] [TD][LEFT]EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42492]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42492') [MISC]('https://www.gov.il/en/Departments/faq/cve_advisories')[/TD] [/TR] [TR] [TD][LEFT]alexander_maier_gmbh -- eisbaer_scada[/LEFT][/TD] [TD][LEFT]EisBaer Scada - CWE-256: Plaintext Storage of a Password[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42493]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42493') [MISC]('https://www.gov.il/en/Departments/faq/cve_advisories')[/TD] [/TR] [TR] [TD][LEFT]alexander_maier_gmbh -- eisbaer_scada[/LEFT][/TD] [TD][LEFT]EisBaer Scada - CWE-749: Exposed Dangerous Method or Function[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42494]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42494') [MISC]('https://www.gov.il/en/Departments/faq/cve_advisories')[/TD] [/TR] [TR] [TD][LEFT]anglaise.company -- anglaise.company[/LEFT][/TD] [TD][LEFT]An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-38845]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38845') [MISC]('https://liff.line.me/1657030660-8nDEQNbe') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38845.md')[/TD] [/TR] [TR] [TD][LEFT]apache -- activemq[/LEFT][/TD] [TD][LEFT]Apache ActiveMQ is vulnerable to Remote Code Execution. The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46604]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46604') [MISC]('https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/27/5')[/TD] [/TR] [TR] [TD][LEFT]apache -- airflow_celery[/LEFT][/TD] [TD][LEFT]Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46215]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46215') [MISC]('https://github.com/apache/airflow/pull/34954') [MISC]('https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/28/1')[/TD] [/TR] [TR] [TD][LEFT]apache -- http_server[/LEFT][/TD] [TD][LEFT]An attacker, opening a HTTP/2 connection with an initial window size of 0 was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well-known "slow loris" attack pattern. This has been fixed in version 2.4.58 so that such connections are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43622]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43622') [MISC]('https://httpd.apache.org/security/vulnerabilities_24.html') [MISC]('https://security.netapp.com/advisory/ntap-20231027-0011/')[/TD] [/TR] [TR] [TD][LEFT]apache -- http_server [/LEFT][/TD] [TD][LEFT]When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45802]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45802') [MISC]('https://httpd.apache.org/security/vulnerabilities_24.html') [MISC]('https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/') [MISC]('https://security.netapp.com/advisory/ntap-20231027-0011/')[/TD] [/TR] [TR] [TD][LEFT]apple -- ios/ipados[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-32359]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-32359') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23')[/TD] [/TR] [TR] [TD][LEFT]apple -- ios/ipados[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40445]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40445') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40401]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40401') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40404]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40404') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40405]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40405') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40421]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40421') [MISC]('https://support.apple.com/en-us/HT213983') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213983') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/21') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.1. An app with root privileges may be able to access private information.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40425]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40425') [MISC]('https://support.apple.com/en-us/HT213983') [MISC]('https://support.apple.com/kb/HT213983') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/21')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40444]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40444') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41077]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41077') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41975]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41975') [MISC]('https://support.apple.com/en-us/HT213983') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213983') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/21') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41977]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41977') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213981') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41989]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41989') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42438]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42438') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42842]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42842') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42850]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42850') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- macos[/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42861]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42861') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40408]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40408') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213988') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213981') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213988') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/25') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40413]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40413') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213983') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213988') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213981') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213983') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('https://support.apple.com/kb/HT213988') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/25') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/21')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40416]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40416') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213983') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213981') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213983') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/21')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40423]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40423') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213983') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213981') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213983') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/21')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40447]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40447') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213988') [MISC]('https://support.apple.com/en-us/HT213986') [MISC]('https://support.apple.com/en-us/HT213987') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/27') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/25') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/22')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40449]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40449') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213983') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213981') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213983') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/21')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41072]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41072') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41254]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41254') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213988') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213981') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('https://support.apple.com/kb/HT213988') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/25') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41976]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41976') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213988') [MISC]('https://support.apple.com/en-us/HT213986') [MISC]('https://support.apple.com/en-us/HT213987') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/27') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/25') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/22')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41982]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41982') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213988') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213981') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213988') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/25') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41983]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41983') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213986') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/27') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41988]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41988') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213988') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213988') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/25') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41997]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41997') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213988') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213981') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213988') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/25') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42841]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42841') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213981') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42844]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42844') [MISC]('https://support.apple.com/en-us/HT213983') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213983') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/21') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42845]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42845') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42846]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42846') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213988') [MISC]('https://support.apple.com/en-us/HT213987') [MISC]('https://support.apple.com/kb/HT213981') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213987') [MISC]('https://support.apple.com/kb/HT213988') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/22') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/25') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42847]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42847') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42849]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42849') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213983') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213988') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213981') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213983') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('https://support.apple.com/kb/HT213988') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/25') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/21')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42852]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42852') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213981') [MISC]('https://support.apple.com/en-us/HT213988') [MISC]('https://support.apple.com/en-us/HT213986') [MISC]('https://support.apple.com/en-us/HT213987') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/23') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/27') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/25') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/22')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42854]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42854') [MISC]('https://support.apple.com/en-us/HT213983') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213983') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/21') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42856]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42856') [MISC]('https://support.apple.com/en-us/HT213983') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/en-us/HT213985') [MISC]('https://support.apple.com/kb/HT213983') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('https://support.apple.com/kb/HT213985') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/21') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/26') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]apple -- multiple_products[/LEFT][/TD] [TD][LEFT]A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42857]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42857') [MISC]('https://support.apple.com/en-us/HT213982') [MISC]('https://support.apple.com/en-us/HT213984') [MISC]('https://support.apple.com/kb/HT213982') [MISC]('https://support.apple.com/kb/HT213984') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/19') [MISC]('http://seclists.org/fulldisclosure/2023/Oct/24')[/TD] [/TR] [TR] [TD][LEFT]ashlar-vellum -- graphite [/LEFT][/TD] [TD][LEFT]In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39936]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39936') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03')[/TD] [/TR] [TR] [TD][LEFT]ashlar-vellum -- multiple_products[/LEFT][/TD] [TD][LEFT]In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39427]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39427') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03')[/TD] [/TR] [TR] [TD][LEFT]audimex -- audimex[/LEFT][/TD] [TD][LEFT]Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46396]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46396') [MISC]('https://drive.google.com/file/d/13PK6RnYdq7fJKw47ssgLEsQvzHOJttLL/view?usp=sharing')[/TD] [/TR] [TR] [TD][LEFT]basercms -- basercms[/LEFT][/TD] [TD][LEFT]baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-29009]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-29009') [MISC]('https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0') [MISC]('https://basercms.net/security/JVN_45547161') [MISC]('https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq')[/TD] [/TR] [TR] [TD][LEFT]bosch_rexroth_ag -- ctrlx_hmi_web_pane [/LEFT][/TD] [TD][LEFT]The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45851]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45851') [MISC]('https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html')[/TD] [/TR] [TR] [TD][LEFT]bosch_rexroth_ag -- ctrlx_hmi_web_panel[/LEFT][/TD] [TD][LEFT]The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45321]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45321') [MISC]('https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html')[/TD] [/TR] [TR] [TD][LEFT]bosch_rexroth_ag -- ctrlx_hmi_web_panel[/LEFT][/TD] [TD][LEFT]The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46102]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46102') [MISC]('https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html')[/TD] [/TR] [TR] [TD][LEFT]browserify -- browserify[/LEFT][/TD] [TD][LEFT]browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in [ICODE]dsaVerify[/ICODE] function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46234]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46234') [MISC]('https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw') [MISC]('https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html')[/TD] [/TR] [TR] [TD][LEFT]cacti -- cacti[/LEFT][/TD] [TD][LEFT]SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46490]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46490') [MISC]('https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53') [MISC]('https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c')[/TD] [/TR] [TR] [TD][LEFT]carrental -- carrental[/LEFT][/TD] [TD][LEFT]carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-33517]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-33517') [MISC]('https://gist.github.com/wushigudan/288ab32566615d8897c1da7ce7204838')[/TD] [/TR] [TR] [TD][LEFT]cassia_networks -- access_controller[/LEFT][/TD] [TD][LEFT]An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-35794]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-35794') [MISC]('https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking') [MISC]('https://www.cassianetworks.com/products/iot-access-controller/')[/TD] [/TR] [TR] [TD][LEFT]catdoc -- catdoc[/LEFT][/TD] [TD][LEFT]Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46345]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46345') [MISC]('https://gist.github.com/rycbar77/d747b2c37b544ece30b2353a65ab41f9')[/TD] [/TR] [TR] [TD][LEFT]christina_japan_line -- christina_japan_line[/LEFT][/TD] [TD][LEFT]An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-38847]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38847') [MISC]('https://liff.line.me/1657631315-oX5J26Ak') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38847.md')[/TD] [/TR] [TR] [TD][LEFT]cisco -- cisco_ios_xe_software[/LEFT][/TD] [TD][LEFT]A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-20273]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-20273') [MISC]('https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z')[/TD] [/TR] [TR] [TD][LEFT]cloud_software_group -- netscaler_adc/gateway[/LEFT][/TD] [TD][LEFT]Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-4967]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4967') [MISC]('https://support.citrix.com/article/CTX579459/')[/TD] [/TR] [TR] [TD][LEFT]cmsmadesimple -- cmsmadesimple[/LEFT][/TD] [TD][LEFT]An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43352]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43352') [MISC]('https://github.com/sromanhu/CVE-2023-43352-CMSmadesimple-SSTI--Content') [MISC]('https://github.com/sromanhu/CMSmadesimple-SSTI--Content')[/TD] [/TR] [TR] [TD][LEFT]cmsmadesimple -- cmsmadesimple[/LEFT][/TD] [TD][LEFT]Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43358]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43358') [MISC]('https://github.com/sromanhu/CVE-2023-43358-CMSmadesimple-Stored-XSS---News') [MISC]('https://github.com/sromanhu/CMSmadesimple-Stored-XSS---News')[/TD] [/TR] [TR] [TD][LEFT]cmsmadesimple -- cmsmadesimple[/LEFT][/TD] [TD][LEFT]Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43360]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43360') [MISC]('https://github.com/sromanhu/CMSmadesimple-Stored-XSS---File-Picker-extension') [MISC]('https://github.com/sromanhu/CVE-2023-43360-CMSmadesimple-Stored-XSS---File-Picker-extension')[/TD] [/TR] [TR] [TD][LEFT]code-projects -- admission_management_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in code-projects Admission Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file student_avatar.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243728.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5829]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5829') [MISC]('https://vuldb.com/?ctiid.243728') [MISC]('https://vuldb.com/?id.243728') [MISC]('https://github.com/lxxcute/Bug/blob/main/Admission%20Management%20System%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf')[/TD] [/TR] [TR] [TD][LEFT]codeastro -- pos_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243601 was assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5795]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5795') [MISC]('https://drive.google.com/file/d/1bjDpJdG28Q5-RGJB89Dzw6YzZ1VHN23X/view?usp=sharing') [MISC]('https://vuldb.com/?ctiid.243601') [MISC]('https://vuldb.com/?id.243601')[/TD] [/TR] [TR] [TD][LEFT]codeastro -- pos_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243602 is the identifier assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5796]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5796') [MISC]('https://vuldb.com/?id.243602') [MISC]('https://drive.google.com/file/d/1LIXuVmxby4QTY7v7dD-F0oRnwVVOwlmJ/view?usp=sharing') [MISC]('https://vuldb.com/?ctiid.243602')[/TD] [/TR] [TR] [TD][LEFT]coderedcorp -- wagtail_crx[/LEFT][/TD] [TD][LEFT]views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-46897]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46897') [MISC]('https://github.com/coderedcorp/coderedcms/issues/448') [MISC]('https://github.com/coderedcorp/coderedcms/pull/450') [MISC]('https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3')[/TD] [/TR] [TR] [TD][LEFT]columbiasoft -- document_locator[/LEFT][/TD] [TD][LEFT]A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5830]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5830') [MISC]('https://vuldb.com/?ctiid.243729') [MISC]('https://vuldb.com/?id.243729')[/TD] [/TR] [TR] [TD][LEFT]concrete_cms -- concrete_cms[/LEFT][/TD] [TD][LEFT]Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-44760]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44760') [MISC]('https://github.com/sromanhu/ConcreteCMS-Stored-XSS---TrackingCodes')[/TD] [/TR] [TR] [TD][LEFT]contec_co._ltd. -- solarview_compact[/LEFT][/TD] [TD][LEFT]An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46509]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46509') [MISC]('https://gist.github.com/ATonysan/d6f72e9eb90407d64bed4566aa80afb1#file-cve-2023-46509')[/TD] [/TR] [TR] [TD][LEFT]crypto-es -- crypto-es[/LEFT][/TD] [TD][LEFT]CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46133]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46133') [MISC]('https://github.com/entronad/crypto-es/commit/d506677fae3d03a454b37ad126e0c119d416b757') [MISC]('https://github.com/entronad/crypto-es/security/advisories/GHSA-mpj8-q39x-wq5h')[/TD] [/TR] [TR] [TD][LEFT]crypto-js -- crypto-js[/LEFT][/TD] [TD][LEFT]crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46233]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46233') [MISC]('https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf') [MISC]('https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a')[/TD] [/TR] [TR] [TD][LEFT]d-link -- dar-7000 [/LEFT][/TD] [TD][LEFT]SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42406]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42406') [MISC]('https://github.com/flyyue2001/cve/blob/main/D-LINK%20-DAR-7000_sql_:sysmanage:editrole.php.md') [MISC]('https://github.com/1dreamGN/CVE/blob/main/CVE-2023-42406.md')[/TD] [/TR] [TR] [TD][LEFT]deciso_b.v. -- opnsense[/LEFT][/TD] [TD][LEFT]DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-27152]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27152') [MISC]('https://www.esecforte.com/cve-2023-27152-opnsense-brute-force/')[/TD] [/TR] [TR] [TD][LEFT]django_grappelli -- django_grappelli[/LEFT][/TD] [TD][LEFT]views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2021-46898]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-46898') [MISC]('https://github.com/sehmaschine/django-grappelli/commit/4ca94bcda0fa2720594506853d85e00c8212968f') [MISC]('https://github.com/sehmaschine/django-grappelli/pull/976') [MISC]('https://github.com/sehmaschine/django-grappelli/compare/2.15.1...2.15.2') [MISC]('https://github.com/sehmaschine/django-grappelli/issues/975')[/TD] [/TR] [TR] [TD][LEFT]dragon_path -- 707gr1[/LEFT][/TD] [TD][LEFT]A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input >>src/onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243594 is the identifier assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5789]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5789') [MISC]('https://drive.google.com/file/d/1s_NzD0Z6lMvRoo9sLXqRvYRaF7XTAYBE/view?usp=sharing') [MISC]('https://vuldb.com/?ctiid.243594') [MISC]('https://vuldb.com/?id.243594')[/TD] [/TR] [TR] [TD][LEFT]dromara_sureness -- dromara_sureness[/LEFT][/TD] [TD][LEFT]Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-31581]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-31581') [MISC]('https://github.com/dromara/sureness/issues/164') [MISC]('https://github.com/xubowenW/JWTissues/blob/main/sureness%20secure%20issues.md')[/TD] [/TR] [TR] [TD][LEFT]egroupware -- egroupware[/LEFT][/TD] [TD][LEFT]An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-38328]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38328') [MISC]('https://www.gruppotim.it/it/footer/red-team.html')[/TD] [/TR] [TR] [TD][LEFT]elastic -- beats[/LEFT][/TD] [TD][LEFT]It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-31421]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-31421') [MISC]('https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385') [MISC]('https://www.elastic.co/community/security')[/TD] [/TR] [TR] [TD][LEFT]elastic -- elastic_cloud_on_kubernetes[/LEFT][/TD] [TD][LEFT]Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-31416]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-31416') [MISC]('https://www.elastic.co/community/security') [MISC]('https://discuss.elastic.co/t/elastic-cloud-on-kubernetes-eck-2-8-security-update/343854')[/TD] [/TR] [TR] [TD][LEFT]elastic -- elastic_sharepoint_online_python_connector[/LEFT][/TD] [TD][LEFT]An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a SharePoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46666]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46666') [MISC]('https://www.elastic.co/community/security') [MISC]('https://discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732')[/TD] [/TR] [TR] [TD][LEFT]elastic -- elasticsearch[/LEFT][/TD] [TD][LEFT]Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-31417]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-31417') [MISC]('https://www.elastic.co/community/security') [MISC]('https://discuss.elastic.co/t/elasticsearch-8-9-2-and-7-17-13-security-update/342479')[/TD] [/TR] [TR] [TD][LEFT]elastic -- elasticsearch[/LEFT][/TD] [TD][LEFT]An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-31418]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-31418') [MISC]('https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616') [MISC]('https://www.elastic.co/community/security')[/TD] [/TR] [TR] [TD][LEFT]elastic -- elasticsearch[/LEFT][/TD] [TD][LEFT]A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-31419]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-31419') [MISC]('https://www.elastic.co/community/security') [MISC]('https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297')[/TD] [/TR] [TR] [TD][LEFT]elastic -- endpoint[/LEFT][/TD] [TD][LEFT]If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46668]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46668') [MISC]('https://www.elastic.co/community/security') [MISC]('https://discuss.elastic.co/t/endpoint-v8-10-4-security-update/345203')[/TD] [/TR] [TR] [TD][LEFT]elastic -- fleet_server[/LEFT][/TD] [TD][LEFT]An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server's log file in plain text. These enrolment tokens could allow someone to enroll an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46667]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46667') [MISC]('https://www.elastic.co/community/security') [MISC]('https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737')[/TD] [/TR] [TR] [TD][LEFT]elastic -- kibana[/LEFT][/TD] [TD][LEFT]An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-31422]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-31422') [MISC]('https://www.elastic.co/community/security') [MISC]('https://discuss.elastic.co/t/kibana-8-10-1-security-update/343287')[/TD] [/TR] [TR] [TD][LEFT]exfatprogs -- exfatprogs[/LEFT][/TD] [TD][LEFT]exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45897]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45897') [MISC]('https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4') [MISC]('https://github.com/exfatprogs/exfatprogs/releases/tag/1.2.2') [MISC]('https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae') [MISC]('https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf')[/TD] [/TR] [TR] [TD][LEFT]fancms -- fancms[/LEFT][/TD] [TD][LEFT]Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46505]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46505') [MISC]('https://github.com/PwnCYN/FanCMS/issues/1')[/TD] [/TR] [TR] [TD][LEFT]ffmpeg -- ffmpeg[/LEFT][/TD] [TD][LEFT]FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46407]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46407') [MISC]('https://github.com/FFmpeg/FFmpeg/commit/bf814387f42e9b0dea9d75c03db4723c88e7d962') [MISC]('https://patchwork.ffmpeg.org/project/ffmpeg/patch/[email protected]/') [MISC]('https://patchwork.ffmpeg.org/project/ffmpeg/patch/[email protected]/')[/TD] [/TR] [TR] [TD][LEFT]fides -- fides[/LEFT][/TD] [TD][LEFT]Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as a Server-Side Request Forgery). The application does not perform proper validation to block attempts to connect to internal (including localhost) resources. The vulnerability has been patched in Fides version [ICODE]2.22.1[/ICODE].[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46124]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46124') [MISC]('https://github.com/ethyca/fides/releases/tag/2.22.1') [MISC]('https://github.com/ethyca/fides/commit/cd344d016b1441662a61d0759e7913e8228ed1ee') [MISC]('https://github.com/ethyca/fides/security/advisories/GHSA-jq3w-9mgf-43m4')[/TD] [/TR] [TR] [TD][LEFT]fides -- fides[/LEFT][/TD] [TD][LEFT]Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the [ICODE]GET api/v1/config[/ICODE] endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the internals and the backend infrastructure, such as various settings, servers' addresses and ports and database username. This information is useful for administrative users as well as attackers, thus it should not be revealed to low-privileged users. This vulnerability allows Admin UI users with roles lower than the owner role e.g. the viewer role to retrieve the config information using the API. The vulnerability has been patched in Fides version [ICODE]2.22.1[/ICODE].[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46125]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46125') [MISC]('https://github.com/ethyca/fides/commit/c9f3a620a4b4c1916e0941cb5624dcd636f06d06') [MISC]('https://github.com/ethyca/fides/security/advisories/GHSA-rjxg-rpg3-9r89') [MISC]('https://github.com/ethyca/fides/releases/tag/2.22.1')[/TD] [/TR] [TR] [TD][LEFT]fides -- fides[/LEFT][/TD] [TD][LEFT]Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability makes it possible to craft a payload in the privacy policy URL which triggers JavaScript execution when the privacy notice is served by an integrated website. The domain scope of the executed JavaScript is that of the integrated website. Exploitation is limited to Admin UI users with the contributor role or higher. The vulnerability has been patched in Fides version [ICODE]2.22.1[/ICODE].[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46126]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46126') [MISC]('https://github.com/ethyca/fides/security/advisories/GHSA-fgjj-5jmr-gh83') [MISC]('https://github.com/ethyca/fides/releases/tag/2.22.1') [MISC]('https://github.com/ethyca/fides/commit/3231d19699f9c895c986f6a967a64d882769c506')[/TD] [/TR] [TR] [TD][LEFT]flusity_cms -- flusity_cms[/LEFT][/TD] [TD][LEFT]A vulnerability was found in flusity CMS and classified as problematic. This issue affects the function loadCustomBlocCreateForm of the file /core/tools/customblock.php of the component Dashboard. The manipulation of the argument customblock_place leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 81252bc764e1de2422e79e36194bba1289e7a0a5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243599.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5793]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5793') [MISC]('https://github.com/flusity/flusity-CMS/commit/81252bc764e1de2422e79e36194bba1289e7a0a5') [MISC]('https://vuldb.com/?ctiid.243599') [MISC]('https://github.com/flusity/flusity-CMS/issues/1') [MISC]('https://vuldb.com/?id.243599')[/TD] [/TR] [TR] [TD][LEFT]flusity_cms -- flusity_cms[/LEFT][/TD] [TD][LEFT]A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. The identifier VDB-243641 was assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5810]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5810') [MISC]('https://github.com/flusity/flusity-CMS/issues/2') [MISC]('https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8') [MISC]('https://vuldb.com/?ctiid.243641') [MISC]('https://vuldb.com/?id.243641')[/TD] [/TR] [TR] [TD][LEFT]flusity_cms -- flusity_cms[/LEFT][/TD] [TD][LEFT]A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. VDB-243642 is the identifier assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5811]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5811') [MISC]('https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8') [MISC]('https://github.com/flusity/flusity-CMS/issues/3') [MISC]('https://vuldb.com/?ctiid.243642') [MISC]('https://vuldb.com/?id.243642')[/TD] [/TR] [TR] [TD][LEFT]flusity_cms -- flusity_cms[/LEFT][/TD] [TD][LEFT]A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-243643.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5812]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5812') [MISC]('https://vuldb.com/?ctiid.243643') [MISC]('https://vuldb.com/?id.243643') [MISC]('https://github.com/flusity/flusity-CMS/issues/4')[/TD] [/TR] [TR] [TD][LEFT]fotoscms2 -- fotoscms2[/LEFT][/TD] [TD][LEFT]A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243802 is the identifier assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5837]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5837') [MISC]('https://vuldb.com/?ctiid.243802') [MISC]('https://vuldb.com/?id.243802') [MISC]('https://github.com/AlexanderLivanov/FotosCMS2/issues/18')[/TD] [/TR] [TR] [TD][LEFT]frappe -- frappe[/LEFT][/TD] [TD][LEFT]Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46127]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46127') [MISC]('https://github.com/frappe/frappe/pull/22339') [MISC]('https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900') [MISC]('https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98')[/TD] [/TR] [TR] [TD][LEFT]free5gc -- free5gc[/LEFT][/TD] [TD][LEFT]pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46324]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46324') [MISC]('https://github.com/free5gc/udm/pull/20') [MISC]('https://github.com/free5gc/udm/compare/v1.1.1...v1.2.0')[/TD] [/TR] [TR] [TD][LEFT]frrouting_frr -- frrouting_frr[/LEFT][/TD] [TD][LEFT]An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46752]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46752') [MISC]('https://github.com/FRRouting/frr/pull/14645/commits/b08afc81c60607a4f736f418f2e3eb06087f1a35')[/TD] [/TR] [TR] [TD][LEFT]frrouting_frr -- frrouting_frr[/LEFT][/TD] [TD][LEFT]An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46753]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46753') [MISC]('https://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9')[/TD] [/TR] [TR] [TD][LEFT]fukunaga_memberscard_line -- fukunaga_memberscard_line[/LEFT][/TD] [TD][LEFT]The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39736]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39736') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39736.md') [MISC]('https://liff.line.me/1657606123-4Kp0xVrP')[/TD] [/TR] [TR] [TD][LEFT]geeklog -- geeklog[/LEFT][/TD] [TD][LEFT]Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component.[/LEFT][/TD] [TD][CENTER]2023-10-24[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46058]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46058') [MISC]('https://github.com/CrownZTX/vulnerabilities/blob/main/geeklog/Stored_XSS_in_group.php.md')[/TD] [/TR] [TR] [TD][LEFT]geeklog -- geeklog[/LEFT][/TD] [TD][LEFT]Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component.[/LEFT][/TD] [TD][CENTER]2023-10-24[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46059]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46059') [MISC]('https://github.com/CrownZTX/vulnerabilities/blob/main/geeklog/reflected_XSS_in_editservice.md')[/TD] [/TR] [TR] [TD][LEFT]geoserver -- geoserver[/LEFT][/TD] [TD][LEFT]GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an [ICODE]sld=[/ICODE] parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41339]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41339') [MISC]('https://github.com/geoserver/geoserver/security/advisories/GHSA-cqpc-x2c6-2gmf') [MISC]('https://github.com/geoserver/geoserver/releases/tag/2.22.5') [MISC]('https://github.com/geoserver/geoserver/releases/tag/2.23.2')[/TD] [/TR] [TR] [TD][LEFT]geoserver -- geoserver[/LEFT][/TD] [TD][LEFT]GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43795]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43795') [MISC]('https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956')[/TD] [/TR] [TR] [TD][LEFT]geoserver -- geowebcache[/LEFT][/TD] [TD][LEFT]A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243592.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5786]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5786') [MISC]('https://vuldb.com/?ctiid.243592') [MISC]('https://vuldb.com/?id.243592') [MISC]('https://github.com/Qxyday/GeoServe---unauthorized')[/TD] [/TR] [TR] [TD][LEFT]github -- enterprise_server[/LEFT][/TD] [TD][LEFT]Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-23767]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-23767') [MISC]('https://docs.github.com/en/[email protected]/admin/release-notes#3.9.6') [MISC]('https://docs.github.com/en/[email protected]/admin/release-notes#3.8.11') [MISC]('https://docs.github.com/en/[email protected]/admin/release-notes#3.7.18') [MISC]('https://docs.github.com/en/[email protected]/admin/release-notes#3.10.3')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40116]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40116') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/18c3b194642f3949d09e48c21da5658fa04994c8') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40117]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40117') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/ff86ff28cf82124f8e65833a2dd8c319aea08945') [MISC]('https://android.googlesource.com/platform/packages/apps/Settings/+/11815817de2f2d70fe842b108356a1bc75d44ffb') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40120]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40120') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/d26544e5a4fd554b790b4d0c5964d9e95d9e626b') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40121]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40121') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/3287ac2d2565dc96bf6177967f8e3aed33954253') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40123]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40123') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/7212a4bec2d2f1a74fa54a12a04255d6a183baa9') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40125]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40125') [MISC]('https://android.googlesource.com/platform/packages/apps/Settings/+/63d464c3fa5c7b9900448fef3844790756e557eb') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40127]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40127') [MISC]('https://android.googlesource.com/platform/packages/providers/MediaProvider/+/747431250612507e8289ae8eb1a56303e79ab678') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40128]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40128') [MISC]('https://android.googlesource.com/platform/external/libxml2/+/1ccf89b87a3969edd56956e2d447f896037c8be7') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40129]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40129') [MISC]('https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c0151aa3ba76c785b32c7f9d16c98febe53017b1') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40130]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40130') [MISC]('https://android.googlesource.com/platform/packages/services/Telecomm/+/5b335401d1c8de7d1c85f4a0cf353f7f9fc30218') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40131]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40131') [MISC]('https://android.googlesource.com/platform/frameworks/native/+/0cda11569dd256ff3220b4fe44f861f8081d7116') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40133]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40133') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40134]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40134') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40135]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40135') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40136]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40136') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40137]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40137') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40138]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40138') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40139]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40139') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- android[/LEFT][/TD] [TD][LEFT]In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-40140]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-40140') [MISC]('https://android.googlesource.com/platform/frameworks/base/+/2d88a5c481df8986dbba2e02c5bf82f105b36243') [MISC]('https://source.android.com/security/bulletin/2023-10-01')[/TD] [/TR] [TR] [TD][LEFT]google -- chrome [/LEFT][/TD] [TD][LEFT]Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5472]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5472') [MISC]('https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html') [MISC]('https://crbug.com/1491296') [MISC]('https://www.debian.org/security/2023/dsa-5536') [MISC]('https://lists.fedoraproject.org/archives/list/[email protected]/message/TDMQG42VVOZ5USSI4NSNT3VJPGBPNSIW/')[/TD] [/TR] [TR] [TD][LEFT]gougucms -- gougucms[/LEFT][/TD] [TD][LEFT]gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46393]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46393') [MISC]('https://gitee.com/gouguopen/gougucms/issues/I88TKH')[/TD] [/TR] [TR] [TD][LEFT]gougucms -- gougucms [/LEFT][/TD] [TD][LEFT]A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46394]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46394') [MISC]('https://gitee.com/gouguopen/gougucms/issues/I88TC0')[/TD] [/TR] [TR] [TD][LEFT]grafana -- grafana[/LEFT][/TD] [TD][LEFT]Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-3010]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-3010') [MISC]('https://grafana.com/security/security-advisories/cve-2023-3010/')[/TD] [/TR] [TR] [TD][LEFT]hashicorp -- vagrant[/LEFT][/TD] [TD][LEFT]HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5834]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5834') [MISC]('https://discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568')[/TD] [/TR] [TR] [TD][LEFT]hcl_software -- hcl_commerce[/LEFT][/TD] [TD][LEFT]HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-37532]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-37532') [MISC]('https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108094')[/TD] [/TR] [TR] [TD][LEFT]hewlett_packard_enterprise -- aruba_clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43506]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43506') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt')[/TD] [/TR] [TR] [TD][LEFT]hewlett_packard_enterprise -- aruba_clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43507]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43507') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt')[/TD] [/TR] [TR] [TD][LEFT]hewlett_packard_enterprise -- aruba_clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allows an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43508]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43508') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt')[/TD] [/TR] [TR] [TD][LEFT]hewlett_packard_enterprise -- aruba_clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43509]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43509') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt')[/TD] [/TR] [TR] [TD][LEFT]hewlett_packard_enterprise -- aruba_clearpass_policy_manager[/LEFT][/TD] [TD][LEFT]A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43510]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43510') [MISC]('https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt')[/TD] [/TR] [TR] [TD][LEFT]hewlett_packard_enterprise -- hpe_oneview[/LEFT][/TD] [TD][LEFT]A remote code execution issue exists in HPE OneView.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-30912]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-30912') [MISC]('https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04548en_us')[/TD] [/TR] [TR] [TD][LEFT]hp_inc. -- hp_print_and_scan_doctor_for_windows[/LEFT][/TD] [TD][LEFT]HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5671]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5671') [MISC]('https://support.hp.com/us-en/document/ish_9502679-9502704-16')[/TD] [/TR] [TR] [TD][LEFT]hu60wap6 -- hu60wap6[/LEFT][/TD] [TD][LEFT]A vulnerability classified as problematic was found in hu60t hu60wap6. Affected by this vulnerability is the function markdown of the file src/class/ubbparser.php. The manipulation leads to cross site scripting. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named a1cd9f12d7687243bfcb7ce295665acb83b9174e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243775.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5835]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5835') [MISC]('https://github.com/hu60t/hu60wap6/commit/a1cd9f12d7687243bfcb7ce295665acb83b9174e') [MISC]('https://vuldb.com/?ctiid.243775') [MISC]('https://vuldb.com/?id.243775')[/TD] [/TR] [TR] [TD][LEFT]ibm -- txseries_for_multiplatforms[/LEFT][/TD] [TD][LEFT]IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42031]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42031') [MISC]('https://www.ibm.com/support/pages/node/7056429') [MISC]('https://exchange.xforce.ibmcloud.com/vulnerabilities/266061') [MISC]('https://www.ibm.com/support/pages/node/7056433')[/TD] [/TR] [TR] [TD][LEFT]ibm -- websphere_application_server_liberty[/LEFT][/TD] [TD][LEFT]IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46158]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46158') [MISC]('https://www.ibm.com/support/pages/node/7058356') [MISC]('https://exchange.xforce.ibmcloud.com/vulnerabilities/268775')[/TD] [/TR] [TR] [TD][LEFT]icecms -- icecms[/LEFT][/TD] [TD][LEFT]IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42188]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42188') [MISC]('https://topdayplus.github.io/2023/10/27/CVE-deatail/') [MISC]('https://github.com/Thecosy/IceCMS/issues/17')[/TD] [/TR] [TR] [TD][LEFT]idattend_pty_ltd -- idweb[/LEFT][/TD] [TD][LEFT]Reflected cross-site scripting in the StudentSearch component in IDAttend's IDWeb application 3.1.052 and earlier allows hijacking of a user's browsing session by attackers who have convinced the said user to click on a malicious link.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-1356]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-1356') [MISC]('https://www.themissinglink.com.au/security-advisories/cve-2023-1356')[/TD] [/TR] [TR] [TD][LEFT]ilias -- ilias[/LEFT][/TD] [TD][LEFT]ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential files stored on the web server. The attacker can access files that are readable by the web server user www-data; this may include sensitive configuration files and documents located outside the documentRoot. The vulnerability is exploited by an attacker who manipulates the file parameter in a URL, inserting directory traversal sequences in order to access unauthorized files. This manipulation allows the attacker to retrieve sensitive files, such as /etc/passwd, potentially compromising the system's security. This issue poses a significant risk to confidentiality and is remotely exploitable over the internet.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45867]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45867') [MISC]('https://rehmeinfosec.de') [MISC]('https://rehmeinfosec.de/labor/cve-2023-45867')[/TD] [/TR] [TR] [TD][LEFT]ilias -- ilias[/LEFT][/TD] [TD][LEFT]The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside the documentRoot, to a publicly accessible location via the PHP function rename(). This results in a total loss of confidentiality, exposing sensitive resources, and potentially denying access to the affected component and the operating system's components. To exploit this, an attacker must manipulate a POST request during the creation of an exercise unit, by modifying the old_name and new_name parameters via directory traversal. However, it's essential to note that, when exploiting this vulnerability, the specified directory will be relocated from its original location, rendering all files obtained from there unavailable.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45868]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45868') [MISC]('https://rehmeinfosec.de') [MISC]('https://rehmeinfosec.de/labor/cve-2023-45867')[/TD] [/TR] [TR] [TD][LEFT]ilias -- ilias[/LEFT][/TD] [TD][LEFT]ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45869]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45869') [MISC]('https://rehmeinfosec.de/labor/cve-2023-45869') [MISC]('https://rehmeinfosec.de/report/358ad5f6-f712-4f74-a5ee-476efc856cbc/')[/TD] [/TR] [TR] [TD][LEFT]ispconfig -- ispconfig [/LEFT][/TD] [TD][LEFT]An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46818]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46818') [MISC]('https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/')[/TD] [/TR] [TR] [TD][LEFT]iterm2 -- iterm2[/LEFT][/TD] [TD][LEFT]iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46300]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46300') [MISC]('https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009') [MISC]('https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce') [MISC]('https://iterm2.com/news.html') [MISC]('https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5')[/TD] [/TR] [TR] [TD][LEFT]iterm2 -- iterm2[/LEFT][/TD] [TD][LEFT]iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46301]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46301') [MISC]('https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009') [MISC]('https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce') [MISC]('https://iterm2.com/news.html') [MISC]('https://github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b')[/TD] [/TR] [TR] [TD][LEFT]iterm2 -- iterm2[/LEFT][/TD] [TD][LEFT]iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46321]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46321') [MISC]('https://iterm2.com/downloads.html') [MISC]('https://gitlab.com/gnachman/iterm2/-/commit/de3d351e1bd3bc1c1a4f85fe976c592e497dd071')[/TD] [/TR] [TR] [TD][LEFT]iterm2 -- iterm2[/LEFT][/TD] [TD][LEFT]iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46322]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46322') [MISC]('https://iterm2.com/downloads.html') [MISC]('https://gitlab.com/gnachman/iterm2/-/commit/ef7bb84520013b2524df9787d4aa9f2c96746c01')[/TD] [/TR] [TR] [TD][LEFT]itop -- itop[/LEFT][/TD] [TD][LEFT]iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying [ICODE]pages/preferences.php[/ICODE], cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-34446]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-34446') [MISC]('https://github.com/Combodo/iTop/security/advisories/GHSA-q4pp-j46r-gm68') [MISC]('https://github.com/Combodo/iTop/commit/e3ba826e5dfd3b724f1ee97bebfd20ded3c70b10')[/TD] [/TR] [TR] [TD][LEFT]itop -- itop [/LEFT][/TD] [TD][LEFT]iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on [ICODE]pages/UI.php[/ICODE], cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-34447]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-34447') [MISC]('https://github.com/Combodo/iTop/commit/519751faa10b2fc5b75ea4516a1b8ef13ca35b33') [MISC]('https://github.com/Combodo/iTop/commit/b8f61362f570e1ef8127175331012b7fc8aba802') [MISC]('https://github.com/Combodo/iTop/security/advisories/GHSA-6rfm-2rwg-mj7p')[/TD] [/TR] [TR] [TD][LEFT]ivanti -- secure_access_client[/LEFT][/TD] [TD][LEFT]A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-38041]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38041') [MISC]('https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-to-address-a-privilege-escalation-on-Windows-user-machines?language=en_US')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- jenkins[/LEFT][/TD] [TD][LEFT]Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46650]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46650') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/2') [MISC]('https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3246')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- jenkins[/LEFT][/TD] [TD][LEFT]Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46651]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46651') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/2') [MISC]('https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3265')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- jenkins[/LEFT][/TD] [TD][LEFT]A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46652]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46652') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/2') [MISC]('https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3222')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- jenkins[/LEFT][/TD] [TD][LEFT]Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46653]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46653') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/2') [MISC]('https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3202')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- jenkins[/LEFT][/TD] [TD][LEFT]Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46654]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46654') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/2') [MISC]('https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3237')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- jenkins[/LEFT][/TD] [TD][LEFT]Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46655]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46655') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/2') [MISC]('https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3238')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- jenkins[/LEFT][/TD] [TD][LEFT]Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46656]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46656') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/2') [MISC]('https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2875')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- jenkins[/LEFT][/TD] [TD][LEFT]Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46657]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46657') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/2') [MISC]('https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2896')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- jenkins[/LEFT][/TD] [TD][LEFT]Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46658]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46658') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/2') [MISC]('https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2876')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- jenkins[/LEFT][/TD] [TD][LEFT]Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46659]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46659') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/2') [MISC]('https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3247')[/TD] [/TR] [TR] [TD][LEFT]jenkins -- jenkins[/LEFT][/TD] [TD][LEFT]Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46660]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46660') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/2') [MISC]('https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2879')[/TD] [/TR] [TR] [TD][LEFT]jose4j -- jose4j[/LEFT][/TD] [TD][LEFT]jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-31582]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-31582') [MISC]('https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then') [MISC]('https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md')[/TD] [/TR] [TR] [TD][LEFT]jumpserver -- jumpserver[/LEFT][/TD] [TD][LEFT]jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46123]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46123') [MISC]('https://github.com/jumpserver/jumpserver/security/advisories/GHSA-hvw4-766m-p89f') [MISC]('https://github.com/jumpserver/jumpserver/releases/tag/v3.8.0')[/TD] [/TR] [TR] [TD][LEFT]juzawebcms -- juzawebcms[/LEFT][/TD] [TD][LEFT]Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46467]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46467') [MISC]('https://www.sumor.top/index.php/archives/872/')[/TD] [/TR] [TR] [TD][LEFT]juzawebcms -- juzawebcms[/LEFT][/TD] [TD][LEFT]An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46468]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46468') [MISC]('https://www.sumor.top/index.php/archives/875/')[/TD] [/TR] [TR] [TD][LEFT]knot_resolver -- knot_resolver [/LEFT][/TD] [TD][LEFT]Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46317]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46317') [MISC]('https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1448') [MISC]('https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html')[/TD] [/TR] [TR] [TD][LEFT]kodbox -- kodbox[/LEFT][/TD] [TD][LEFT]kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45998]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45998') [MISC]('https://gist.github.com/fangjiuye/703fdb643db558640f23e4e7c9532348')[/TD] [/TR] [TR] [TD][LEFT]kubernetes -- ingress-nginx[/LEFT][/TD] [TD][LEFT]Ingress-nginx [ICODE]path[/ICODE] sanitization can be bypassed with [ICODE]log_format[/ICODE] directive.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-4886]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-4886') [MISC]('https://github.com/kubernetes/ingress-nginx/issues/10570') [MISC]('https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/5')[/TD] [/TR] [TR] [TD][LEFT]kubernetes -- ingress-nginx[/LEFT][/TD] [TD][LEFT]Ingress nginx annotation injection causes arbitrary command execution.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5043]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5043') [MISC]('https://github.com/kubernetes/ingress-nginx/issues/10571') [MISC]('https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/4')[/TD] [/TR] [TR] [TD][LEFT]kubernetes -- ingress-nginx[/LEFT][/TD] [TD][LEFT]Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5044]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5044') [MISC]('https://github.com/kubernetes/ingress-nginx/issues/10572') [MISC]('https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/25/3')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- app_store[/LEFT][/TD] [TD][LEFT]An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3611]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3611') [MISC]('https://iknow.lenovo.com.cn/detail/205280.html')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- elliptic_labs_virtual_lock_sensor[/LEFT][/TD] [TD][LEFT]A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-3112]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-3112') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-128081')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- hardwarescanplugin[/LEFT][/TD] [TD][LEFT]A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-0353]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-0353') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-102365') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-94532')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- hardwarescanplugin[/LEFT][/TD] [TD][LEFT]A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3698]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3698') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-102365') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-94532')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- hardwarescanplugin[/LEFT][/TD] [TD][LEFT]A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3699]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3699') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-102365') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-94532')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- hardwarescanplugin[/LEFT][/TD] [TD][LEFT]A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3702]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3702') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-94532')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- printer_gm265dn[/LEFT][/TD] [TD][LEFT]A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3429]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3429') [MISC]('https://iknow.lenovo.com.cn/detail/205041.html')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- printer_gm265dn[/LEFT][/TD] [TD][LEFT]A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-34886]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34886') [MISC]('https://iknow.lenovo.com.cn/detail/205041.html')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- printer_gm265dn[/LEFT][/TD] [TD][LEFT]Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-34887]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34887') [MISC]('https://iknow.lenovo.com.cn/detail/205041.html')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- thinksystem[/LEFT][/TD] [TD][LEFT]An authenticated XCC user with Read-Only permission can change a different user's password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-4606]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4606') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-140960')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- thinksystem[/LEFT][/TD] [TD][LEFT]An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-4608]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4608') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-140960')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- vantage_systemupdate_plugin[/LEFT][/TD] [TD][LEFT]A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3700]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3700') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-94532')[/TD] [/TR] [TR] [TD][LEFT]lenovo -- vantage_systemupdate_plugin[/LEFT][/TD] [TD][LEFT]A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3701]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3701') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-94532')[/TD] [/TR] [TR] [TD][LEFT]light-oauth2 -- light-oauth2[/LEFT][/TD] [TD][LEFT]light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-31580]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-31580') [MISC]('https://github.com/networknt/light-oauth2/issues/369') [MISC]('https://github.com/KANIXB/JWTIssues/blob/main/Certification%20Verification%20issue%20in%20light-oauth2.md')[/TD] [/TR] [TR] [TD][LEFT]linux -- kernel[/LEFT][/TD] [TD][LEFT]The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5633]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5633') [MISC]('https://access.redhat.com/security/cve/CVE-2023-5633') [MISC]('https://bugzilla.redhat.com/show_bug.cgi?id=2245663')[/TD] [/TR] [TR] [TD][LEFT]linux -- kernel [/LEFT][/TD] [TD][LEFT]An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46813]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46813') [MISC]('https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9') [MISC]('https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf') [MISC]('https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721') [MISC]('https://bugzilla.suse.com/show_bug.cgi?id=1212649') [MISC]('https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba')[/TD] [/TR] [TR] [TD][LEFT]linux -- kernel [/LEFT][/TD] [TD][LEFT]A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5717]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5717') [MISC]('https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06') [MISC]('https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06')[/TD] [/TR] [TR] [TD][LEFT]man-group -- dtale[/LEFT][/TD] [TD][LEFT]D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in version 3.7.0 by turning off "Custom Filter" input by default. The only workaround for versions earlier than 3.7.0 is to only host D-Tale to trusted users.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46134]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46134') [MISC]('https://github.com/man-group/dtale/security/advisories/GHSA-jq6c-r9xf-qxjm') [MISC]('https://github.com/man-group/dtale/commit/bf8c54ab2490803f45f0652a9a0e221a94d39668')[/TD] [/TR] [TR] [TD][LEFT]marbre_lapin_line -- marbre_lapin_line [/LEFT][/TD] [TD][LEFT]An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-38846]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38846') [MISC]('https://liff.line.me/1657925980-KmmGkje5') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38846.md')[/TD] [/TR] [TR] [TD][LEFT]matsuya_line -- matsuya_line [/LEFT][/TD] [TD][LEFT]The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39737]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39737') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39737.md') [MISC]('https://liff.line.me/1657535522-JD5Q5Yp1')[/TD] [/TR] [TR] [TD][LEFT]matter-labs -- era-compiler-vyper[/LEFT][/TD] [TD][LEFT]era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The problem arises when there is a String or Array with more 256-bit words allocated than initialized. It results in the second word's index unset, that is effectively set to 0, so the first immutable value with the actual 0 index is overwritten in the ImmutableSimulator. Version 1.3.10 fixes this issue by setting all indexes in advance. The problem will go away, but it will get more expensive if the user allocates a lot of uninitialized space, e.g. [ICODE]String[4096][/ICODE]. Upgrading and redeploying affected contracts is the only way of working around the issue.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46232]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46232') [MISC]('https://github.com/matter-labs/era-compiler-vyper/commit/8be305a1b9c68d0fd47dad3434224ed85944ca25') [MISC]('https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-h8jv-969m-94r4') [MISC]('https://github.com/matter-labs/era-system-contracts/blob/main/contracts/ImmutableSimulator.sol#L37')[/TD] [/TR] [TR] [TD][LEFT]memcached -- memcached[/LEFT][/TD] [TD][LEFT]In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46852]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46852') [MISC]('https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767') [MISC]('https://github.com/memcached/memcached/compare/1.6.21...1.6.22')[/TD] [/TR] [TR] [TD][LEFT]memcached -- memcached[/LEFT][/TD] [TD][LEFT]In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46853]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46853') [MISC]('https://github.com/memcached/memcached/compare/1.6.21...1.6.22') [MISC]('https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa')[/TD] [/TR] [TR] [TD][LEFT]mercury_a15 -- mercury_a15[/LEFT][/TD] [TD][LEFT]Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46518]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46518') [MISC]('https://service.mercurycom.com.cn/download-2341.html') [MISC]('https://github.com/XYIYM/Digging/blob/main/MERCURY/A15/1/1.md') [MISC]('https://www.mercurycom.com.cn/')[/TD] [/TR] [TR] [TD][LEFT]mintty -- mintty[/LEFT][/TD] [TD][LEFT]An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39726]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39726') [MISC]('https://dgl.cx/2023/09/ansi-terminal-security#mintty-osc50')[/TD] [/TR] [TR] [TD][LEFT]motorola -- mr2600_router[/LEFT][/TD] [TD][LEFT]A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-3681]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-3681') [MISC]('https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- firefox [/LEFT][/TD] [TD][LEFT]Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5722]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5722') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-45/') [MISC]('https://bugzilla.mozilla.org/show_bug.cgi?id=1738426')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- firefox [/LEFT][/TD] [TD][LEFT]An attacker with temporary script access to a site could have set a cookie containing invalid characters using [ICODE]document.cookie[/ICODE] that could have led to unknown errors. This vulnerability affects Firefox < 119.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5723]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5723') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-45/') [MISC]('https://bugzilla.mozilla.org/show_bug.cgi?id=1802057')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- firefox [/LEFT][/TD] [TD][LEFT]A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5729]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5729') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-45/') [MISC]('https://bugzilla.mozilla.org/show_bug.cgi?id=1823720')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- firefox [/LEFT][/TD] [TD][LEFT]Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5731]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5731') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-45/') [MISC]('https://bugzilla.mozilla.org/buglist.cgi?bug_id=1690111%2C1721904%2C1851803%2C1854068')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- firefox_for_ios[/LEFT][/TD] [TD][LEFT]When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5758]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5758') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-48/') [MISC]('https://bugzilla.mozilla.org/show_bug.cgi?id=1850019')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- multiple_products[/LEFT][/TD] [TD][LEFT]It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5721]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5721') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-45/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-47/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-46/') [MISC]('https://bugzilla.mozilla.org/show_bug.cgi?id=1830820') [MISC]('https://www.debian.org/security/2023/dsa-5535') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html') [MISC]('https://www.debian.org/security/2023/dsa-5538') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- multiple_products[/LEFT][/TD] [TD][LEFT]Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5724]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5724') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-45/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-47/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-46/') [MISC]('https://bugzilla.mozilla.org/show_bug.cgi?id=1836705') [MISC]('https://www.debian.org/security/2023/dsa-5535') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html') [MISC]('https://www.debian.org/security/2023/dsa-5538') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- multiple_products[/LEFT][/TD] [TD][LEFT]A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5725]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5725') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-45/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-47/') [MISC]('https://bugzilla.mozilla.org/show_bug.cgi?id=1845739') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-46/') [MISC]('https://www.debian.org/security/2023/dsa-5535') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html') [MISC]('https://www.debian.org/security/2023/dsa-5538') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- multiple_products[/LEFT][/TD] [TD][LEFT]A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. [I]Note: This issue only affected macOS operating systems. Other operating systems are unaffected.[/I] This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5726]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5726') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-45/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-47/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-46/') [MISC]('https://bugzilla.mozilla.org/show_bug.cgi?id=1846205')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- multiple_products[/LEFT][/TD] [TD][LEFT]The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. [I]Note: This issue only affected Windows operating systems. Other operating systems are unaffected.[/I] This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5727]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5727') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-45/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-47/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-46/') [MISC]('https://bugzilla.mozilla.org/show_bug.cgi?id=1847180')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- multiple_products[/LEFT][/TD] [TD][LEFT]During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5728]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5728') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-45/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-47/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-46/') [MISC]('https://bugzilla.mozilla.org/show_bug.cgi?id=1852729') [MISC]('https://www.debian.org/security/2023/dsa-5535') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html') [MISC]('https://www.debian.org/security/2023/dsa-5538') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- multiple_products[/LEFT][/TD] [TD][LEFT]Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5730]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5730') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-45/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-47/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-46/') [MISC]('https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695') [MISC]('https://www.debian.org/security/2023/dsa-5535') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html') [MISC]('https://www.debian.org/security/2023/dsa-5538') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html')[/TD] [/TR] [TR] [TD][LEFT]mozilla -- multiple_products[/LEFT][/TD] [TD][LEFT]An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5732]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5732') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-34/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-47/') [MISC]('https://www.mozilla.org/security/advisories/mfsa2023-46/') [MISC]('https://bugzilla.mozilla.org/show_bug.cgi?id=1690979') [MISC]('https://bugzilla.mozilla.org/show_bug.cgi?id=1836962') [MISC]('https://www.debian.org/security/2023/dsa-5535') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html') [MISC]('https://www.debian.org/security/2023/dsa-5538') [MISC]('https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html')[/TD] [/TR] [TR] [TD][LEFT]nanning_ontall_software_co._ltd. -- longxing_industrial_development_zone_project_construction_and_installation_management_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5828]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5828') [MISC]('https://vuldb.com/?ctiid.243727') [MISC]('https://vuldb.com/?id.243727') [MISC]('https://github.com/Echosssy/-SQL-injection/blob/main/%E5%8D%97%E5%AE%81%E5%B8%82%E5%AE%89%E6%8B%93%E8%BD%AF%E4%BB%B6%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8SQL%20injection.doc')[/TD] [/TR] [TR] [TD][LEFT]nautobot -- nautobot[/LEFT][/TD] [TD][LEFT]Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the [ICODE]?depth=[/ICODE] query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46128]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46128') [MISC]('https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hw-74xv-4gqp') [MISC]('https://github.com/nautobot/nautobot/pull/4692') [MISC]('https://github.com/nautobot/nautobot/commit/1ce8e5c658a075c29554d517cd453675e5d40d71')[/TD] [/TR] [TR] [TD][LEFT]netentsec -- ns-asg_application_security_gateway[/LEFT][/TD] [TD][LEFT]A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243590 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5784]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5784') [MISC]('https://vuldb.com/?ctiid.243590') [MISC]('https://vuldb.com/?id.243590') [MISC]('https://github.com/gb111d/ns-asg_poc/')[/TD] [/TR] [TR] [TD][LEFT]netentsec -- ns-asg_application_security_gateway[/LEFT][/TD] [TD][LEFT]A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5785]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5785') [MISC]('https://vuldb.com/?ctiid.243591') [MISC]('https://vuldb.com/?id.243591') [MISC]('https://github.com/ggg48966/cve/blob/main/NS-ASG-sql-addaddress_interpret.md')[/TD] [/TR] [TR] [TD][LEFT]netentsec -- ns-asg_application_security_gateway [/LEFT][/TD] [TD][LEFT]A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243716. NOTE: We tried to contact the vendor early about the disclosure, but the official mail address was not working properly.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5826]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5826') [MISC]('https://vuldb.com/?ctiid.243716') [MISC]('https://github.com/Cubi123123123/cve/blob/main/NS-ASG-sql-list_onlineuser.md') [MISC]('https://vuldb.com/?id.243716')[/TD] [/TR] [TR] [TD][LEFT]netmodule -- router_software [/LEFT][/TD] [TD][LEFT]The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46306]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46306') [MISC]('https://share.netmodule.com/public/system-software/4.8/4.8.0.101/NRSW-RN-4.8.0.101.pdf') [MISC]('https://share.netmodule.com/public/system-software/4.6/4.6.0.106/NRSW-RN-4.6.0.106.pdf') [MISC]('https://pentest.blog/advisory-netmodule-router-software-race-condition-leads-to-remote-code-execution/')[/TD] [/TR] [TR] [TD][LEFT]nextgen_healthcare -- mirth_connect[/LEFT][/TD] [TD][LEFT]NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43208]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43208') [MISC]('https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/')[/TD] [/TR] [TR] [TD][LEFT]npmjs -- npmjs_node_email_check[/LEFT][/TD] [TD][LEFT]ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39619]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39619') [MISC]('https://gist.github.com/6en6ar/712a4c1eab0324f15e09232c77ea08f8') [MISC]('https://www.npmjs.com/package/node-email-check') [MISC]('https://github.com/teomantuncer/node-email-check/blob/main/main.js,')[/TD] [/TR] [TR] [TD][LEFT]obl.ong -- obl.ong[/LEFT][/TD] [TD][LEFT]The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46754]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46754') [MISC]('https://github.com/obl-ong/admin/releases/tag/v1.1.2')[/TD] [/TR] [TR] [TD][LEFT]ocomon -- ocomon[/LEFT][/TD] [TD][LEFT]An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-33558]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-33558') [MISC]('https://github.com/ninj4c0d3r/OcoMon-Research') [MISC]('https://github.com/ninj4c0d3r/OcoMon-Research/commit/6357def478b11119270b89329fceb115f12c69fc')[/TD] [/TR] [TR] [TD][LEFT]ocomon -- ocomon[/LEFT][/TD] [TD][LEFT]A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-33559]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-33559') [MISC]('https://github.com/ninj4c0d3r/OcoMon-Research/commit/7459ff397f48b5356930c16c522331e39158461dv') [MISC]('https://github.com/ninj4c0d3r/OcoMon-Research')[/TD] [/TR] [TR] [TD][LEFT]omron_corporation -- cx-designer[/LEFT][/TD] [TD][LEFT]CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed may be disclosed.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43624]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43624') [MISC]('https://jvn.jp/en/vu/JVNVU98683567/') [MISC]('https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-011_en.pdf')[/TD] [/TR] [TR] [TD][LEFT]onigiriya-musubee_line -- onigiriya-musubee_line[/LEFT][/TD] [TD][LEFT]The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39740]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39740') [MISC]('https://liff.line.me/1657597257-0ozj8DwJ') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39740.md')[/TD] [/TR] [TR] [TD][LEFT]openssl -- openssl[/LEFT][/TD] [TD][LEFT]Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. It is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However, if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5363]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5363') [MISC]('https://www.openssl.org/news/secadv/20231024.txt') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/24/1') [MISC]('https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d') [MISC]('https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee') [MISC]('https://www.debian.org/security/2023/dsa-5532') [MISC]('https://security.netapp.com/advisory/ntap-20231027-0010/')[/TD] [/TR] [TR] [TD][LEFT]palantir -- palantir[/LEFT][/TD] [TD][LEFT]Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-30967]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-30967') [MISC]('https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b36f-4a6596a19d79')[/TD] [/TR] [TR] [TD][LEFT]pallets -- werkzeug[/LEFT][/TD] [TD][LEFT]Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46136]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46136') [MISC]('https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2') [MISC]('https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw')[/TD] [/TR] [TR] [TD][LEFT]parse_server -- parse_server[/LEFT][/TD] [TD][LEFT]Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46119]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46119') [MISC]('https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579') [MISC]('https://github.com/parse-community/parse-server/releases/tag/6.3.1') [MISC]('https://github.com/parse-community/parse-server/releases/tag/5.5.6') [MISC]('https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe') [MISC]('https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0')[/TD] [/TR] [TR] [TD][LEFT]pfsense_ce -- pfsense_ce[/LEFT][/TD] [TD][LEFT]Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-29973]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-29973') [MISC]('https://www.esecforte.com/cve-2023-29973-no-rate-limit/')[/TD] [/TR] [TR] [TD][LEFT]phpgurukul -- nipah_virus_testing_management_system[/LEFT][/TD] [TD][LEFT]Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46583]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46583') [MISC]('https://github.com/rumble773/sec-research/blob/main/NiV/CVE-2023-46583.md')[/TD] [/TR] [TR] [TD][LEFT]phpgurukul -- nipah_virus_testing_management_system[/LEFT][/TD] [TD][LEFT]SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46584]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46584') [MISC]('https://github.com/rumble773/sec-research/blob/main/NiV/CVE-2023-46584.md')[/TD] [/TR] [TR] [TD][LEFT]phpgurukul -- nipah_virus_testing_management_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5804]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5804') [MISC]('https://vuldb.com/?ctiid.243617') [MISC]('https://vuldb.com/?id.243617') [MISC]('https://github.com/JacksonStonee/Nipah-virus-NiV-Testing-Management-System-Using-PHP-and-MySQL-1.0-has-a-SQL-injection-vuln-login.php/blob/main/README.md')[/TD] [/TR] [TR] [TD][LEFT]phpgurukul -- online_railway_catering_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-243600.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5794]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5794') [MISC]('https://github.com/JacksonStonee/Online-Railway-Catering-System-1.0-has-a-SQL-injection-vulnerability-in-index.php/tree/main') [MISC]('https://vuldb.com/?ctiid.243600') [MISC]('https://vuldb.com/?id.243600')[/TD] [/TR] [TR] [TD][LEFT]ping_identity -- pingfederate[/LEFT][/TD] [TD][LEFT]When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-34085]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-34085') [MISC]('https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244') [MISC]('https://www.pingidentity.com/en/resources/downloads/pingfederate.html')[/TD] [/TR] [TR] [TD][LEFT]ping_identity -- pingfederate[/LEFT][/TD] [TD][LEFT]Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-37283]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-37283') [MISC]('https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244') [MISC]('https://www.pingidentity.com/en/resources/downloads/pingfederate.html')[/TD] [/TR] [TR] [TD][LEFT]ping_identity -- pingfederate[/LEFT][/TD] [TD][LEFT]PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39219]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39219') [MISC]('https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244') [MISC]('https://www.pingidentity.com/en/resources/downloads/pingfederate.html')[/TD] [/TR] [TR] [TD][LEFT]ping_identity -- pingfederate[/LEFT][/TD] [TD][LEFT]PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39231]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39231') [MISC]('https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394') [MISC]('https://www.pingidentity.com/en/resources/downloads/pingid.html')[/TD] [/TR] [TR] [TD][LEFT]ping_identity -- pingfederate[/LEFT][/TD] [TD][LEFT]A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39930]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39930') [MISC]('https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn') [MISC]('https://www.pingidentity.com/en/resources/downloads/pingfederate.html')[/TD] [/TR] [TR] [TD][LEFT]pip -- pip[/LEFT][/TD] [TD][LEFT]When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5752]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5752') [MISC]('https://mail.python.org/archives/list/[email protected]/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/') [MISC]('https://github.com/pypa/pip/pull/12306')[/TD] [/TR] [TR] [TD][LEFT]prestashop -- prestashop[/LEFT][/TD] [TD][LEFT]In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46346]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46346') [MISC]('https://security.friendsofpresta.org/modules/2023/10/24/exportproducts.html')[/TD] [/TR] [TR] [TD][LEFT]prestashop -- prestashop[/LEFT][/TD] [TD][LEFT]In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method [ICODE]NdkSpack::getPacks()[/ICODE] has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46347]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46347') [MISC]('https://security.friendsofpresta.org/modules/2023/10/24/ndk_steppingpack.html')[/TD] [/TR] [TR] [TD][LEFT]prestashop -- prestashop[/LEFT][/TD] [TD][LEFT]In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method [ICODE]ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate[/ICODE] has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46358]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46358') [MISC]('https://security.friendsofpresta.org/modules/2023/10/24/referralbyphone.html')[/TD] [/TR] [TR] [TD][LEFT]proxmox -- proxmox[/LEFT][/TD] [TD][LEFT]Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46854]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46854') [MISC]('https://git.proxmox.com/?p=proxmox-widget-toolkit.git;a=commit;h=89699c6466cfd9cc3a81fbc926b62f122c33c23c') [MISC]('https://git.proxmox.com/?p=proxmox-widget-toolkit.git;a=commit;h=1326f771b959e576d140da2249c8b5424da6c80d') [MISC]('https://pve.proxmox.com/wiki/Package_Repositories#sysadmin_test_repo')[/TD] [/TR] [TR] [TD][LEFT]rabbitmq -- rabbitmq[/LEFT][/TD] [TD][LEFT]RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46118]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46118') [MISC]('https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg')[/TD] [/TR] [TR] [TD][LEFT]rabbitmq -- rabbitmq [/LEFT][/TD] [TD][LEFT]The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. [ICODE]maxBodyLebgth[/ICODE] was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46120]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46120') [MISC]('https://github.com/rabbitmq/rabbitmq-java-client/releases/tag/v5.18.0') [MISC]('https://github.com/rabbitmq/rabbitmq-java-client/issues/1062') [MISC]('https://github.com/rabbitmq/rabbitmq-java-client/security/advisories/GHSA-mm8h-8587-p46h') [MISC]('https://github.com/rabbitmq/rabbitmq-java-client/commit/714aae602dcae6cb4b53cadf009323ebac313cc8')[/TD] [/TR] [TR] [TD][LEFT]radare2 -- radare2[/LEFT][/TD] [TD][LEFT]An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46569]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46569') [MISC]('https://github.com/radareorg/radare2/issues/22334') [MISC]('https://gist.github.com/gandalf4a/afeaf8cc958f95876f0ee245b8a002e8')[/TD] [/TR] [TR] [TD][LEFT]radare2 -- radare2[/LEFT][/TD] [TD][LEFT]An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46570]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46570') [MISC]('https://gist.github.com/gandalf4a/d7fa58f1b3418ef08ad244acccc10ba6') [MISC]('https://github.com/radareorg/radare2/issues/22333')[/TD] [/TR] [TR] [TD][LEFT]regina_sweets&bakery_line -- regina_sweets&bakery_line[/LEFT][/TD] [TD][LEFT]The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39739]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39739') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39739.md') [MISC]('https://liff.line.me/1656985266-EmlxqQQx')[/TD] [/TR] [TR] [TD][LEFT]remark42 -- remark42[/LEFT][/TD] [TD][LEFT]umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45966]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45966') [MISC]('https://github.com/jet-pentest/CVE-2023-45966') [MISC]('https://github.com/umputun/remark42/issues/1677')[/TD] [/TR] [TR] [TD][LEFT]rexroth -- ctrlx_hmi_web_panel[/LEFT][/TD] [TD][LEFT]The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the 'su' binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41255]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41255') [MISC]('https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html')[/TD] [/TR] [TR] [TD][LEFT]rexroth -- ctrlx_hmi_web_panel[/LEFT][/TD] [TD][LEFT]The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41960]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41960') [MISC]('https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html')[/TD] [/TR] [TR] [TD][LEFT]rexroth -- ctrlx_hmi_web_panel[/LEFT][/TD] [TD][LEFT]The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43488]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43488') [MISC]('https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html')[/TD] [/TR] [TR] [TD][LEFT]rexroth -- ctrlx_hmi_web_panel[/LEFT][/TD] [TD][LEFT]The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45220]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45220') [MISC]('https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html')[/TD] [/TR] [TR] [TD][LEFT]rexroth -- ctrlx_hmi_web_panel[/LEFT][/TD] [TD][LEFT]The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45844]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45844') [MISC]('https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html')[/TD] [/TR] [TR] [TD][LEFT]rexroth -- ctrlx_hmi_web_panel [/LEFT][/TD] [TD][LEFT]The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41372]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41372') [MISC]('https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html')[/TD] [/TR] [TR] [TD][LEFT]ritecms -- ritecms[/LEFT][/TD] [TD][LEFT]A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-44767]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44767') [MISC]('https://github.com/sromanhu/RiteCMS-File-Upload--XSS---Filemanager/blob/main/README.md')[/TD] [/TR] [TR] [TD][LEFT]rmc_r_beauty_clinic_line -- rmc_r_beauty_clinic_line[/LEFT][/TD] [TD][LEFT]An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-38848]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38848') [MISC]('https://liff.line.me/1657640647-Wk2xYj38') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38848.md')[/TD] [/TR] [TR] [TD][LEFT]rockwell_automation -- arena_simulation[/LEFT][/TD] [TD][LEFT]An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-27854]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27854') [MISC]('https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145')[/TD] [/TR] [TR] [TD][LEFT]rockwell_automation -- arena_simulation[/LEFT][/TD] [TD][LEFT]Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-27858]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27858') [MISC]('https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145')[/TD] [/TR] [TR] [TD][LEFT]rockwell_automation -- factorytalk[/LEFT][/TD] [TD][LEFT]Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46289]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46289') [MISC]('https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167')[/TD] [/TR] [TR] [TD][LEFT]rockwell_automation -- factorytalk[/LEFT][/TD] [TD][LEFT]Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46290]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46290') [MISC]('https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165')[/TD] [/TR] [TR] [TD][LEFT]samba -- samba[/LEFT][/TD] [TD][LEFT]A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5568]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5568') [MISC]('https://access.redhat.com/security/cve/CVE-2023-5568') [MISC]('https://bugzilla.redhat.com/show_bug.cgi?id=2245174') [MISC]('https://bugzilla.samba.org/show_bug.cgi?id=15491') [MISC]('https://www.samba.org/samba/history/samba-4.19.2.html')[/TD] [/TR] [TR] [TD][LEFT]satoken -- satoken[/LEFT][/TD] [TD][LEFT]An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43961]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43961') [MISC]('https://github.com/dromara/Sa-Token/issues/511')[/TD] [/TR] [TR] [TD][LEFT]satoken -- satoken[/LEFT][/TD] [TD][LEFT]An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-44794]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44794') [MISC]('https://github.com/dromara/Sa-Token/issues/515')[/TD] [/TR] [TR] [TD][LEFT]sbt -- sbt[/LEFT][/TD] [TD][LEFT]sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, [ICODE]IO.unzip[/ICODE] allows writing of arbitrary file. This would have potential to overwrite [ICODE]/root/.ssh/authorized_keys[/ICODE]. Within sbt's main code, [ICODE]IO.unzip[/ICODE] is used in [ICODE]pullRemoteCache[/ICODE] task and [ICODE]Resolvers.remote[/ICODE]; however many projects use [ICODE]IO.unzip(...)[/ICODE] directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46122]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46122') [MISC]('https://github.com/sbt/io/issues/358') [MISC]('https://github.com/sbt/sbt/security/advisories/GHSA-h9mw-grgx-2fhf') [MISC]('https://github.com/sbt/io/commit/124538348db0713c80793cb57b915f97ec13188a') [MISC]('https://github.com/sbt/io/pull/360')[/TD] [/TR] [TR] [TD][LEFT]sd-webui-infinite-image-browsing -- sd-webui-infinite-image-browsing[/LEFT][/TD] [TD][LEFT]The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.[/LEFT][/TD] [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46315]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46315') [MISC]('https://github.com/zanllp/sd-webui-infinite-image-browsing/pull/368/commits/977815a2b28ad953c10ef0114c365f698c4b8f19') [MISC]('https://github.com/zanllp/sd-webui-infinite-image-browsing/issues/387')[/TD] [/TR] [TR] [TD][LEFT]seacms -- seacms[/LEFT][/TD] [TD][LEFT]An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46010]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46010') [MISC]('https://blog.csdn.net/DGS666/article/details/133795200?spm=1001.2014.3001.5501') [MISC]('http://seacms.com')[/TD] [/TR] [TR] [TD][LEFT]shaanxi_chanming_education_technology -- score_query_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in Shaanxi Chanming Education Technology Score Query System 5.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument stuIdCard leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243593 was assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5787]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5787') [MISC]('https://vuldb.com/?ctiid.243593') [MISC]('https://vuldb.com/?id.243593') [MISC]('https://github.com/Echosssy/-SQL-injection-exists-in-the-score-query-system/blob/main/README.md')[/TD] [/TR] [TR] [TD][LEFT]shanghai_cti_navigation -- cti_monitoring_and_early_warning_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-243717 was assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5827]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5827') [MISC]('https://vuldb.com/?ctiid.243717') [MISC]('https://vuldb.com/?id.243717') [MISC]('https://github.com/Ox1dq/cve/blob/main/rce.md')[/TD] [/TR] [TR] [TD][LEFT]sick_ag -- fx0-gmod00000[/LEFT][/TD] [TD][LEFT]Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5246]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5246') [MISC]('https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.pdf') [MISC]('https://sick.com/psirt') [MISC]('https://sick.com/.well-known/csaf/white/2023/sca-2023-0011.json')[/TD] [/TR] [TR] [TD][LEFT]sielco -- analog_fm_transmitter[/LEFT][/TD] [TD][LEFT]The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41966]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41966') [MISC]('https://www.sielco.org/en/contacts') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08')[/TD] [/TR] [TR] [TD][LEFT]sielco -- analog_fm_transmitter[/LEFT][/TD] [TD][LEFT]The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-42769]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-42769') [MISC]('https://www.sielco.org/en/contacts') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08')[/TD] [/TR] [TR] [TD][LEFT]sielco -- analog_fm_transmitter[/LEFT][/TD] [TD][LEFT]The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45228]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45228') [MISC]('https://www.sielco.org/en/contacts') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08')[/TD] [/TR] [TR] [TD][LEFT]sielco -- analog_fm_transmitter[/LEFT][/TD] [TD][LEFT]The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45317]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45317') [MISC]('https://www.sielco.org/en/contacts') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08')[/TD] [/TR] [TR] [TD][LEFT]sielco_ -- polyeco1000[/LEFT][/TD] [TD][LEFT]Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46661]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46661') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07')[/TD] [/TR] [TR] [TD][LEFT]sielco_ -- polyeco1000[/LEFT][/TD] [TD][LEFT]Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46662]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46662') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07')[/TD] [/TR] [TR] [TD][LEFT]sielco_ -- polyeco1000[/LEFT][/TD] [TD][LEFT]Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46663]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46663') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07')[/TD] [/TR] [TR] [TD][LEFT]sielco_ -- polyeco1000[/LEFT][/TD] [TD][LEFT]Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46664]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46664') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07')[/TD] [/TR] [TR] [TD][LEFT]sielco_ -- polyeco1000[/LEFT][/TD] [TD][LEFT]Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46665]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46665') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07')[/TD] [/TR] [TR] [TD][LEFT]sielco_ -- polyeco1000[/LEFT][/TD] [TD][LEFT]Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5754]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5754') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07')[/TD] [/TR] [TR] [TD][LEFT]sielco_ -- polyeco1000 [/LEFT][/TD] [TD][LEFT]Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-0897]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-0897') [MISC]('https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07')[/TD] [/TR] [TR] [TD][LEFT]silicon_labs -- ember_znet_sdk[/LEFT][/TD] [TD][LEFT]Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41096]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41096') [MISC]('https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1')[/TD] [/TR] [TR] [TD][LEFT]silicon_labs -- openthread_sdk[/LEFT][/TD] [TD][LEFT]Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41095]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41095') [MISC]('https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1')[/TD] [/TR] [TR] [TD][LEFT]sisqualwfm -- sisqualwfm[/LEFT][/TD] [TD][LEFT]The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-36085]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-36085') [MISC]('https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-Header-Injection-CVE-2023-36085')[/TD] [/TR] [TR] [TD][LEFT]sonicwall -- directory_services_connector[/LEFT][/TD] [TD][LEFT]A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-44219]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44219') [MISC]('https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0016')[/TD] [/TR] [TR] [TD][LEFT]sonicwall -- netextender_windows[/LEFT][/TD] [TD][LEFT]SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-44220]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44220') [MISC]('https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0017')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- file_manager_app[/LEFT][/TD] [TD][LEFT]A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5790]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5790') [MISC]('https://vuldb.com/?ctiid.243595') [MISC]('https://vuldb.com/?id.243595') [MISC]('https://github.com/Yp1oneer/cve_hub/blob/main/File%20Manager%20App/Unrestricted%20File%20Upload.pdf')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- free_and_open_source_inventory_management_system[/LEFT][/TD] [TD][LEFT]Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46449]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46449') [MISC]('https://www.youtube.com/watch?v=H5QnsOKjs3s') [MISC]('https://github.com/sajaljat/CVE-2023-46449/tree/main')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- free_and_open_source_inventory_management_system[/LEFT][/TD] [TD][LEFT]Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46450]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46450') [MISC]('https://youtu.be/LQy0_xIK2q0') [MISC]('https://github.com/yte121/-CVE-2023-46450/')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- simple_real_estate_portal_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in SourceCodester Simple Real Estate Portal System 1.0. It has been classified as critical. Affected is an unknown function of the file view_estate.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243618 is the identifier assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5805]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5805') [MISC]('https://vuldb.com/?ctiid.243618') [MISC]('https://vuldb.com/?id.243618') [MISC]('https://github.com/lxxcute/Bug/blob/main/Real%20Estate%20Portal%20System%20view_estate.php%20has%20Sqlinjection.pdf')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- sticky_notes_app[/LEFT][/TD] [TD][LEFT]A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5791]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5791') [MISC]('https://github.com/Yp1oneer/cve_hub/blob/main/Sticky%20Notes%20App/Cross%20Site%20Scripting.pdf') [MISC]('https://vuldb.com/?ctiid.243597') [MISC]('https://vuldb.com/?id.243597')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- sticky_notes_app[/LEFT][/TD] [TD][LEFT]A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5792]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5792') [MISC]('https://github.com/Yp1oneer/cve_hub/blob/main/Sticky%20Notes%20App/SQL%20Injection-1.pdf') [MISC]('https://vuldb.com/?ctiid.243598') [MISC]('https://vuldb.com/?id.243598')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- task_reminder_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_reminder. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243644.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5813]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5813') [MISC]('https://vuldb.com/?ctiid.243644') [MISC]('https://vuldb.com/?id.243644')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- task_reminder_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-243645 was assigned to this vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5814]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5814') [MISC]('https://vuldb.com/?ctiid.243645') [MISC]('https://vuldb.com/?id.243645')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- task_reminder_system[/LEFT][/TD] [TD][LEFT]A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243800.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5836]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5836') [MISC]('https://vuldb.com/?id.243800') [MISC]('https://vuldb.com/?ctiid.243800')[/TD] [/TR] [TR] [TD][LEFT]sourcecodester -- packers_and_movers_management_system[/LEFT][/TD] [TD][LEFT]Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46435]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46435') [MISC]('https://github.com/kirra-max/bug_reports/blob/main/packers-and-movers-management-system-phpoop-free-source-code/SQL-1.md')[/TD] [/TR] [TR] [TD][LEFT]stb_image.h -- stb_image.h [/LEFT][/TD] [TD][LEFT]Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43281]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43281') [MISC]('https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac') [MISC]('https://github.com/peccc/double-stb')[/TD] [/TR] [TR] [TD][LEFT]stellar -- rs-stellar-strkey[/LEFT][/TD] [TD][LEFT]rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.[ICODE]inner_payload_len[/ICODE] should not above 64. This vulnerability has been patched in version 0.0.8.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46135]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46135') [MISC]('https://github.com/stellar/rs-stellar-strkey/issues/58') [MISC]('https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f')[/TD] [/TR] [TR] [TD][LEFT]sugarcrm -- sugarcrm[/LEFT][/TD] [TD][LEFT]An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46815]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46815') [MISC]('https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-011/')[/TD] [/TR] [TR] [TD][LEFT]sugarcrm -- sugarcrm[/LEFT][/TD] [TD][LEFT]An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46816]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46816') [MISC]('https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-010/')[/TD] [/TR] [TR] [TD][LEFT]synology -- camera_firmware[/LEFT][/TD] [TD][LEFT]A vulnerability regarding use of externally controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5746]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5746') [MISC]('https://www.synology.com/en-global/security/advisory/Synology_SA_23_11')[/TD] [/TR] [TR] [TD][LEFT]tenable -- nessus_network_monitor[/LEFT][/TD] [TD][LEFT]Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5622]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5622') [MISC]('https://www.tenable.com/security/tns-2023-34')[/TD] [/TR] [TR] [TD][LEFT]tenable -- nessus_network_monitor[/LEFT][/TD] [TD][LEFT]NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5623]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5623') [MISC]('https://www.tenable.com/security/tns-2023-34')[/TD] [/TR] [TR] [TD][LEFT]tenable -- nessus_network_monitor[/LEFT][/TD] [TD][LEFT]Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5624]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5624') [MISC]('https://www.tenable.com/security/tns-2023-34')[/TD] [/TR] [TR] [TD][LEFT]tenda -- w18e[/LEFT][/TD] [TD][LEFT]Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46369]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46369') [MISC]('https://github.com/Archerber/bug_submit/blob/main/Tenda/W18E/bug1.md')[/TD] [/TR] [TR] [TD][LEFT]tenda -- w18e[/LEFT][/TD] [TD][LEFT]Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46370]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46370') [MISC]('https://github.com/Archerber/bug_submit/blob/main/Tenda/W18E/bug2.md')[/TD] [/TR] [TR] [TD][LEFT]tibco_software_inc. -- tibco_hawk[/LEFT][/TD] [TD][LEFT]The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console's and Agent's log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-26219]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-26219') [MISC]('https://www.tibco.com/services/support/advisories')[/TD] [/TR] [TR] [TD][LEFT]tire-sales_line -- tire-sales_line[/LEFT][/TD] [TD][LEFT]An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-38849]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-38849') [MISC]('https://liff.line.me/1657203739-yvGg5PjN') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38849.md')[/TD] [/TR] [TR] [TD][LEFT]tokueimaru_waiting_line -- ztokueimaru_waiting_line[/LEFT][/TD] [TD][LEFT]The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39732]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39732') [MISC]('https://liff.line.me/1657574837-elb6bNQj') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39732.md')[/TD] [/TR] [TR] [TD][LEFT]tongda -- oa[/LEFT][/TD] [TD][LEFT]A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5780]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5780') [MISC]('https://vuldb.com/?ctiid.243586') [MISC]('https://vuldb.com/?id.243586') [MISC]('https://github.com/RCEraser/cve/blob/main/sql_inject_5.md')[/TD] [/TR] [TR] [TD][LEFT]tongda -- oa[/LEFT][/TD] [TD][LEFT]A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5781]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5781') [MISC]('https://github.com/wangxinyudad/cve/blob/main/sql.md') [MISC]('https://vuldb.com/?ctiid.243587') [MISC]('https://vuldb.com/?id.243587')[/TD] [/TR] [TR] [TD][LEFT]tongda -- oa[/LEFT][/TD] [TD][LEFT]A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/delete_query.php of the component General News. The manipulation of the argument NEWS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243588. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5782]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5782') [MISC]('https://github.com/Charmeeeeee/Tongda-OA-repo/blob/main/Tongda_OA_Vulnerability_Report.md') [MISC]('https://vuldb.com/?ctiid.243588') [MISC]('https://vuldb.com/?id.243588')[/TD] [/TR] [TR] [TD][LEFT]tongda -- oa[/LEFT][/TD] [TD][LEFT]A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the argument id/sort_parent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243589 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5783]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5783') [MISC]('https://github.com/halleyakina/cve/blob/main/sql.md') [MISC]('https://vuldb.com/?ctiid.243589') [MISC]('https://vuldb.com/?id.243589')[/TD] [/TR] [TR] [TD][LEFT]tonton-tei_line -- tonton-tei_line[/LEFT][/TD] [TD][LEFT]The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39733]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39733') [MISC]('https://liff.line.me/1656987103-bk5k9PO4') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39733.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46540]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46540') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/11/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46541]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46541') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/10/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46542]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46542') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/13/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46543]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46543') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/16/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46544]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46544') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/14/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46545]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46545') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/17/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46546]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46546') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/15/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46547]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46547') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/12/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46548]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46548') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/1/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46549]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46549') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/18/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46550]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46550') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/21/1.md#2firmware-download-address') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46551]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46551') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/2/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46552]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46552') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/19/1.md') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x2000r_firmware [/LEFT][/TD] [TD][LEFT]TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46553]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46553') [MISC]('https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/5/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46408]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46408') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/16/1.md') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46409]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46409') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/13/1.md') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46410]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46410') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/10/1.md') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46411]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46411') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/11/1.md') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46412]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46412') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/15/1.md') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46413]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46413') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/1/1.md') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46414]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46414') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/14/1.md') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46415]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46415') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/17/1.md') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46416]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46416') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/12/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46417]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46417') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/2/1.md') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46418]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46418') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/7/1.md') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46419]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46419') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/6/1.md') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46420]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46420') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/5/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46421]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46421') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/8/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46422]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46422') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/9/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46423]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46423') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/4/1.md')[/TD] [/TR] [TR] [TD][LEFT]totolink -- x6000r_firmware[/LEFT][/TD] [TD][LEFT]TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46424]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46424') [MISC]('https://www.totolink.cn/index.php/home/menu/detail.html?menu_listtpl=download&id=88&ids=36') [MISC]('https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X6000R/3/1.md')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wdr7660[/LEFT][/TD] [TD][LEFT]TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46371]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46371') [MISC]('https://github.com/Archerber/bug_submit/blob/main/TP-Link/TL-WDR7660/2.md')[/TD] [/TR] [TR] [TD][LEFT]tp-link -- tl-wdr7660[/LEFT][/TD] [TD][LEFT]TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46373]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46373') [MISC]('https://github.com/Archerber/bug_submit/blob/main/TP-Link/TL-WDR7660/3.md')[/TD] [/TR] [TR] [TD][LEFT]traceroute -- traceroute[/LEFT][/TD] [TD][LEFT]In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46316]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46316') [MISC]('https://security-tracker.debian.org/tracker/CVE-2023-46316') [MISC]('https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/')[/TD] [/TR] [TR] [TD][LEFT]twisted -- twisted[/LEFT][/TD] [TD][LEFT]Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46137]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46137') [MISC]('https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm')[/TD] [/TR] [TR] [TD][LEFT]ubiquiti -- unifi_network_application[/LEFT][/TD] [TD][LEFT]Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-41721]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-41721') [MISC]('https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615')[/TD] [/TR] [TR] [TD][LEFT]ubuntu -- ubuntu_grub2[/LEFT][/TD] [TD][LEFT]An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-4692]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4692') [MISC]('https://access.redhat.com/security/cve/CVE-2023-4692') [MISC]('https://bugzilla.redhat.com/show_bug.cgi?id=2236613') [MISC]('https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/') [MISC]('https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html') [MISC]('https://seclists.org/oss-sec/2023/q4/37')[/TD] [/TR] [TR] [TD][LEFT]ubuntu -- ubuntu_grub2[/LEFT][/TD] [TD][LEFT]An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-4693]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4693') [MISC]('https://bugzilla.redhat.com/show_bug.cgi?id=2238343') [MISC]('https://access.redhat.com/security/cve/CVE-2023-4693') [MISC]('https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/') [MISC]('https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html') [MISC]('https://seclists.org/oss-sec/2023/q4/37')[/TD] [/TR] [TR] [TD][LEFT]univention -- ucs@school[/LEFT][/TD] [TD][LEFT]Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2020-17477]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-17477') [MISC]('https://forge.univention.org/bugzilla/show_bug.cgi?id=50669')[/TD] [/TR] [TR] [TD][LEFT]uomasa_saiji_news_line -- uomasa_saiji_news_line[/LEFT][/TD] [TD][LEFT]The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39735]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39735') [MISC]('https://liff.line.me/1657409177-MkPLqO5D') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39735.md')[/TD] [/TR] [TR] [TD][LEFT]uvdesk_community_skeleton -- uvdesk_community_skeleton[/LEFT][/TD] [TD][LEFT]UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-37635]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-37635') [MISC]('https://www.esecforte.com/cve-2023-37635-login-bruteforce/')[/TD] [/TR] [TR] [TD][LEFT]uvdesk_community_skeleton -- uvdesk_community_skeleton[/LEFT][/TD] [TD][LEFT]A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-37636]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-37636') [MISC]('https://www.esecforte.com/cve-2023-37636-stored-cross-site-scripting/')[/TD] [/TR] [TR] [TD][LEFT]vermeg -- agilereporter[/LEFT][/TD] [TD][LEFT]An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-34832]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34832') [MISC]('https://crashpark.weebly.com/blog/xxe-in-agilereporter-213-by-vermeg') [MISC]('https://www.vermeg.com/agile-reporter/')[/TD] [/TR] [TR] [TD][LEFT]vermeg -- agilereporter[/LEFT][/TD] [TD][LEFT]An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-34833]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34833') [MISC]('https://crashpark.weebly.com/blog/1-stored-xss-in-agilereporter-213-by-vermeg') [MISC]('https://www.vermeg.com/agile-reporter/')[/TD] [/TR] [TR] [TD][LEFT]vermeg -- agilereporter[/LEFT][/TD] [TD][LEFT]An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2022-34834]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-34834') [MISC]('https://www.vermeg.com/agile-reporter/') [MISC]('https://crashpark.weebly.com/blog/2-stored-xss-in-agilereporter-213-by-vermeg')[/TD] [/TR] [TR] [TD][LEFT]viessmann -- vitogate_300[/LEFT][/TD] [TD][LEFT]A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5702]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5702') [MISC]('https://github.com/GTA12138/vul/blob/main/Viessmann/Vitogate300_Document_Unauthorized_Access.md') [MISC]('https://vuldb.com/?ctiid.243140') [MISC]('https://vuldb.com/?id.243140')[/TD] [/TR] [TR] [TD][LEFT]vim -- vim[/LEFT][/TD] [TD][LEFT]Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function [ICODE]ga_grow_inner[/ICODE] in in the file [ICODE]src/alloc.c[/ICODE] at line 748, which is freed in the file [ICODE]src/ex_docmd.c[/ICODE] in the function [ICODE]do_cmdline[/ICODE] at line 1010 and then used again in [ICODE]src/cmdhist.c[/ICODE] at line 759. When using the [ICODE]:history[/ICODE] command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46246]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46246') [MISC]('https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm') [MISC]('https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a')[/TD] [/TR] [TR] [TD][LEFT]vinchin -- backup_&_recovery[/LEFT][/TD] [TD][LEFT]VinChin Backup & Recovery v5.0.[I], v6.0.[/I], v6.7.[I], and v7.0.[/I] was discovered to contain a command injection vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45498]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45498') [MISC]('https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/') [FULLDISC]('http://seclists.org/fulldisclosure/2023/Oct/31')[/TD] [/TR] [TR] [TD][LEFT]vinchin -- backup_&_recovery[/LEFT][/TD] [TD][LEFT]VinChin Backup & Recovery v5.0.[I], v6.0.[/I], v6.7.[I], and v7.0.[/I] was discovered to contain hardcoded credentials.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45499]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45499') [MISC]('https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/') [FULLDISC]('http://seclists.org/fulldisclosure/2023/Oct/31')[/TD] [/TR] [TR] [TD][LEFT]vision_meat_works_trackdiner10/10_mc_line -- vision_meat_works_trackdiner10/10_mc_line[/LEFT][/TD] [TD][LEFT]The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39734]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39734') [MISC]('https://liff.line.me/1660679145-eMKgg4rJ') [MISC]('https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39734.md')[/TD] [/TR] [TR] [TD][LEFT]vmware -- open-vm-tools[/LEFT][/TD] [TD][LEFT]open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-34059]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-34059') [MISC]('https://www.vmware.com/security/advisories/VMSA-2023-0024.html') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/27/2') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/27/3')[/TD] [/TR] [TR] [TD][LEFT]vmware -- vcenter_server[/LEFT][/TD] [TD][LEFT]vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-34048]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-34048') [MISC]('https://www.vmware.com/security/advisories/VMSA-2023-0023.html')[/TD] [/TR] [TR] [TD][LEFT]vmware -- vcenter_server[/LEFT][/TD] [TD][LEFT]vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-34056]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-34056') [MISC]('https://www.vmware.com/security/advisories/VMSA-2023-0023.html')[/TD] [/TR] [TR] [TD][LEFT]vmware -- vmware_tools[/LEFT][/TD] [TD][LEFT]VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-34057]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-34057') [MISC]('https://www.vmware.com/security/advisories/VMSA-2023-0024.html')[/TD] [/TR] [TR] [TD][LEFT]vmware -- vmware_tools[/LEFT][/TD] [TD][LEFT]VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-34058]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-34058') [MISC]('https://www.vmware.com/security/advisories/VMSA-2023-0024.html') [MISC]('http://www.openwall.com/lists/oss-security/2023/10/27/1')[/TD] [/TR] [TR] [TD][LEFT]vue.js -- vue.js_devtools[/LEFT][/TD] [TD][LEFT]The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard [ICODE]postMessage()[/ICODE] API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e., a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5718]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5718') [MISC]('https://gist.github.com/CalumHutton/bdb97077a66021ed455f87823cd7c7cb')[/TD] [/TR] [TR] [TD][LEFT]wabt -- wabt[/LEFT][/TD] [TD][LEFT]WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46331]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46331') [MISC]('https://github.com/WebAssembly/wabt/issues/2310')[/TD] [/TR] [TR] [TD][LEFT]wabt -- wabt[/LEFT][/TD] [TD][LEFT]WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.[/LEFT][/TD] [TD][CENTER]2023-10-23[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46332]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46332') [MISC]('https://github.com/WebAssembly/wabt/issues/2311')[/TD] [/TR] [TR] [TD][LEFT]wenwenaicms -- wenwenaicms[/LEFT][/TD] [TD][LEFT]Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45990]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45990') [MISC]('https://github.com/PwnCYN/Wenwenai/issues/2')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Print, PDF, Email by PrintFriendly plugin td> [TD][CENTER]2023-10-25[/CENTER][/LEFT][/TD][LEFT] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-25032]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-25032') [MISC]('https://patchstack.com/database/vulnerability/printfriendly/wordpress-print-pdf-email-by-printfriendly-plugin-5-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin td> [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-30492]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-30492') [MISC]('https://patchstack.com/database/vulnerability/minimum-purchase-for-woocommerce/wordpress-minimum-purchase-for-woocommerce-plugin-2-0-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin td> [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-32116]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-32116') [MISC]('https://patchstack.com/database/vulnerability/custom-post-types/wordpress-custom-post-types-plugin-4-0-12-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin td> [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-32738]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-32738') [MISC]('https://patchstack.com/database/vulnerability/eonet-manual-user-approve/wordpress-eonet-manual-user-approve-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-39924]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-39924') [MISC]('https://patchstack.com/database/vulnerability/simple-file-list/wordpress-simple-file-list-plugin-6-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress[/LEFT][/TD] [TD][LEFT]The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5774]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5774') [MISC]('https://drive.google.com/file/d/1zXWW545ktCznO36k90AN0APhTz8ky-gG/view?usp=sharing') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/33c2756d-c300-479f-b3aa-8f22c3a70278?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset/2984228/')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike - Most Advanced WordPress Marketing Toolkit plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45640]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45640') [MISC]('https://patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Keung Peter's Custom Anti-Spam plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45759]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45759') [MISC]('https://patchstack.com/database/vulnerability/peters-custom-anti-spam-image/wordpress-peter-s-custom-anti-spam-plugin-3-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson WP GoToWebinar plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45832]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45832') [MISC]('https://patchstack.com/database/vulnerability/wp-gotowebinar/wordpress-wp-gotowebinar-plugin-14-45-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LeadSquared Suite plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45833]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45833') [MISC]('https://patchstack.com/database/vulnerability/leadsquared-suite/wordpress-leadsquared-suite-plugin-0-7-4-cross-site-scripting-xss?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45835]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45835') [MISC]('https://patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ultimate Taxonomy Manager plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45837]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45837') [MISC]('https://patchstack.com/database/vulnerability/ultimate-taxonomy-manager/wordpress-ultimate-taxonomy-manager-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQueue GmbH Maileon for WordPress plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46068]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46068') [MISC]('https://patchstack.com/database/vulnerability/xqueue-maileon/wordpress-maileon-plugin-2-16-0-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Osmansorkar Ajax Archive Calendar plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46069]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46069') [MISC]('https://patchstack.com/database/vulnerability/ajax-archive-calendar/wordpress-ajax-archive-calendar-plugin-2-6-7-cross-site-scripting-xss-vulnerability-2?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]An authenticated XCC user can change permissions for any user through a crafted API command.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-4607]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-4607') [MISC]('https://support.lenovo.com/us/en/product_security/LEN-140960')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel GEORJON EG-Attachments plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46070]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46070') [MISC]('https://patchstack.com/database/vulnerability/eg-attachments/wordpress-eg-attachments-plugin-2-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDatos Protección de Datos RGPD plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46071]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46071') [MISC]('https://patchstack.com/database/vulnerability/click-datos-lopd/wordpress-proteccion-de-datos-rgpd-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin td> [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46072]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46072') [MISC]('https://patchstack.com/database/vulnerability/add-actions-and-filters/wordpress-add-shortcodes-actions-and-filters-plugin-2-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin td> [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46074]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46074') [MISC]('https://patchstack.com/database/vulnerability/freshmail-integration/wordpress-freshmail-for-wordpress-plugin-2-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin td> [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46075]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46075') [MISC]('https://patchstack.com/database/vulnerability/contact-forms-builder/wordpress-contact-form-builder-contact-widget-plugin-2-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin td> [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46076]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46076') [MISC]('https://patchstack.com/database/vulnerability/woo-pdf-invoice-builder/wordpress-woocommerce-pdf-invoice-builder-plugin-1-2-100-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed - Custom Feed plugin td> [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46077]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46077') [MISC]('https://patchstack.com/database/vulnerability/wp-facebook-feed/wordpress-the-awesome-feed-custom-feed-plugin-2-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin td> [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46081]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46081') [MISC]('https://patchstack.com/database/vulnerability/lava-directory-manager/wordpress-lava-directory-manager-plugin-1-1-34-unauth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin td> [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46085]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46085') [MISC]('https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin td> [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46088]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46088') [MISC]('https://patchstack.com/database/vulnerability/wp-full-stripe-free/wordpress-wp-full-stripe-free-plugin-1-6-1-cross-site-scripting-xss-vulnerability-2?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin td> [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46089]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46089') [MISC]('https://patchstack.com/database/vulnerability/userback/wordpress-userback-plugin-1-0-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado WDSocialWidgets plugin td> [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46090]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46090') [MISC]('https://patchstack.com/database/vulnerability/spider-facebook/wordpress-wdsocialwidgets-plugin-1-0-15-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin td> [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46091]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46091') [MISC]('https://patchstack.com/database/vulnerability/category-seo-meta-tags/wordpress-category-seo-meta-tags-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LionScripts.Com Webmaster Tools plugin td> [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46093]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46093') [MISC]('https://patchstack.com/database/vulnerability/webmaster-tools/wordpress-webmaster-tools-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin td> [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46094]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46094') [MISC]('https://patchstack.com/database/vulnerability/enhanced-e-commerce-for-woocommerce-store/wordpress-conversios-io-plugin-6-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin td> [TD][CENTER]2023-10-22[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46095]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46095') [MISC]('https://patchstack.com/database/vulnerability/smooth-scrolling-links-ssl/wordpress-smooth-scroll-links-ssl-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46150]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46150') [MISC]('https://patchstack.com/database/vulnerability/wp-radio/wordpress-wp-radio-worldwide-online-radio-stations-directory-for-wordpress-plugin-3-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46151]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46151') [MISC]('https://patchstack.com/database/vulnerability/product-category-tree/wordpress-product-category-tree-plugin-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46152]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46152') [MISC]('https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-plugin-1-0-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin td> [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46153]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46153') [MISC]('https://patchstack.com/database/vulnerability/userfeedback-lite/wordpress-user-feedback-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar - Google Calendar Plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46189]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46189') [MISC]('https://patchstack.com/database/vulnerability/google-calendar-events/wordpress-google-calendar-events-plugin-3-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46190]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46190') [MISC]('https://patchstack.com/database/vulnerability/novo-map/wordpress-novo-map-your-wp-posts-on-custom-google-maps-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46191]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46191') [MISC]('https://patchstack.com/database/vulnerability/open-graph-metabox/wordpress-open-graph-metabox-plugin-1-4-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin td> [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46192]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46192') [MISC]('https://patchstack.com/database/vulnerability/internal-link-building-plugin/wordpress-internal-link-building-plugin-1-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing Ninjas Internal Link Building plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46193]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46193') [MISC]('https://patchstack.com/database/vulnerability/internal-link-building-plugin/wordpress-internal-link-building-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist - Custom Archive Templates plugin td> [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46194]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46194') [MISC]('https://patchstack.com/database/vulnerability/archivist-custom-archive-templates/wordpress-archivist-custom-archive-templates-plugin-1-7-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46198]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46198') [MISC]('https://patchstack.com/database/vulnerability/appointment-calendar/wordpress-appointment-calendar-plugin-2-9-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin td> [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46199]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46199') [MISC]('https://patchstack.com/database/vulnerability/triberr-wordpress-plugin/wordpress-triberr-plugin-4-1-1-cross-site-scripting-xss?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin td> [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46200]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46200') [MISC]('https://patchstack.com/database/vulnerability/smart-app-banner/wordpress-smart-app-banner-plugin-1-1-3-cross-site-scripting-xss?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46202]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46202') [MISC]('https://patchstack.com/database/vulnerability/auto-login-new-user-after-registration/wordpress-auto-login-new-user-after-registration-plugin-1-9-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Duplicate Theme plugin td> [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46204]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46204') [MISC]('https://patchstack.com/database/vulnerability/duplicate-theme/wordpress-duplicate-theme-plugin-0-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors - Car Dealer, Classifieds & Listing plugin td> [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46208]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46208') [MISC]('https://patchstack.com/database/vulnerability/motors-car-dealership-classified-listings/wordpress-motors-car-dealer-classifieds-listing-plugin-1-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus - Unlimited grid plugin td> [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46209]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46209') [MISC]('https://patchstack.com/database/vulnerability/grid-plus/wordpress-grid-plus-plugin-1-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin td> [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46211]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46211') [MISC]('https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-14-cross-site-scripting-xss-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'form_id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5051]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5051') [MISC]('https://plugins.trac.wordpress.org/changeset/2982876/callrail-phone-call-tracking#file0') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/35def866-7460-4cad-8d86-7b9e4905cbe4?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/callrail-phone-call-tracking/tags/0.5.2/callrail.php#L174')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5085]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5085') [MISC]('https://plugins.trac.wordpress.org/browser/advanced-menu-widget/trunk/class-advanced-menu-widget.php?rev=1471917#L74') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/5da2dac6-940c-419e-853f-6cfd5d53d427?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5110]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5110') [MISC]('https://plugins.trac.wordpress.org/browser/bsk-pdf-manager/trunk/classes/shortcodes/category/category-dropdown.php?rev=2885460#L36') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/60de55c6-e4fa-453e-84bd-309f2887e3cb?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugin_delete_me' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The shortcode is not displayed to administrators, so it cannot be used against administrator users.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5126]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5126') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/7a5123a7-8eb4-481e-88fe-6310be37a077?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/delete-me/tags/3.0/inc/shortcode.php#L83')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5127]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5127') [MISC]('https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L101') [MISC]('https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L68') [MISC]('https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L70') [MISC]('https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L85') [MISC]('https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L83') [MISC]('https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L55') [MISC]('https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L99') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/59ee0b56-c11f-4951-aac0-8344200e4484?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/wp-font-awesome/trunk/wp-font-awesome.php?rev=2875119#L53')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5311]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5311') [MISC]('https://giongfnef.gitbook.io/giongfnef/cve/cve-2023-5311') [MISC]('https://plugins.trac.wordpress.org/changeset/2977703/wp-extra') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/87e3dd5e-0d77-4d78-8171-0beaf9482699?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5425]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5425') [MISC]('https://plugins.trac.wordpress.org/changeset/2981559/post-meta-data-manager') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/d7f4e710-99a2-49df-a513-725e1daaa18a?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to delete user, term, and post meta belonging to arbitrary users.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5426]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5426') [MISC]('https://plugins.trac.wordpress.org/changeset/2981559/post-meta-data-manager') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/d6a7f882-4582-4b08-9597-329d140ad782?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5533]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5533') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/a9db002f-ff41-493a-87b1-5f0b4b07cfc2?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-20[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5534]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5534') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/846bd929-45cd-4e91-b232-ae16dd2b12a0?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5705]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5705') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/012946d4-82ce-48b9-9b9a-1fc49846dca6?source=cve') [MISC]('https://plugins.trac.wordpress.org/changeset/2983339/vk-filter-search#file1') [MISC]('https://plugins.trac.wordpress.org/browser/vk-filter-search/tags/2.3.1/inc/filter-search/package/class-vk-filter-search-shortcode.php#L40')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5740]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5740') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/aa32a790-242f-4142-9f4d-e1b2a07045bb?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/wp-facebook-messenger/trunk/frontend/shortcode.php#L22') [MISC]('https://plugins.trac.wordpress.org/browser/wp-facebook-messenger/trunk/frontend/shortcode.php#L32')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5744]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5744') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/fca7837c-ad24-44ce-b073-7df3f8bc4300?source=cve') [MISC]('https://plugins.trac.wordpress.org/browser/very-simple-google-maps/trunk/very-simple-google-maps.php?rev=2941389#L22') [MISC]('https://plugins.trac.wordpress.org/changeset/2982539/very-simple-google-maps#file1')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5745]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5745') [MISC]('https://plugins.trac.wordpress.org/browser/reusable-text-blocks/tags/1.5.3/text-blocks.php#L319') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/0d627ee7-1175-4621-a477-1e9ec2d05eee?source=cve')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5798]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5798') [MISC]('https://wpscan.com/vulnerability/bbb4c98c-4dd7-421e-9666-98f15acde761')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin - WP Knowledgebase plugin td> [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5802]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5802') [MISC]('https://patchstack.com/database/vulnerability/wp-knowledgebase/wordpress-wp-knowledgebase-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve')[/TD] [/LEFT][/TD] [/TR] [TD][LEFT][TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5817]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5817') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/f9998485-e272-48fc-b2f1-9e30158d0d16?source=cve') [MISC]('https://drive.google.com/file/d/125xS3GVMr7_qo5HjWvXaXixuE_R-q_u3/view?usp=sharing') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2984188%40neon-text&new=2984188%40neon-text&sfp_email=&sfph_mail=')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5820]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5820') [MISC]('https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail=') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/e51e1cd2-6de9-4820-8bba-1c6b5053e2c1?source=cve') [MISC]('https://wordpress.org/plugins/wp-responsive-slider-with-lightbox')[/TD] [/TR] [TR] [TD][LEFT]wordpress -- wordpress [/LEFT][/TD] [TD][LEFT]The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5821]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5821') [MISC]('https://plugins.trac.wordpress.org/changeset/1263536/wp-responsive-slider-with-lightbox/trunk/wp-responsive-slider-with-lightbox.php') [MISC]('https://wordpress.org/plugins/wp-responsive-thumbnail-slider') [MISC]('https://www.wordfence.com/threat-intel/vulnerabilities/id/bde75c5a-b0b7-4f26-91e9-dd4816e276c9?source=cve')[/TD] [/TR] [TR] [TD][LEFT]writercms -- writercms [/LEFT][/TD] [TD][LEFT]Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43905]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43905') [MISC]('https://github.com/Playful-CR/CVE-paddle-/blob/main/CVE-2023-43905..md')[/TD] [/TR] [TR] [TD][LEFT]xnview_classic -- xnview_classic[/LEFT][/TD] [TD][LEFT]Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46587]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46587') [MISC]('https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5')[/TD] [/TR] [TR] [TD][LEFT]xolo_cms -- xolo_cms [/LEFT][/TD] [TD][LEFT]Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43906]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43906') [MISC]('https://github.com/Playful-CR/CVE-paddle-/blob/main/CVE-2023-43906')[/TD] [/TR] [TR] [TD][LEFT]xorg-server -- xorg-server[/LEFT][/TD] [TD][LEFT]A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5367]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5367') [MISC]('https://bugzilla.redhat.com/show_bug.cgi?id=2243091') [MISC]('https://access.redhat.com/security/cve/CVE-2023-5367') [MISC]('https://lists.x.org/archives/xorg-announce/2023-October/003430.html') [MISC]('https://www.debian.org/security/2023/dsa-5534') [MISC]('https://lists.fedoraproject.org/archives/list/[email protected]/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/') [MISC]('https://lists.fedoraproject.org/archives/list/[email protected]/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/')[/TD] [/TR] [TR] [TD][LEFT]xorg-server -- xorg-server[/LEFT][/TD] [TD][LEFT]A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5380]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5380') [MISC]('https://bugzilla.redhat.com/show_bug.cgi?id=2244736') [MISC]('https://lists.x.org/archives/xorg-announce/2023-October/003430.html') [MISC]('https://access.redhat.com/security/cve/CVE-2023-5380') [MISC]('https://www.debian.org/security/2023/dsa-5534') [MISC]('https://lists.fedoraproject.org/archives/list/[email protected]/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/')[/TD] [/TR] [TR] [TD][LEFT]xorg-server -- xorg-server[/LEFT][/TD] [TD][LEFT]A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5574]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5574') [MISC]('https://bugzilla.redhat.com/show_bug.cgi?id=2244735') [MISC]('https://access.redhat.com/security/cve/CVE-2023-5574') [MISC]('https://lists.x.org/archives/xorg-announce/2023-October/003430.html')[/TD] [/TR] [TR] [TD][LEFT]xpand -- it_write-back_manager[/LEFT][/TD] [TD][LEFT]Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-27170]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-27170') [MISC]('https://balwurk.com/cve-2023-27170-improper-limitation-of-a-pathname-to-a-restricted-directory/')[/TD] [/TR] [TR] [TD][LEFT]xwiki -- xwiki[/LEFT][/TD] [TD][LEFT]XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki. When a user moves the mouse over a malicious link, the malicious JavaScript code is executed in the context of the user session. When this user is a privileged user who has programming rights, this allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. While this attribute was correctly recognized as not allowed, the attribute was still printed with a prefix [ICODE]data-xwiki-translated-attribute-[/ICODE] without further cleaning or validation. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters not allowed in data attributes and then validating the cleaned attribute again. There are no known workarounds apart from upgrading to a version including the fix.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-37908]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-37908') [MISC]('https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-6gf5-c898-7rxp') [MISC]('https://jira.xwiki.org/browse/XRENDERING-697') [MISC]('https://github.com/xwiki/xwiki-rendering/commit/f4d5acac451dccaf276e69f0b49b72221eef5d2f') [MISC]('https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-663w-2xp3-5739')[/TD] [/TR] [TR] [TD][LEFT]xwiki -- xwiki[/LEFT][/TD] [TD][LEFT]XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document [ICODE]Menu.UIExtensionSheet[/ICODE]; only three lines need to be changed.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-37909]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-37909') [MISC]('https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be') [MISC]('https://jira.xwiki.org/browse/XWIKI-20746') [MISC]('https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx')[/TD] [/TR] [TR] [TD][LEFT]xwiki -- xwiki[/LEFT][/TD] [TD][LEFT]XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-37910]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-37910') [MISC]('https://github.com/xwiki/xwiki-platform/commit/d7720219d60d7201c696c3196c9d4a86d0881325') [MISC]('https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29') [MISC]('https://jira.xwiki.org/browse/XWIKI-20334')[/TD] [/TR] [TR] [TD][LEFT]xwiki -- xwiki[/LEFT][/TD] [TD][LEFT]XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as [ICODE]deleted:1[/ICODE] (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-37911]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-37911') [MISC]('https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f') [MISC]('https://jira.xwiki.org/browse/XWIKI-20817') [MISC]('https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages') [MISC]('https://jira.xwiki.org/browse/XWIKI-20685') [MISC]('https://jira.xwiki.org/browse/XWIKI-20684') [MISC]('https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gh64-qxh5-4m33')[/TD] [/TR] [TR] [TD][LEFT]xwiki -- xwiki[/LEFT][/TD] [TD][LEFT]XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of [ICODE]org.xwiki.platform:xwiki-core-rendering-macro-footnotes[/ICODE] and [ICODE]org.xwiki.platform:xwiki-rendering-macro-footnotes[/ICODE] and prior to version 15.1-rc-1 of [ICODE]org.xwiki.platform:xwiki-rendering-macro-footnotes[/ICODE], the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-37912]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-37912') [MISC]('https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5') [MISC]('https://jira.xwiki.org/browse/XRENDERING-688') [MISC]('https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e')[/TD] [/TR] [TR] [TD][LEFT]xwiki -- xwiki[/LEFT][/TD] [TD][LEFT]XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature introduced in XWiki 14.0, this is easy to reproduce but it also possible to reproduce in versions as old as XWiki 3.5 by uploading the attachment through the REST API which doesn't remove [ICODE]/[/ICODE] or [ICODE]\[/ICODE] from the filename. As the mime type of the attachment doesn't matter for the exploitation, this could e.g., be used to replace the [ICODE]jar[/ICODE]-file of an extension which would allow executing arbitrary Java code and thus impact the confidentiality, integrity and availability of the XWiki installation. This vulnerability has been patched in XWiki 14.10.8 and 15.3RC1. There are no known workarounds apart from disabling the office converter.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-37913]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-37913') [MISC]('https://jira.xwiki.org/browse/XWIKI-20715') [MISC]('https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544') [MISC]('https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m')[/TD] [/TR] [TR] [TD][LEFT]xwiki -- xwiki[/LEFT][/TD] [TD][LEFT]XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. [ICODE]org.xwiki.platform:xwiki-platform-web[/ICODE] starting in version 3.1-milestone-1 and prior to 13.4-rc-1, [ICODE]org.xwiki.platform:xwiki-platform-web-templates[/ICODE] prior to versions 14.10.2 and 15.5-rc-1, and [ICODE]org.xwiki.platform:xwiki-web-standard[/ICODE] starting in version 2.4-milestone-2 and prior to version 3.1-milestone-1 are vulnerable to cross-site scripting. An attacker can create a template provider on any document that is part of the wiki (could be the attacker's user profile) that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL. For the attacker, the only requirement is to have an account as by default the own user profile is editable. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in [ICODE]org.xwiki.platform:xwiki-platform-web[/ICODE] 13.4-rc-1, [ICODE]org.xwiki.platform:xwiki-platform-web-templates[/ICODE] 14.10.2 and 15.5-rc-1, and [ICODE]org.xwiki.platform:xwiki-web-standard[/ICODE] 3.1-milestone-1 by adding the appropriate escaping. The vulnerable template file createinline.vm is part of XWiki's WAR and can be patched by manually applying the changes from the fix.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45134]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45134') [MISC]('https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e') [MISC]('https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gr82-8fj2-ggc3') [MISC]('https://jira.xwiki.org/browse/XWIKI-20962')[/TD] [/TR] [TR] [TD][LEFT]xwiki -- xwiki[/LEFT][/TD] [TD][LEFT]XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In [ICODE]org.xwiki.platform:xwiki-platform-web[/ICODE] versions 7.2-milestone-2 until 14.10.12 and [ICODE]org.xwiki.platform:xwiki-platform-web-templates[/ICODE] prior to versions 14.10.12 and 15.5-rc-1, it is possible to pass a title to the page creation action that isn't displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution including full access to the XWiki instance if the victim has programming right. For the attack to work, the attacker needs to convince the victim to visit a link like [ICODE]/xwiki/bin/create/NonExistingSpace/WebHome?title=$services.logging.getLogger(%22foo%22).error(%22Script%20executed!%22)[/ICODE] where `` is the URL of the Wiki installation and to then click on the "Create" button on that page. The page looks like a regular XWiki page that the victim would also see when clicking the button to create a page that doesn't exist yet, the malicious code is not displayed anywhere on that page. After clicking the "Create" button, the malicious title would be displayed but at this point, the code has already been executed and the attacker could use this code also to hide the attack, e.g., by redirecting the victim again to the same page with an innocent title. It thus seems plausible that this attack could work if the attacker can place a fake "create page" button on a page which is possible with edit right. This has been patched in [ICODE]org.xwiki.platform:xwiki-platform-web[/ICODE] version 14.10.12 and [ICODE]org.xwiki.platform:xwiki-platform-web-templates[/ICODE] versions 14.10.12 and 15.5-rc-1 by displaying the title already in the first step such that the victim can notice the attack before continuing. It is possible to manually patch the modified files from the patch in an existing installation. For the JavaScript change, the minified JavaScript file would need to be obtained from a build of XWiki and replaced accordingly.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45135]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45135') [MISC]('https://jira.xwiki.org/browse/XWIKI-20869') [MISC]('https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghf6-2f42-mjh9') [MISC]('https://github.com/xwiki/xwiki-platform/commit/199e27ce7016757e66fa7cea99e718044a1b639b')[/TD] [/TR] [TR] [TD][LEFT]xwiki -- xwiki[/LEFT][/TD] [TD][LEFT]XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in XWiki 14.10.12 and 15.5-rc-1 by adding appropriate escaping. The vulnerable template file [ICODE]createinline.vm[/ICODE] is part of XWiki's WAR and can be patched by manually applying the changes from the fix.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45136]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45136') [MISC]('https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e') [MISC]('https://jira.xwiki.org/browse/XWIKI-20854') [MISC]('https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj9-gcpg-4w2w')[/TD] [/TR] [TR] [TD][LEFT]xwiki -- xwiki[/LEFT][/TD] [TD][LEFT]XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. [ICODE]org.xwiki.platform:xwiki-platform-web[/ICODE] starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as [ICODE]org.xwiki.platform:xwiki-platform-web-templates[/ICODE] prior to versions 14.10.12 and 15.5-rc-1, are vulnerable to cross-site scripting. When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this requires that the attacker first creates a non-empty document whose name contains the attack code. This has been patched in [ICODE]org.xwiki.platform:xwiki-platform-web[/ICODE] version 13.4-rc-1 and [ICODE]org.xwiki.platform:xwiki-platform-web-templates[/ICODE] versions 14.10.12 and 15.5-rc-1 by adding the appropriate escaping. The vulnerable template file [ICODE]createinline.vm[/ICODE] is part of XWiki's WAR and can be patched by manually applying the changes from the fix.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-45137]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-45137') [MISC]('https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-93gh-jgjj-r929') [MISC]('https://jira.xwiki.org/browse/XWIKI-20961') [MISC]('https://github.com/xwiki/xwiki-platform/commit/ed8ec747967f8a16434806e727a57214a8843581')[/TD] [/TR] [TR] [TD][LEFT]yxbookcms -- yxbookcms[/LEFT][/TD] [TD][LEFT]Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46503]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46503') [MISC]('https://github.com/PwnCYN/YXBOOKCMS/issues/2')[/TD] [/TR] [TR] [TD][LEFT]yxbookcms -- yxbookcms[/LEFT][/TD] [TD][LEFT]Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46504]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46504') [MISC]('https://github.com/PwnCYN/YXBOOKCMS/issues/1')[/TD] [/TR] [TR] [TD][LEFT]zenario_cms -- zenario_cms[/LEFT][/TD] [TD][LEFT]A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias.[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-44769]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-44769') [MISC]('https://github.com/sromanhu/ZenarioCMS--Reflected-XSS---Alias/tree/main') [MISC]('https://github.com/sromanhu/CVE-2023-44769_ZenarioCMS--Reflected-XSS---Alias/tree/main')[/TD] [/TR] [TR] [TD][LEFT]zentao_biz -- zentao_biz[/LEFT][/TD] [TD][LEFT]ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46375]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46375') [MISC]('https://narrow-payment-2cd.notion.site/zentao-4-1-3-is-vulnerable-to-csrf-CVE-2023-46375-2d9d9fc2371f483eb436af20508df915')[/TD] [/TR] [TR] [TD][LEFT]zentao_biz -- zentao_biz[/LEFT][/TD] [TD][LEFT]Zentao Biz version 8.7 and before is vulnerable to Information Disclosure.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46376]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46376') [MISC]('https://narrow-payment-2cd.notion.site/zentao-8-7-has-information-disclosure-vulnerability-CVE-2023-46376-537fae3936b84af583b51b74e6010dd7')[/TD] [/TR] [TR] [TD][LEFT]zentao_biz -- zentao_biz[/LEFT][/TD] [TD][LEFT]ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46491]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46491') [MISC]('https://foremost-smash-52a.notion.site/Zentao-Authorized-XSS-Vulnerability-CVE-2023-46491-eea8cbfe2fab4ea78a174e5275309759')[/TD] [/TR] [TR] [TD][LEFT]zentao_enterprise_edition -- zentao_enterprise_edition[/LEFT][/TD] [TD][LEFT]ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS).[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46374]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46374') [MISC]('https://narrow-payment-2cd.notion.site/ZenTao-4-1-3-is-vulnerable-to-Cross-Site-Scripting-xss-CVE-2023-46374-ebdc61e7a88443b481b649764ba66dee')[/TD] [/TR] [TR] [TD][LEFT]zephyr -- zephyr[/LEFT][/TD] [TD][LEFT]Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5139]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5139') [MISC]('https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453')[/TD] [/TR] [TR] [TD][LEFT]zephyr -- zephyr[/LEFT][/TD] [TD][LEFT]Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c[/LEFT][/TD] [TD][CENTER]2023-10-25[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-5753]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-5753') [MISC]('https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww')[/TD] [/TR] [TR] [TD][LEFT]zioncom_holdings_ltd. -- a7000r[/LEFT][/TD] [TD][LEFT]An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function.[/LEFT][/TD] [TD][CENTER]2023-10-27[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46510]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46510') [MISC]('https://gist.github.com/ATonysan/58ace23d539981441bca16ce0f7585e2')[/TD] [/TR] [TR] [TD][LEFT]zitadel -- zitadel[/LEFT][/TD] [TD][LEFT]ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to an SVG to gain access to the victim's account in certain scenarios. A victim would need to directly open the malicious image in the browser, where a single session in ZITADEL needs to be active for this exploit to work. If the possible victim had multiple or no active sessions in ZITADEL, the attack would not succeed. This issue has been patched in version 2.39.2 and 2.38.2.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-46238]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-46238') [MISC]('https://github.com/zitadel/zitadel/releases/tag/v2.39.2') [MISC]('https://github.com/zitadel/zitadel/releases/tag/v2.38.2') [MISC]('https://github.com/zitadel/zitadel/security/advisories/GHSA-954h-jrpm-72pm')[/TD] [/TR] [TR] [TD][LEFT]zpe_systems,_inc. -- nodegrid_os[/LEFT][/TD] [TD][LEFT]ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.[/LEFT][/TD] [TD][CENTER]2023-10-28[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-43322]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-43322') [CONFIRM]('https://psirt.zpesystems.com/portal/en/kb/articles/security-advisory-zpe-ng-2023-001-12-10-2023')[/TD] [/TR] [TR] [TD][LEFT] palantir -- palantir[/LEFT][/TD] [TD][LEFT]The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.[/LEFT][/TD] [TD][CENTER]2023-10-26[/CENTER][/TD] [TD][CENTER]not yet calculated[/CENTER][/TD] [TD][CVE-2023-30969]('https://nvd.nist.gov/nvd.cfm?cvename=CVE-2023-30969') [MISC]('https://palantir.safebase.us/?tcuUid=afcbc9b2-de62-44b9-b28b-2ebf0684fbf7')[/TD] [/TR][/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/TABLE][/CENTER] [TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT] [Back to top]('https://www.cisa.gov/uscert/ncas/#top') [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT][TD][LEFT] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/LEFT][/TD] [/TD]

Continue reading…