Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46845 | 1 Ec-cube | 1 Ec-cube | 2023-11-15 | N/A | 7.2 HIGH |
| EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege. | |||||
| CVE-2023-46768 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 7.5 HIGH |
| Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2023-6002 | 1 Yugabyte | 1 Yugabytedb | 2023-11-15 | N/A | 6.1 MEDIUM |
| YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs. | |||||
| CVE-2023-47113 | 2 Bleachbit, Microsoft | 2 Bleachbit, Windows | 2023-11-15 | N/A | 7.3 HIGH |
| BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0. | |||||
| CVE-2023-36688 | 1 Idoweb | 1 Simple Site Verify | 2023-11-15 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin <= 1.0.7 versions. | |||||
| CVE-2023-25994 | 1 Publish To Schedule Project | 1 Publish To Schedule | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.4.2 versions. | |||||
| CVE-2023-47008 | 1 Asus | 2 Rt-ax57, Rt-ax57 Firmware | 2023-11-15 | N/A | 9.8 CRITICAL |
| An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the ifname field in the sub_4CCE4 function. | |||||
| CVE-2023-47007 | 1 Asus | 2 Rt-ax57, Rt-ax57 Firmware | 2023-11-15 | N/A | 9.8 CRITICAL |
| An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_391B8 function. | |||||
| CVE-2023-47006 | 1 Asus | 2 Rt-ax57, Rt-ax57 Firmware | 2023-11-15 | N/A | 9.8 CRITICAL |
| An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ipaddr field in the sub_6FC74 function. | |||||
| CVE-2023-47005 | 1 Asus | 2 Rt-ax57, Rt-ax57 Firmware | 2023-11-15 | N/A | 9.8 CRITICAL |
| An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_ln 2C318 function. | |||||
| CVE-2023-46894 | 1 Espressif | 1 Esptool | 2023-11-15 | N/A | 7.5 HIGH |
| An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm. | |||||
| CVE-2023-45884 | 1 Nasa | 1 Openmct | 2023-11-15 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin. | |||||
| CVE-2023-47110 | 1 Prestashop | 1 Customer Reassurance Block | 2023-11-15 | N/A | 5.3 MEDIUM |
| blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4. | |||||
| CVE-2023-5544 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2023-11-15 | N/A | 5.4 MEDIUM |
| Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | |||||
| CVE-2023-5541 | 1 Moodle | 1 Moodle | 2023-11-15 | N/A | 6.1 MEDIUM |
| The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | |||||
| CVE-2023-45885 | 1 Nasa | 1 Openmct | 2023-11-15 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. | |||||
| CVE-2023-5546 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2023-11-15 | N/A | 5.4 MEDIUM |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | |||||
| CVE-2023-46621 | 1 Enejbajgoric\/gagansandhu\/ctltdev | 1 User Avatar | 2023-11-15 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin <= 1.4.11 versions. | |||||
| CVE-2023-46769 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 7.5 HIGH |
| Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-46770 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 7.5 HIGH |
| Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users' mobile phones. | |||||
| CVE-2023-5547 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2023-11-15 | N/A | 6.1 MEDIUM |
| The course upload preview contained an XSS risk for users uploading unsafe data. | |||||
| CVE-2023-46851 | 1 Apache | 1 Allura | 2023-11-15 | N/A | 4.9 MEDIUM |
| Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution. This issue affects Apache Allura from 1.0.1 through 1.15.0. Users are recommended to upgrade to version 1.16.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file. | |||||
| CVE-2023-5076 | 1 Ziteboard | 1 Ziteboard | 2023-11-15 | N/A | 5.4 MEDIUM |
| The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-42555 | 1 Samsung | 1 Easysetup | 2023-11-15 | N/A | 5.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device. | |||||
| CVE-2022-4330 | 1 Marcomilesi | 1 Wp Attachments | 2023-11-15 | N/A | 4.8 MEDIUM |
| The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3469 | 1 Marcomilesi | 1 Wp Attachments | 2023-11-15 | N/A | 4.8 MEDIUM |
| The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | |||||
| CVE-2023-42554 | 1 Samsung | 1 Pass | 2023-11-15 | N/A | 6.8 MEDIUM |
| Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication. | |||||
| CVE-2023-42553 | 1 Samsung | 1 Email | 2023-11-15 | N/A | 5.3 MEDIUM |
| Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. | |||||
| CVE-2023-42552 | 1 Samsung | 2 Android, Firewall | 2023-11-15 | N/A | 3.3 LOW |
| Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall. | |||||
| CVE-2023-42545 | 1 Samsung | 2 Android, Phone | 2023-11-15 | N/A | 7.5 HIGH |
| Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data. | |||||
| CVE-2023-42544 | 1 Samsung | 1 Quick Share | 2023-11-15 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. | |||||
| CVE-2022-47442 | 1 Ayecode | 1 Userswp | 2023-11-15 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9. | |||||
| CVE-2022-45350 | 1 Simple-history | 1 Simple History | 2023-11-15 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1. | |||||
| CVE-2021-39231 | 1 Apache | 1 Ozone | 2023-11-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration. | |||||
| CVE-2022-43830 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43829 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43828 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43827 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43826 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43825 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43824 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43823 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43822 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43821 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43820 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43819 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43818 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43817 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43816 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43815 | 2023-11-15 | N/A | N/A | ||
| Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||