Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2880 | 1 Golang | 1 Go | 2023-11-25 | N/A | 7.5 HIGH |
| Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. | |||||
| CVE-2022-2879 | 1 Golang | 1 Go | 2023-11-25 | N/A | 7.5 HIGH |
| Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. | |||||
| CVE-2022-2294 | 6 Apple, Fedoraproject, Google and 3 more | 12 Ipados, Iphone Os, Mac Os X and 9 more | 2023-11-25 | N/A | 8.8 HIGH |
| Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-26505 | 2 Debian, Readymedia Project | 2 Debian Linux, Readymedia | 2023-11-25 | 4.3 MEDIUM | 7.4 HIGH |
| A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. | |||||
| CVE-2022-41974 | 3 Debian, Fedoraproject, Opensvc | 3 Debian Linux, Fedora, Multipath-tools | 2023-11-25 | N/A | 7.8 HIGH |
| multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. | |||||
| CVE-2022-41973 | 3 Debian, Fedoraproject, Opensvc | 3 Debian Linux, Fedora, Multipath-tools | 2023-11-25 | N/A | 7.8 HIGH |
| multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. | |||||
| CVE-2021-45417 | 5 Advanced Intrusion Detection Environment Project, Canonical, Debian and 2 more | 7 Advanced Intrusion Detection Environment, Ubuntu Linux, Debian Linux and 4 more | 2023-11-25 | 7.2 HIGH | 7.8 HIGH |
| AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. | |||||
| CVE-2023-48029 | 1 Corebos | 1 Corebos | 2023-11-25 | N/A | 8.0 HIGH |
| Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer. | |||||
| CVE-2022-41700 | 1 Intel | 1 Nuc Pro Software Suite | 2023-11-25 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41689 | 1 Intel | 1 In-band Manageability | 2023-11-25 | N/A | 7.8 HIGH |
| Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-38786 | 1 Intel | 1 Battery Life Diagnostic Tool | 2023-11-25 | N/A | 7.8 HIGH |
| Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33898 | 1 Intel | 1 Nuc Watchdog Timer Utility | 2023-11-25 | N/A | 7.8 HIGH |
| Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-6196 | 1 Myaudiomerchant | 1 Audio Merchant | 2023-11-25 | N/A | 8.8 HIGH |
| The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audio_merchant_add_audio_file function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-45382 | 1 Common-services | 1 Sonice Retour | 2023-11-25 | N/A | 7.5 HIGH |
| In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | |||||
| CVE-2023-41102 | 1 Opennds | 1 Opennds | 2023-11-25 | N/A | 7.5 HIGH |
| An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. | |||||
| CVE-2023-48017 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-11-25 | N/A | 8.8 HIGH |
| Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. | |||||
| CVE-2023-47757 | 1 Aweber | 1 Aweber | 2023-11-25 | N/A | 8.8 HIGH |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9. | |||||
| CVE-2023-6179 | 1 Honeywell | 1 Prowatch | 2023-11-25 | N/A | 7.8 HIGH |
| Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5). | |||||
| CVE-2023-47644 | 1 Metagauss | 1 Profilegrid | 2023-11-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6. | |||||
| CVE-2023-47649 | 1 Pricelisto | 1 Best Restaurant Menu | 2023-11-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1. | |||||
| CVE-2023-26535 | 1 Wppool | 1 Sheets To Wp Table Live Sync | 2023-11-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15 versions. | |||||
| CVE-2023-46745 | 1 Librenms | 1 Librenms | 2023-11-25 | N/A | 7.5 HIGH |
| LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48025 | 1 Howerj | 1 Liblisp | 2023-11-25 | N/A | 8.1 HIGH |
| Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c | |||||
| CVE-2023-6038 | 1 H2o | 1 H2o | 2023-11-24 | N/A | 7.5 HIGH |
| An attacker is able to read any file on the server hosting the H2O dashboard without any authentication. | |||||
| CVE-2023-6187 | 1 Strangerstudios | 1 Paid Memberships Pro | 2023-11-24 | N/A | 8.8 HIGH |
| The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings. | |||||
| CVE-2023-47667 | 1 Paymentsplugin | 1 Wp Full Stripe Free | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 1.6.1. | |||||
| CVE-2023-47666 | 1 Code Snippets | 1 Code Snippets | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0. | |||||
| CVE-2023-47664 | 1 Plainviewplugins | 1 Plainview Protect Passwords | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords.This issue affects Plainview Protect Passwords: from n/a through 1.4. | |||||
| CVE-2023-47671 | 1 Gopiplus | 1 Vertical Scroll Recent Registered User | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0. | |||||
| CVE-2023-47670 | 1 Icansoft | 1 Korea Sns | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.This issue affects Korea SNS: from n/a through 1.6.3. | |||||
| CVE-2023-47685 | 1 Nkb-bd | 1 Preloader Matrix | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1. | |||||
| CVE-2023-47672 | 1 Swashata | 1 Wp Category Post List Widget | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget.This issue affects WP Category Post List Widget: from n/a through 2.0.3. | |||||
| CVE-2023-47531 | 1 Droitthemes | 1 Droit Dark Mode | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Dark Mode.This issue affects Droit Dark Mode: from n/a through 1.1.2. | |||||
| CVE-2023-47519 | 1 Wcproducttable | 1 Woocommerce Product Table Lite | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2. | |||||
| CVE-2023-47243 | 1 Codemshop | 1 Mshop My Site | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop ???? ????? – MSHOP MY SITE.This issue affects ???? ????? – MSHOP MY SITE: from n/a through 1.1.6. | |||||
| CVE-2023-47556 | 1 Jamesmehorter | 1 Device Theme Switcher | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Device Theme Switcher.This issue affects Device Theme Switcher: from n/a through 3.0.2. | |||||
| CVE-2023-4824 | 1 Bdaia | 1 Woohoo Newspaper Magazine Theme | 2023-11-24 | N/A | 8.8 HIGH |
| The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2023-47551 | 1 Rednao | 1 Donations Made Easy - Smart Donations | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | |||||
| CVE-2023-47552 | 1 Webdevocean | 1 Image Hover Effects | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects – WordPress Plugin.This issue affects Image Hover Effects – WordPress Plugin: from n/a through 5.5. | |||||
| CVE-2023-47553 | 1 Userlocal | 1 Userheat Plugin | 2023-11-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin.This issue affects UserHeat Plugin: from n/a through 1.1.6. | |||||
| CVE-2023-39544 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-11-24 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2023-39546 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-11-24 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2023-39545 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-11-24 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2023-39547 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-11-24 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2023-48111 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2023-11-24 | N/A | 7.5 HIGH |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack | |||||
| CVE-2023-48110 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2023-11-24 | N/A | 7.5 HIGH |
| Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack | |||||
| CVE-2023-48109 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2023-11-24 | N/A | 7.5 HIGH |
| Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack | |||||
| CVE-2023-3116 | 1 Openharmony | 1 Openharmony | 2023-11-24 | N/A | 7.1 HIGH |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions. | |||||
| CVE-2023-43612 | 1 Openharmony | 1 Openharmony | 2023-11-24 | N/A | 7.8 HIGH |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions. | |||||
| CVE-2023-6045 | 1 Openharmony | 1 Openharmony | 2023-11-24 | N/A | 7.8 HIGH |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. | |||||