Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32505 | 1 Ciphercoin | 1 Easy Hide Login | 2023-08-29 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions. | |||||
| CVE-2023-32300 | 1 Yoast | 1 Yoast Seo | 2023-08-29 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions. | |||||
| CVE-2023-32499 | 1 Netmix | 1 Radio Station | 2023-08-29 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9 versions. | |||||
| CVE-2023-32498 | 1 Ays-pro | 1 Easy Form | 2023-08-29 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0 versions. | |||||
| CVE-2023-32497 | 1 Supersoju | 1 Block Referer Spam | 2023-08-29 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supersoju Block Referer Spam plugin <= 1.1.9.4 versions. | |||||
| CVE-2022-3743 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2023-08-29 | N/A | 4.4 MEDIUM |
| A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands. | |||||
| CVE-2022-3742 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2023-08-29 | N/A | 6.7 MEDIUM |
| A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation. | |||||
| CVE-2023-32509 | 1 Cagewebdev | 1 Order Your Posts Manually | 2023-08-29 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions. | |||||
| CVE-2022-3744 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2023-08-29 | N/A | 6.7 MEDIUM |
| A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential. | |||||
| CVE-2022-3745 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2023-08-29 | N/A | 4.4 MEDIUM |
| A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI. | |||||
| CVE-2022-3746 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2023-08-29 | N/A | 6.7 MEDIUM |
| A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface. | |||||
| CVE-2023-40176 | 1 Xwiki | 1 Xwiki | 2023-08-29 | N/A | 5.4 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down (no free text value) it can still be set from JavaScript (using the browser developer tools) or by calling the save URL on the user profile with the right query string. Once the time zone is set it is displayed without escaping which means the payload gets executed for any user that visits the malicious user profile, allowing the attacker to steal information and even gain more access rights (escalation to programming rights). This issue is present since version 4.1M2 when the time zone user preference was introduced. The issue has been fixed in XWiki 14.10.5 and 15.1RC1. | |||||
| CVE-2023-37440 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information. | |||||
| CVE-2023-37439 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37438 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2021-43171 | 1 E.foundation | 1 App Lounge | 2023-08-29 | N/A | 6.5 MEDIUM |
| Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response. | |||||
| CVE-2023-40282 | 1 Rakuten | 2 Wifi Pocket, Wifi Pocket Firmware | 2023-08-29 | N/A | 5.4 MEDIUM |
| ** UNSUPPPORTED WHEN ASSIGNED ** Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed. | |||||
| CVE-2023-39986 | 1 Hitachi | 1 Eh-view | 2023-08-29 | N/A | 5.5 MEDIUM |
| ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-4212 | 1 Trane | 8 Pivot, Pivot Firmware, Xl1050 and 5 more | 2023-08-29 | N/A | 6.8 MEDIUM |
| ?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick. | |||||
| CVE-2023-37437 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37436 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-37435 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | |||||
| CVE-2023-26272 | 1 Ibm | 1 Guardium Cloud Key Manager | 2023-08-29 | N/A | 5.3 MEDIUM |
| IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133. | |||||
| CVE-2023-4555 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-08-29 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliar_data.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238153 was assigned to this vulnerability. | |||||
| CVE-2023-30435 | 1 Ibm | 1 Security Guardium | 2023-08-29 | N/A | 5.4 MEDIUM |
| IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291. | |||||
| CVE-2022-43909 | 1 Ibm | 1 Security Guardium | 2023-08-29 | N/A | 5.4 MEDIUM |
| IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 240905. | |||||
| CVE-2023-33852 | 1 Ibm | 1 Security Guardium | 2023-08-29 | N/A | 5.4 MEDIUM |
| IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614. | |||||
| CVE-2023-30437 | 1 Ibm | 1 Security Guardium | 2023-08-29 | N/A | 5.3 MEDIUM |
| IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293. | |||||
| CVE-2023-30436 | 1 Ibm | 1 Security Guardium | 2023-08-29 | N/A | 5.4 MEDIUM |
| IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292. | |||||
| CVE-2023-41104 | 1 Varnish-software | 2 Varnish Enterprise, Vmod Digest | 2023-08-28 | N/A | 6.5 MEDIUM |
| libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use. | |||||
| CVE-2023-41100 | 1 Hcaptcha For Ext\ | 1 Form Project | 2023-08-28 | N/A | 5.3 MEDIUM |
| An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check. | |||||
| CVE-2023-32119 | 1 Wpo365 | 1 Mail Integration For Office 365 \/ Outlook | 2023-08-28 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0 versions. | |||||
| CVE-2023-41098 | 1 Misp | 1 Misp | 2023-08-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. | |||||
| CVE-2023-3699 | 1 Asustor | 1 Data Master | 2023-08-28 | N/A | 5.5 MEDIUM |
| An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. | |||||
| CVE-2022-48545 | 1 Xpdfreader | 1 Xpdf | 2023-08-28 | N/A | 5.5 MEDIUM |
| An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. | |||||
| CVE-2023-4475 | 1 Asustor | 1 Data Master | 2023-08-28 | N/A | 5.5 MEDIUM |
| An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. | |||||
| CVE-2022-48538 | 1 Cacti | 1 Cacti | 2023-08-28 | N/A | 5.3 MEDIUM |
| In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password. | |||||
| CVE-2023-38666 | 1 Axiosys | 1 Bento4 | 2023-08-28 | N/A | 5.5 MEDIUM |
| Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt. | |||||
| CVE-2023-38667 | 1 Nasm | 1 Netwide Assembler | 2023-08-28 | N/A | 5.5 MEDIUM |
| Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. | |||||
| CVE-2023-38668 | 1 Nasm | 1 Netwide Assembler | 2023-08-28 | N/A | 5.5 MEDIUM |
| Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). | |||||
| CVE-2023-38996 | 1 Douran | 1 Dsgate | 2023-08-28 | N/A | 6.7 MEDIUM |
| An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command. | |||||
| CVE-2023-39599 | 1 Cszcms | 1 Csz Cms | 2023-08-28 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. | |||||
| CVE-2022-38349 | 1 Freedesktop | 1 Poppler | 2023-08-28 | N/A | 6.5 MEDIUM |
| An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. | |||||
| CVE-2022-44215 | 1 Southrivertech | 1 Titan Ftp Server | 2023-08-28 | N/A | 6.1 MEDIUM |
| There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. | |||||
| CVE-2021-46310 | 1 Djvulibre Project | 1 Djvulibre | 2023-08-28 | N/A | 6.5 MEDIUM |
| An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. | |||||
| CVE-2021-46312 | 1 Djvulibre Project | 1 Djvulibre | 2023-08-28 | N/A | 6.5 MEDIUM |
| An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. | |||||
| CVE-2020-26683 | 1 Artifex | 1 Mupdf | 2023-08-28 | N/A | 5.5 MEDIUM |
| A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information. | |||||
| CVE-2020-21583 | 1 Kernel | 1 Util-linux | 2023-08-28 | N/A | 6.7 MEDIUM |
| An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date. | |||||
| CVE-2023-39742 | 1 Giflib Project | 1 Giflib | 2023-08-28 | N/A | 5.5 MEDIUM |
| giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. | |||||
| CVE-2023-41250 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration | |||||