Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49145 | 1 Apache | 1 Nifi | 2023-12-01 | N/A | 5.4 MEDIUM |
| Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation. | |||||
| CVE-2023-5845 | 1 Wpbrigade | 1 Simple Social Buttons | 2023-12-01 | N/A | 5.3 MEDIUM |
| The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags | |||||
| CVE-2023-5737 | 1 Webtoffee | 1 Backup And Migration | 2023-12-01 | N/A | 4.3 MEDIUM |
| The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. | |||||
| CVE-2023-47865 | 1 Mattermost | 1 Mattermost | 2023-12-01 | N/A | 4.3 MEDIUM |
| Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled | |||||
| CVE-2023-5885 | 1 Franklinfueling | 2 Colibri, Colibri Firmware | 2023-12-01 | N/A | 6.5 MEDIUM |
| The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. | |||||
| CVE-2023-49029 | 1 Smpn1smg | 1 Absis | 2023-12-01 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file. | |||||
| CVE-2023-4642 | 1 Kamalkhan | 1 Kk Star Ratings | 2023-12-01 | N/A | 5.9 MEDIUM |
| The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. | |||||
| CVE-2023-47437 | 1 Pachno | 1 Pachno | 2023-12-01 | N/A | 5.4 MEDIUM |
| A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script. | |||||
| CVE-2023-5209 | 1 Booking-wp-plugin | 1 Bookly | 2023-12-01 | N/A | 4.8 MEDIUM |
| The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-32062 | 1 Oroinc | 1 Oroplatform | 2023-12-01 | N/A | 4.3 MEDIUM |
| OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1. | |||||
| CVE-2023-42501 | 1 Apache | 1 Superset | 2023-12-01 | N/A | 4.3 MEDIUM |
| Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources. | |||||
| CVE-2023-43701 | 1 Apache | 1 Superset | 2023-12-01 | N/A | 5.4 MEDIUM |
| Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2. Users are recommended to upgrade to version 2.1.2, which fixes this issue. | |||||
| CVE-2023-6296 | 1 Oscommerce | 1 Oscommerce | 2023-12-01 | N/A | 6.1 MEDIUM |
| A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq"><script>alert(1)</script>zohkx leads to cross site scripting. The attack may be launched remotely. VDB-246122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-43757 | 1 Elecom | 68 Lan-w300n\/p, Lan-w300n\/p Firmware, Lan-w300n\/rs and 65 more | 2023-12-01 | N/A | 6.5 MEDIUM |
| Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. | |||||
| CVE-2023-49321 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2023-12-01 | N/A | 5.3 MEDIUM |
| Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. | |||||
| CVE-2023-5341 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2023-12-01 | N/A | 5.5 MEDIUM |
| A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. | |||||
| CVE-2023-36013 | 1 Microsoft | 1 Powershell | 2023-12-01 | N/A | 6.5 MEDIUM |
| PowerShell Information Disclosure Vulnerability | |||||
| CVE-2023-6164 | 1 Mainwp | 1 Mainwp | 2023-12-01 | N/A | 4.8 MEDIUM |
| The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags. | |||||
| CVE-2023-2438 | 1 Userproplugin | 1 Userpro | 2023-12-01 | N/A | 6.1 MEDIUM |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-49104 | 1 Owncloud | 1 Oauth2 | 2023-12-01 | N/A | 6.1 MEDIUM |
| An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker. | |||||
| CVE-2023-48304 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-01 | N/A | 4.3 MEDIUM |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, an attacker could enable and disable the birthday calendar for any user on the same server. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available. | |||||
| CVE-2023-20240 | 1 Cisco | 2 Anyconnect Secure Mobility Client, Secure Client | 2023-12-01 | N/A | 5.5 MEDIUM |
| Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system. | |||||
| CVE-2023-20084 | 1 Cisco | 2 Secure Endpoint, Secure Endpoint Private Cloud | 2023-12-01 | N/A | 4.4 MEDIUM |
| A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled. | |||||
| CVE-2022-45582 | 1 Openstack | 1 Horizon | 2023-12-01 | N/A | 6.1 MEDIUM |
| Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. | |||||
| CVE-2023-6264 | 1 Devolutions | 1 Devolutions Server | 2023-12-01 | N/A | 5.3 MEDIUM |
| Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints. | |||||
| CVE-2023-47380 | 1 Admidio | 1 Admidio | 2023-12-01 | N/A | 6.1 MEDIUM |
| Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2023-6287 | 1 Tribe29 | 1 Checkmk Appliance Firmware | 2023-12-01 | N/A | 5.5 MEDIUM |
| Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. | |||||
| CVE-2023-5678 | 1 Openssl | 1 Openssl | 2023-11-30 | N/A | 5.3 MEDIUM |
| Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | |||||
| CVE-2022-4900 | 2 Php, Redhat | 3 Php, Linux, Software Collections | 2023-11-30 | N/A | 5.5 MEDIUM |
| A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. | |||||
| CVE-2023-5380 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2023-11-30 | N/A | 4.7 MEDIUM |
| A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. | |||||
| CVE-2023-4163 | 1 Broadcom | 1 Fabric Operating System | 2023-11-30 | N/A | 4.4 MEDIUM |
| In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. | |||||
| CVE-2023-35075 | 1 Mattermost | 1 Mattermost | 2023-11-30 | N/A | 5.4 MEDIUM |
| Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though. | |||||
| CVE-2023-47314 | 1 H-mdm | 1 Headwind Mdm | 2023-11-30 | N/A | 5.4 MEDIUM |
| Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting (XSS). The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download function returns the file in inline mode, the victim’s browser will immediately render the content of the HTML file as a web page. As a result, the uploaded client-side code will be evaluated and executed in the victim’s browser, allowing attackers to perform common XSS attacks. | |||||
| CVE-2023-47313 | 1 H-mdm | 1 Headwind Mdm | 2023-11-30 | N/A | 5.4 MEDIUM |
| Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and localPath. The first one refers to the temporary file with an absolute path without validating it. Attackers may modify this API call by referring to arbitrary files. As a result, arbitrary files can be moved to the files directory and so they can be downloaded. | |||||
| CVE-2023-43123 | 1 Apache | 1 Storm | 2023-11-30 | N/A | 5.5 MEDIUM |
| On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information. File.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set. This affects the class https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 and was introduced by https://issues.apache.org/jira/browse/STORM-3123 In practice, this has a very limited impact as this class is used only if ui.disable.spout.lag.monitoring is set to false, but its value is true by default. Moreover, the temporary file gets deleted soon after its creation. The solution is to use Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) instead. We recommend that all users upgrade to the latest version of Apache Storm. | |||||
| CVE-2023-6297 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-11-30 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246123. | |||||
| CVE-2022-44011 | 1 Clickhouse | 1 Clickhouse | 2023-11-30 | N/A | 6.5 MEDIUM |
| An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19. | |||||
| CVE-2023-47251 | 1 M-privacy | 2 Mprivacy-tools, Tightgatevnc | 2023-11-30 | N/A | 6.5 MEDIUM |
| In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem. | |||||
| CVE-2023-47467 | 1 Jeecg | 1 Jeecg-boot | 2023-11-30 | N/A | 6.5 MEDIUM |
| Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | |||||
| CVE-2023-20241 | 1 Cisco | 2 Anyconnect Secure Mobility Client, Secure Client | 2023-11-30 | N/A | 5.5 MEDIUM |
| Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system. | |||||
| CVE-2023-48042 | 1 Communitydeveloper | 1 Amazzing Filter | 2023-11-30 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code. | |||||
| CVE-2023-6359 | 1 Grupoalumne | 1 Alumne Lms | 2023-11-30 | N/A | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the 'localidad' field on the /users/editmy page. | |||||
| CVE-2023-48039 | 1 Gpac | 1 Gpac | 2023-11-30 | N/A | 5.5 MEDIUM |
| GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75. | |||||
| CVE-2023-33706 | 1 Sysaid | 1 Sysaid | 2023-11-30 | N/A | 6.5 MEDIUM |
| SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | |||||
| CVE-2023-5560 | 1 Lesterchan | 1 Wp-useronline | 2023-11-30 | N/A | 6.1 MEDIUM |
| The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks. | |||||
| CVE-2023-5525 | 1 Limitloginattempts | 1 Limit Login Attempts Reloaded | 2023-11-30 | N/A | 4.3 MEDIUM |
| The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin. | |||||
| CVE-2023-5325 | 1 Levantoan | 1 Woocommerce Vietnam Checkout | 2023-11-30 | N/A | 6.1 MEDIUM |
| The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS | |||||
| CVE-2023-48707 | 1 Codeigniter | 1 Shield | 2023-11-30 | N/A | 6.5 MEDIUM |
| CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database, they could use the key and secretKey for HMAC SHA256 authentication to send requests impersonating that corresponding user. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48708 | 1 Codeigniter | 1 Shield | 2023-11-30 | N/A | 6.5 MEDIUM |
| CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then be used to send a request with that user's authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files. | |||||
| CVE-2023-6299 | 1 Itextpdf | 1 Itext | 2023-11-30 | N/A | 6.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.0.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246125 was assigned to this vulnerability. NOTE: The vendor was contacted early about this vulnerability. The fix was introduced in the iText 8.0.2 release on October 25th 2023, prior to the disclosure. | |||||