Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49280 | 1 Xwiki | 1 Change Request | 2023-12-08 | N/A | 6.5 MEDIUM |
| XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain password hash of users by performing an edit on the user profiles and then downloading the XML file that has been created. This is also true for any document that might contain password field and that a user can view. This vulnerability impacts all version of Change Request, but the impact depends on the rights that has been set on the wiki since it requires for the user to have the Change request right (allowed by default) and view rights on the page to target. This issue cannot be easily exploited in an automated way. The patch consists in denying to users the right of editing pages that contains a password field with change request. It means that already existing change request for those pages won't be removed by the patch, administrators needs to take care of it. The patch is provided in Change Request 1.10, administrators should upgrade immediately. It's possible to workaround the vulnerability by denying manually the Change request right on some spaces, such as XWiki space which will include any user profile by default. | |||||
| CVE-2023-40461 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2023-12-08 | N/A | 4.8 MEDIUM |
| The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition. | |||||
| CVE-2023-40460 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2023-12-08 | N/A | 5.4 MEDIUM |
| The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted. | |||||
| CVE-2023-40459 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2023-12-08 | N/A | 7.5 HIGH |
| The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. | |||||
| CVE-2023-40464 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2023-12-08 | N/A | 6.8 MEDIUM |
| Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server. | |||||
| CVE-2023-40463 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2023-12-08 | N/A | 7.2 HIGH |
| When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. | |||||
| CVE-2023-40465 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2023-12-08 | N/A | 5.5 MEDIUM |
| Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal. | |||||
| CVE-2023-45779 | 1 Google | 1 Android | 2023-12-08 | N/A | 7.8 HIGH |
| In TBD of TBD, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-6341 | 1 Catalisgov | 1 Cms360 | 2023-12-08 | N/A | 5.3 MEDIUM |
| Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation. | |||||
| CVE-2023-49097 | 1 Zitadel | 1 Zitadel | 2023-12-08 | N/A | 8.8 HIGH |
| ZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicious site in the email, the secret code can be retrieved and used to reset the users password and take over his account. Accounts with MFA or Passwordless enabled can not be taken over by this attack. This issue has been patched in versions 2.41.6, 2.40.10 and 2.39.9. | |||||
| CVE-2023-49091 | 1 Cosmos-cloud | 1 Cosmos Server | 2023-12-08 | N/A | 9.8 CRITICAL |
| Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0. | |||||
| CVE-2023-6474 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-12-08 | N/A | 6.5 MEDIUM |
| A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-phlebotomist.php. The manipulation of the argument pid leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246640. | |||||
| CVE-2023-5762 | 1 Filr Project | 1 Filr | 2023-12-08 | N/A | 8.8 HIGH |
| The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. | |||||
| CVE-2023-24048 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2023-12-08 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm. | |||||
| CVE-2023-5884 | 1 Back2nature | 1 Word Balloon | 2023-12-08 | N/A | 6.5 MEDIUM |
| The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link. | |||||
| CVE-2023-6063 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2023-12-08 | N/A | 7.5 HIGH |
| The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. | |||||
| CVE-2023-5990 | 1 Funnelforms | 1 Funnelforms Free | 2023-12-08 | N/A | 6.5 MEDIUM |
| The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks | |||||
| CVE-2023-5979 | 1 Implecode | 1 Ecommerce Product Catalog | 2023-12-08 | N/A | 6.5 MEDIUM |
| The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products | |||||
| CVE-2023-5953 | 1 Collne | 1 Welcart E-commerce | 2023-12-08 | N/A | 8.8 HIGH |
| The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server | |||||
| CVE-2023-5952 | 1 Collne | 1 Welcart | 2023-12-08 | N/A | 9.8 CRITICAL |
| The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog | |||||
| CVE-2023-6460 | 1 Google | 1 Cloud Firestore | 2023-12-08 | N/A | 5.5 MEDIUM |
| A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue | |||||
| CVE-2023-46575 | 1 Layer5 | 1 Meshery | 2023-12-08 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter | |||||
| CVE-2022-48560 | 2 Debian, Python | 2 Debian Linux, Python | 2023-12-08 | N/A | 7.5 HIGH |
| A use-after-free exists in Python through 3.9 via heappushpop in heapq. | |||||
| CVE-2022-43677 | 1 Free5gc | 1 Free5gc | 2023-12-08 | N/A | 5.5 MEDIUM |
| In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString. | |||||
| CVE-2014-125068 | 1 Maps-js-icoads Project | 1 Maps-js-icoads | 2023-12-08 | N/A | 5.3 MEDIUM |
| A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patch is named 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643. | |||||
| CVE-2014-125063 | 1 Bid Project | 1 Bid | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identifier of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability. | |||||
| CVE-2014-125062 | 1 Bitstorm Project | 1 Bitstorm | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The identifier of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability. | |||||
| CVE-2021-4307 | 1 Baobab Project | 1 Baobab | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The patch is named c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627. | |||||
| CVE-2020-36646 | 1 Mediaarea | 1 Zenlib | 2023-12-08 | N/A | 7.5 HIGH |
| A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The identifier of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability. | |||||
| CVE-2020-36639 | 2 Alliedmods, Microsoft | 2 Amx Mod X, Windows | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The patch is identified as a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-4300 | 1 Halcyon Project | 1 Halcyon | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched remotely. Upgrading to version 1.1.1.0-hal is able to address this issue. The identifier of the patch is 0675b25ae9cc10b5fdc8ea3a32c642979762d45e. It is recommended to upgrade the affected component. The identifier VDB-217417 was assigned to this vulnerability. | |||||
| CVE-2023-45849 | 1 Perforce | 1 Helix Core | 2023-12-08 | N/A | 9.8 CRITICAL |
| An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner. | |||||
| CVE-2011-0448 | 1 Rubyonrails | 1 Rails | 2023-12-07 | 7.5 HIGH | N/A |
| Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument. | |||||
| CVE-2018-25023 | 1 Servo | 1 Smallvec | 2023-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type. | |||||
| CVE-2021-43114 | 2 Debian, Fort Validator Project | 2 Debian Linux, Fort Validator | 2023-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation. | |||||
| CVE-2021-33571 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2023-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) . | |||||
| CVE-2021-31542 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2023-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. | |||||
| CVE-2020-35857 | 1 Trust-dns-server Project | 1 Trust-dns-server | 2023-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption. | |||||
| CVE-2018-7536 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2023-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. | |||||
| CVE-2017-16877 | 1 Zeit | 1 Next.js | 2023-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. | |||||
| CVE-2016-5851 | 1 Python-openxml Project | 1 Python-docx | 2023-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. | |||||
| CVE-2023-48815 | 1 Keking | 1 Kkfileview | 2023-12-07 | N/A | 6.1 MEDIUM |
| kkFileView v4.3.0 is vulnerable to Incorrect Access Control. | |||||
| CVE-2023-41613 | 2 Ezviz, Microsoft | 2 Ezviz Studio, Windows | 2023-12-07 | N/A | 7.8 HIGH |
| EzViz Studio v2.2.0 is vulnerable to DLL hijacking. | |||||
| CVE-2023-48967 | 1 Noear | 1 Solon | 2023-12-07 | N/A | 9.8 CRITICAL |
| Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data. | |||||
| CVE-2023-48910 | 1 Microcks | 1 Microcks | 2023-12-07 | N/A | 9.8 CRITICAL |
| Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request. | |||||
| CVE-2023-48966 | 1 Thinkadmin | 1 Thinkadmin | 2023-12-07 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. | |||||
| CVE-2023-48965 | 1 Thinkadmin | 1 Thinkadmin | 2023-12-07 | N/A | 8.8 HIGH |
| An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. | |||||
| CVE-2023-5768 | 1 Hitachienergy | 8 Rtu520, Rtu520 Firmware, Rtu530 and 5 more | 2023-12-07 | N/A | 6.1 MEDIUM |
| A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Incomplete or wrong received APDU frame layout may cause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layer with wrong length information of APDU or delayed reception of data octets. Only communication link of affected HCI IEC 60870-5-104 is blocked. If attack sequence stops the communication to the previously attacked link gets normal again. | |||||
| CVE-2023-47124 | 1 Traefik | 1 Traefik | 2023-12-07 | N/A | 5.9 MEDIUM |
| Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`. | |||||
| CVE-2023-47106 | 1 Traefik | 1 Traefik | 2023-12-07 | N/A | 6.5 MEDIUM |
| Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||