Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36826 | 1 Sentry | 1 Sentry | 2023-08-02 | N/A | 6.5 MEDIUM |
| Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the organization or have permissions on the project. A patch was issued in version 23.5.2 to ensure authorization checks are properly scoped on requests to retrieve debug or artifact bundles. Authenticated users who do not have the necessary permissions on the particular project are no longer able to download them. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 23.5.2 or higher. | |||||
| CVE-2023-37677 | 1 Pligg | 1 Pligg Cms | 2023-08-02 | N/A | 9.8 CRITICAL |
| Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. | |||||
| CVE-2023-2626 | 1 Google | 10 Nest Hub, Nest Hub Firmware, Nest Hub Max and 7 more | 2023-08-02 | N/A | 8.8 HIGH |
| There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network. This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall. Effected devices have been mitigated through an automatic update beyond the affected range. | |||||
| CVE-2023-3355 | 1 Linux | 1 Linux Kernel | 2023-08-02 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system. | |||||
| CVE-2023-2605 | 1 Wp Brutal Ai Project | 1 Wp Brutal Ai | 2023-08-02 | N/A | 6.1 MEDIUM |
| The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. | |||||
| CVE-2023-2601 | 1 Wp Brutal Ai Project | 1 Wp Brutal Ai | 2023-08-02 | N/A | 9.8 CRITICAL |
| The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF. | |||||
| CVE-2023-2068 | 1 Advancedfilemanager | 1 File Manager Advanced Shortcode | 2023-08-02 | N/A | 9.8 CRITICAL |
| The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. | |||||
| CVE-2023-36664 | 3 Artifex, Debian, Fedoraproject | 3 Ghostscript, Debian Linux, Fedora | 2023-08-02 | N/A | 7.8 HIGH |
| Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | |||||
| CVE-2023-2908 | 1 Libtiff | 1 Libtiff | 2023-08-02 | N/A | 5.5 MEDIUM |
| A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. | |||||
| CVE-2023-33298 | 1 Perimeter81 | 1 Xpc Helpertool | 2023-08-02 | N/A | 7.8 HIGH |
| com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. | |||||
| CVE-2023-3139 | 1 Wp-experts | 1 Protect Wp Admin | 2023-08-02 | N/A | 6.1 MEDIUM |
| The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered. | |||||
| CVE-2023-31194 | 1 Diagon Project | 1 Diagon | 2023-08-02 | N/A | 7.8 HIGH |
| An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. | |||||
| CVE-2023-27390 | 1 Diagon Project | 1 Diagon | 2023-08-02 | N/A | 7.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | |||||
| CVE-2023-24019 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 8.1 HIGH |
| A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-24018 | 1 Milesight | 2 Ur-32l, Ur-32l Firmware | 2023-08-02 | N/A | 8.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2023-22653 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2023-25084 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip, mac and description variables. | |||||
| CVE-2023-25083 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip and mac variables. | |||||
| CVE-2023-25082 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables. | |||||
| CVE-2023-25081 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables. | |||||
| CVE-2023-25087 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dport variables. | |||||
| CVE-2023-25086 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables. | |||||
| CVE-2023-25099 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the dest variable. | |||||
| CVE-2023-25098 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable. | |||||
| CVE-2023-25097 | 1 Milesight | 2 Ur-32l, Ur-32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable. | |||||
| CVE-2023-25096 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings. | |||||
| CVE-2023-25095 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands. | |||||
| CVE-2023-25094 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the into_class_node function with either the class_name or old_class_name variable. | |||||
| CVE-2023-25093 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable.. | |||||
| CVE-2023-25092 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and out_acl variables. | |||||
| CVE-2023-25091 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1. | |||||
| CVE-2023-25090 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables. | |||||
| CVE-2023-25089 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1. | |||||
| CVE-2023-25088 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables. | |||||
| CVE-2023-31484 | 2 Cpanpm Project, Perl | 2 Cpanpm, Perl | 2023-08-02 | N/A | 8.1 HIGH |
| CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. | |||||
| CVE-2023-25104 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables. | |||||
| CVE-2023-25103 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables. | |||||
| CVE-2023-25102 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the hub_ip and the hub_gre_ip variables. | |||||
| CVE-2023-25101 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_key variable. | |||||
| CVE-2023-25100 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the default_class variable. | |||||
| CVE-2023-25085 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables. | |||||
| CVE-2023-25112 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables. | |||||
| CVE-2023-25111 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable. | |||||
| CVE-2023-25110 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_virtual_ip variable. | |||||
| CVE-2023-25109 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable. | |||||
| CVE-2023-25108 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_ip variable. | |||||
| CVE-2023-25107 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_subnet and the remote_mask variables. | |||||
| CVE-2023-25106 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables. | |||||
| CVE-2023-25105 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable. | |||||
| CVE-2023-25123 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables when action is 2. | |||||