Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6114 | 1 Awesomemotive | 1 Duplicator | 2024-01-05 | N/A | 7.5 HIGH |
| The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site. | |||||
| CVE-2023-51697 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-01-05 | N/A | 7.5 HIGH |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-51665 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-01-05 | N/A | 7.5 HIGH |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-50445 | 1 Gl-inet | 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more | 2024-01-05 | N/A | 7.8 HIGH |
| Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module. | |||||
| CVE-2020-35935 | 1 Vasyltech | 1 Advanced Access Manager | 2024-01-05 | 6.0 MEDIUM | 8.8 HIGH |
| The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.) | |||||
| CVE-2014-6059 | 1 Vasyltech | 1 Advanced Access Manager | 2024-01-05 | 6.5 MEDIUM | 7.2 HIGH |
| WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability | |||||
| CVE-2023-42917 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-01-05 | N/A | 8.8 HIGH |
| A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | |||||
| CVE-2023-28198 | 3 Apple, Webkitgtk, Wpewebkit | 5 Ipados, Iphone Os, Macos and 2 more | 2024-01-05 | N/A | 8.8 HIGH |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-38592 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-01-05 | N/A | 8.8 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-38611 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-01-05 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-38600 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-01-05 | N/A | 8.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-38595 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-01-05 | N/A | 8.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-38572 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-01-05 | N/A | 7.5 HIGH |
| The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy. | |||||
| CVE-2023-32393 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-01-05 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-38597 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-01-05 | N/A | 8.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-38594 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-01-05 | N/A | 8.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-37450 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-01-05 | N/A | 8.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2023-32373 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-01-05 | N/A | 8.8 HIGH |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2021-31799 | 3 Debian, Oracle, Ruby-lang | 4 Debian Linux, Jd Edwards Enterpriseone Tools, Rdoc and 1 more | 2024-01-05 | 4.4 MEDIUM | 7.0 HIGH |
| In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | |||||
| CVE-2023-22676 | 1 Andersthorborg | 1 Advanced Custom Fields\ | 2024-01-05 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a through 1.4.12. | |||||
| CVE-2023-7148 | 1 Shifuml | 1 Shifu | 2024-01-05 | N/A | 8.1 HIGH |
| A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151. | |||||
| CVE-2023-52313 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-01-05 | N/A | 7.5 HIGH |
| FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
| CVE-2023-52312 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-01-05 | N/A | 7.5 HIGH |
| Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
| CVE-2023-52308 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-01-05 | N/A | 7.5 HIGH |
| FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
| CVE-2023-52306 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-01-05 | N/A | 7.5 HIGH |
| FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
| CVE-2023-52305 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-01-05 | N/A | 7.5 HIGH |
| FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
| CVE-2023-52303 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-01-05 | N/A | 7.5 HIGH |
| Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
| CVE-2023-52302 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-01-05 | N/A | 7.5 HIGH |
| Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
| CVE-2023-38678 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-01-05 | N/A | 7.5 HIGH |
| OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
| CVE-2023-38677 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-01-05 | N/A | 7.5 HIGH |
| FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
| CVE-2023-38676 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-01-05 | N/A | 7.5 HIGH |
| Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
| CVE-2023-38675 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-01-05 | N/A | 7.5 HIGH |
| FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
| CVE-2023-38674 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-01-05 | N/A | 7.5 HIGH |
| FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||||
| CVE-2023-32890 | 1 Mediatek | 45 Lr13, Mt2735, Mt6779 and 42 more | 2024-01-05 | N/A | 7.5 HIGH |
| In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963). | |||||
| CVE-2023-32889 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2024-01-05 | N/A | 7.5 HIGH |
| In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID: MOLY01161825 (MSV-895). | |||||
| CVE-2023-32888 | 1 Mediatek | 38 Mt2735, Mt6813, Mt6833 and 35 more | 2024-01-05 | N/A | 7.5 HIGH |
| In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894). | |||||
| CVE-2023-32887 | 1 Mediatek | 38 Mt2735, Mt6813, Mt6833 and 35 more | 2024-01-05 | N/A | 7.5 HIGH |
| In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892). | |||||
| CVE-2023-32886 | 1 Mediatek | 47 Mt2735, Mt6813, Mt6833 and 44 more | 2024-01-05 | N/A | 7.5 HIGH |
| In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807. | |||||
| CVE-2023-46589 | 1 Apache | 1 Tomcat | 2024-01-05 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. | |||||
| CVE-2022-4904 | 3 C-ares Project, Fedoraproject, Redhat | 4 C-ares, Fedora, Enterprise Linux and 1 more | 2024-01-05 | N/A | 8.6 HIGH |
| A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. | |||||
| CVE-2021-22940 | 5 Debian, Netapp, Nodejs and 2 more | 7 Debian Linux, Nextgen Api, Node.js and 4 more | 2024-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | |||||
| CVE-2023-51410 | 1 Wpvibes | 1 Wp Mail Log | 2024-01-05 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2. | |||||
| CVE-2023-7114 | 1 Mattermost | 1 Mattermost | 2024-01-05 | N/A | 8.8 HIGH |
| Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. | |||||
| CVE-2023-51417 | 1 Jorisvm | 1 Jvm Gutenberg Rich Text Icons | 2024-01-05 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3. | |||||
| CVE-2023-52135 | 1 Westguardsolutions | 1 Ws Form | 2024-01-05 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170. | |||||
| CVE-2023-44088 | 1 Pandorafms | 1 Pandora Fms | 2024-01-05 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774. | |||||
| CVE-2023-50837 | 1 Webfactoryltd | 1 Wp Login Lockdown | 2024-01-05 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06. | |||||
| CVE-2023-23442 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-23443 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2023-51426 | 1 Hihonor | 1 Magic Os | 2024-01-04 | N/A | 7.1 HIGH |
| Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. | |||||