Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6723 | 1 Europeana | 1 Repox | 2023-12-15 | N/A | 9.8 CRITICAL |
| An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise. | |||||
| CVE-2023-6345 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2023-12-15 | N/A | 9.6 CRITICAL |
| Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | |||||
| CVE-2016-9953 | 2 Haxx, Microsoft | 2 Curl, Windows Embedded Compact | 2023-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. | |||||
| CVE-2023-50252 | 1 Dompdf | 1 Php-svg-lib | 2023-12-15 | N/A | 9.8 CRITICAL |
| php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>` tag that references an `<image>` tag, it merges the attributes from the `<use>` tag to the `<image>` tag. The problem pops up especially when the `href` attribute from the `<use>` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue. | |||||
| CVE-2023-50424 | 1 Sap | 1 Cloud-security-client-go | 2023-12-15 | N/A | 9.8 CRITICAL |
| SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. | |||||
| CVE-2023-50423 | 1 Sap | 1 Sap-xssec | 2023-12-15 | N/A | 9.8 CRITICAL |
| SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. | |||||
| CVE-2022-27140 | 1 Express-fileupload Project | 1 Express-fileupload | 2023-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload middleware is not responsible for an application's business logic (e.g., determining whether or how a file should be renamed). | |||||
| CVE-2023-38428 | 2 Linux, Netapp | 7 Linux Kernel, H300s, H410s and 4 more | 2023-12-15 | N/A | 9.1 CRITICAL |
| An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read. | |||||
| CVE-2023-38431 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410s and 3 more | 2023-12-15 | N/A | 9.1 CRITICAL |
| An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read. | |||||
| CVE-2023-6593 | 2 Apple, Devolutions | 2 Iphone Os, Remote Desktop Manager | 2023-12-15 | N/A | 9.8 CRITICAL |
| Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction. | |||||
| CVE-2023-6756 | 1 Thecosy | 1 Icecms | 2023-12-15 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247884. | |||||
| CVE-2023-46456 | 1 Gl-inet | 2 Gl-ar300m, Gl-ar300m Firmware | 2023-12-14 | N/A | 9.8 CRITICAL |
| In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. | |||||
| CVE-2023-43364 | 1 Arjunsharda | 1 Searchor | 2023-12-14 | N/A | 9.8 CRITICAL |
| main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution. | |||||
| CVE-2013-2513 | 1 Milboj | 1 Flash Tool | 2023-12-14 | N/A | 9.8 CRITICAL |
| The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file. | |||||
| CVE-2023-48427 | 1 Siemens | 1 Sinec Ins | 2023-12-14 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges. | |||||
| CVE-2023-46454 | 1 Gl-inet | 2 Gl-ar300m, Gl-ar300m Firmware | 2023-12-14 | N/A | 9.8 CRITICAL |
| In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. | |||||
| CVE-2023-50245 | 1 Afichet | 1 Openexr Viewer | 2023-12-14 | N/A | 9.8 CRITICAL |
| OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing. Versions prior to 0.6.1 have a memory overflow vulnerability. This issue is fixed in version 0.6.1. | |||||
| CVE-2023-6647 | 1 Amttgroup | 1 Hibos | 2023-12-14 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-41117 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 9.8 CRITICAL |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks. | |||||
| CVE-2023-36649 | 1 Prolion | 1 Cryptospike | 2023-12-14 | N/A | 9.1 CRITICAL |
| Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication. | |||||
| CVE-2023-39169 | 1 Enbw | 2 Senec Storage Box, Senec Storage Box Firmware | 2023-12-14 | N/A | 9.8 CRITICAL |
| The affected devices use publicly available default credentials with administrative privileges. | |||||
| CVE-2023-50429 | 1 Izybat | 1 Orange Casiers | 2023-12-14 | N/A | 9.1 CRITICAL |
| IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection. | |||||
| CVE-2023-41268 | 1 Samsung | 1 Escargot | 2023-12-14 | N/A | 9.8 CRITICAL |
| Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0. | |||||
| CVE-2023-5941 | 1 Freebsd | 1 Freebsd | 2023-12-14 | N/A | 9.8 CRITICAL |
| In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program. | |||||
| CVE-2023-47100 | 1 Perl | 1 Perl | 2023-12-14 | N/A | 9.8 CRITICAL |
| In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. | |||||
| CVE-2019-17362 | 2 Debian, Libtom | 2 Debian Linux, Libtomcrypt | 2023-12-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data. | |||||
| CVE-2021-20204 | 3 Debian, Fedoraproject, Getdata Project | 3 Debian Linux, Fedora, Getdata | 2023-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker. | |||||
| CVE-2023-6181 | 1 Google | 2 Chromecast, Chromecast Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| An oversight in BCB handling of reboot reason that allows for persistent code execution | |||||
| CVE-2023-48425 | 1 Google | 2 Chromecast, Chromecast Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| U-Boot vulnerability resulting in persistent Code Execution | |||||
| CVE-2023-48424 | 1 Google | 2 Chromecast, Chromecast Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| U-Boot shell vulnerability resulting in Privilege escalation in a production device | |||||
| CVE-2023-48417 | 1 Google | 2 Chromecast, Chromecast Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application | |||||
| CVE-2023-6658 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247366 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6657 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Simple Student Attendance System 1.0. This affects an unknown part of the file /modals/student_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-247365 was assigned to this vulnerability. | |||||
| CVE-2023-49418 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. | |||||
| CVE-2023-49417 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-12-13 | N/A | 9.8 CRITICAL |
| TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. | |||||
| CVE-2023-6269 | 1 Atos | 3 Unify Openscape Bcf, Unify Openscape Branch, Unify Openscape Session Border Controller | 2023-12-13 | N/A | 9.8 CRITICAL |
| An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user. | |||||
| CVE-2023-48423 | 1 Google | 1 Android | 2023-12-13 | N/A | 9.8 CRITICAL |
| In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-43742 | 1 Zultys | 12 Mx-e, Mx-e Firmware, Mx-se and 9 more | 2023-12-13 | N/A | 9.8 CRITICAL |
| An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful. | |||||
| CVE-2022-28348 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2023-12-13 | 10.0 HIGH | 9.8 CRITICAL |
| Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation. | |||||
| CVE-2023-49287 | 1 Cxong | 1 Tinydir | 2023-12-13 | N/A | 9.8 CRITICAL |
| TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6. | |||||
| CVE-2023-6648 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247341 was assigned to this vulnerability. | |||||
| CVE-2023-6652 | 1 Carmelogarcia | 1 Matrimonial Site | 2023-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Matrimonial Site 1.0. It has been declared as critical. Affected by this vulnerability is the function register of the file /register.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247345 was assigned to this vulnerability. | |||||
| CVE-2023-6651 | 1 Carmelogarcia | 1 Matrimonial Site | 2023-12-13 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Matrimonial Site 1.0. It has been classified as critical. Affected is an unknown function of the file /auth/auth.php?user=1. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247344. | |||||
| CVE-2023-47254 | 1 Draytek | 2 Vigor167, Vigor167 Firmware | 2023-12-12 | N/A | 9.8 CRITICAL |
| An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. | |||||
| CVE-2023-46932 | 1 Gpac | 1 Gpac | 2023-12-12 | N/A | 9.8 CRITICAL |
| Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box. | |||||
| CVE-2023-6612 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-12-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-46498 | 1 Evershop | 1 Evershop | 2023-12-12 | N/A | 9.8 CRITICAL |
| An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. | |||||
| CVE-2023-6579 | 1 Oscommerce | 1 Oscommerce | 2023-12-12 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6617 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6619 | 1 Oretnom23 | 1 Simple Student Attendance System | 2023-12-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256. | |||||