Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5332 | 2 Gitlab, Hashicorp | 2 Gitlab, Consul | 2023-12-07 | N/A | 8.1 HIGH |
| Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE. | |||||
| CVE-2023-32858 | 2 Google, Mediatek | 11 Android, Mt6761, Mt6765 and 8 more | 2023-12-07 | N/A | 4.4 MEDIUM |
| In GZ, there is a possible information disclosure due to a missing data erasing. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07806008; Issue ID: ALPS07806008. | |||||
| CVE-2023-47701 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-07 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166. | |||||
| CVE-2023-40687 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-07 | N/A | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809. | |||||
| CVE-2023-38727 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-07 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257. | |||||
| CVE-2023-42721 | 2 Google, Unisoc | 2 Android, Sc9863a | 2023-12-07 | N/A | 5.5 MEDIUM |
| In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2023-32852 | 2 Google, Mediatek | 2 Android, Mt6779 | 2023-12-07 | N/A | 4.4 MEDIUM |
| In cameraisp, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07670971; Issue ID: ALPS07670971. | |||||
| CVE-2023-38003 | 1 Ibm | 1 Db2 | 2023-12-07 | N/A | 7.2 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214. | |||||
| CVE-2023-40833 | 1 Thecosy | 1 Icecms | 2023-12-07 | N/A | 9.8 CRITICAL |
| An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting. | |||||
| CVE-2023-49948 | 1 Forgejo | 1 Forgejo | 2023-12-07 | N/A | 5.3 MEDIUM |
| Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL. | |||||
| CVE-2022-40433 | 1 Oracle | 1 Openjdk | 2023-12-06 | N/A | 4.9 MEDIUM |
| An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. Note: Vendor states that this to is Defense in Depth at most due to the nature of the issue and the special circumstances required (server must be running particular code locally, code compiled with an old, old version of javac, etc.). | |||||
| CVE-2023-34540 | 1 Langchain | 1 Langchain | 2023-12-06 | N/A | 9.8 CRITICAL |
| An issue discovered in Langchain before 0.0.225 allows attacker to run arbitrary code via jira.run('other' substring. | |||||
| CVE-2023-4912 | 1 Gitlab | 1 Gitlab | 2023-12-06 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input. | |||||
| CVE-2023-4658 | 1 Gitlab | 1 Gitlab | 2023-12-06 | N/A | 3.1 LOW |
| An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group. | |||||
| CVE-2023-4317 | 1 Gitlab | 1 Gitlab | 2023-12-06 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch. | |||||
| CVE-2023-45168 | 1 Ibm | 2 Aix, Vios | 2023-12-06 | N/A | 7.8 HIGH |
| IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966. | |||||
| CVE-2023-5226 | 1 Gitlab | 1 Gitlab | 2023-12-06 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI. | |||||
| CVE-2023-5995 | 1 Gitlab | 1 Gitlab | 2023-12-06 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects. | |||||
| CVE-2023-3964 | 1 Gitlab | 1 Gitlab | 2023-12-06 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings. | |||||
| CVE-2023-3949 | 1 Gitlab | 1 Gitlab | 2023-12-06 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members. | |||||
| CVE-2023-3443 | 1 Gitlab | 1 Gitlab | 2023-12-06 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items. | |||||
| CVE-2023-26533 | 1 Gesundheit-bewegt | 1 Zippy | 2023-12-06 | N/A | 6.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.1. | |||||
| CVE-2023-36523 | 1 Gopiplus | 1 Email Download Link | 2023-12-06 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link.This issue affects Email download link: from n/a through 3.7. | |||||
| CVE-2023-36507 | 1 Reputeinfosystems | 1 Bookingpress | 2023-12-06 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64. | |||||
| CVE-2023-46820 | 1 Iuliacazan | 1 Image Regenerate \& Select Crop | 2023-12-06 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop.This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0. | |||||
| CVE-2023-45834 | 1 Libsyn | 1 Libsyn Publisher Hub | 2023-12-06 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4. | |||||
| CVE-2023-48333 | 1 Booster | 1 Booster For Woocommerce | 2023-12-06 | N/A | 6.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1. | |||||
| CVE-2023-25057 | 1 Libsyn | 1 Libsyn Publisher Hub | 2023-12-06 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.3.2. | |||||
| CVE-2023-34872 | 1 Freedesktop | 1 Poppler | 2023-12-06 | N/A | 5.5 MEDIUM |
| A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. | |||||
| CVE-2023-6136 | 1 Bowo | 1 Debug Log Manager | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0. | |||||
| CVE-2023-37972 | 1 Multivendorx | 1 Product Stock Manager \& Notifier For Woocommerce | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1. | |||||
| CVE-2023-40211 | 1 Pickplugins | 1 Post Grid Combo | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. | |||||
| CVE-2023-40600 | 1 Ewww | 1 Image Optimizer | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0. | |||||
| CVE-2023-40662 | 1 Followmedarling | 1 Cookies And Content Security Policy | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15. | |||||
| CVE-2023-41735 | 1 Gopiplus | 1 Email Posts To Subscribers | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2. | |||||
| CVE-2023-44150 | 1 Properfraction | 1 Profilepress | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2. | |||||
| CVE-2023-45066 | 1 Smackcoders | 1 Export All Posts\, Products\, Orders\, Refunds \& Users | 2023-12-06 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. | |||||
| CVE-2023-2264 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2023-12-06 | N/A | 7.8 HIGH |
| An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-34390 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2023-12-06 | N/A | 6.5 MEDIUM |
| An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-37868 | 1 Leap13 | 1 Premium Addons | 2023-12-05 | N/A | 6.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0. | |||||
| CVE-2023-47418 | 1 Zoneland | 1 O2oa | 2023-12-05 | N/A | 9.8 CRITICAL |
| Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript. | |||||
| CVE-2023-40626 | 1 Joomla | 1 Joomla\! | 2023-12-05 | N/A | 7.5 HIGH |
| The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. | |||||
| CVE-2022-42537 | 1 Google | 1 Android | 2023-12-05 | N/A | 9.8 CRITICAL |
| Remote code execution | |||||
| CVE-2022-42536 | 1 Google | 1 Android | 2023-12-05 | N/A | 9.8 CRITICAL |
| Remote code execution | |||||
| CVE-2022-42540 | 1 Google | 1 Android | 2023-12-05 | N/A | 9.8 CRITICAL |
| Elevation of privilege | |||||
| CVE-2022-42541 | 1 Google | 1 Android | 2023-12-05 | N/A | 9.8 CRITICAL |
| Remote code execution | |||||
| CVE-2022-42539 | 1 Google | 1 Android | 2023-12-05 | N/A | 7.5 HIGH |
| Information disclosure | |||||
| CVE-2022-42538 | 1 Google | 1 Android | 2023-12-05 | N/A | 9.8 CRITICAL |
| Elevation of privilege | |||||
| CVE-2023-49694 | 1 Netgear | 1 Prosafe Network Management System | 2023-12-05 | N/A | 7.8 HIGH |
| A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM. | |||||
| CVE-2023-49103 | 1 Owncloud | 1 Graph Api | 2023-12-05 | N/A | 7.5 HIGH |
| An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure. | |||||