Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17153 | 1 Western Digital | 21 My Cloud Dl2100, My Cloud Dl4100, My Cloud Dl4100 Firmware and 18 more | 2023-07-28 | 10.0 HIGH | 9.8 CRITICAL |
| It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie. | |||||
| CVE-2016-10108 | 1 Western Digital | 1 Mycloud Nas | 2023-07-28 | 10.0 HIGH | 9.8 CRITICAL |
| Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data. | |||||
| CVE-2023-29260 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2023-07-28 | N/A | 5.4 MEDIUM |
| IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135. | |||||
| CVE-2023-3765 | 2 Lfprojects, Microsoft | 2 Mlflow, Windows | 2023-07-28 | N/A | 10.0 CRITICAL |
| Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | |||||
| CVE-2023-3789 | 1 Paulprinting Project | 1 Paulprinting | 2023-07-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Affected is an unknown function of the file /account/delivery of the component Search. The manipulation of the argument s leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235056. | |||||
| CVE-2023-3787 | 1 Tiva Events Calendar Project | 1 Tiva Events Calendar | 2023-07-28 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4. This vulnerability affects unknown code. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235054 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-37899 | 1 Feathersjs | 1 Feathers | 2023-07-28 | N/A | 7.5 HIGH |
| Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability. | |||||
| CVE-2023-3784 | 1 Wifi File Explorer Project | 1 Wifi File Explorer | 2023-07-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument search/order/download/mode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235051. | |||||
| CVE-2023-3783 | 1 Webile Wifi Pc File Transfer Project | 1 Webile Wifi Pc File Transfer | 2023-07-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Webile 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation of the argument new_file_name/c leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235050 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-35900 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2023-07-28 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368. | |||||
| CVE-2023-3751 | 1 Superstorefinder | 1 Super Store Finder | 2023-07-28 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Super Store Finder 3.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component POST Parameter Handler. The manipulation of the argument products leads to sql injection. The attack can be launched remotely. The identifier VDB-234421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-35898 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-07-28 | N/A | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352. | |||||
| CVE-2023-27877 | 1 Ibm | 1 Cloud Pak For Data | 2023-07-28 | N/A | 7.5 HIGH |
| IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905. | |||||
| CVE-2023-3785 | 1 Paulprinting Project | 1 Paulprinting | 2023-07-28 | N/A | 5.4 MEDIUM |
| A vulnerability was found in PaulPrinting CMS 2018. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument firstname/lastname/address/city/state leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235052. | |||||
| CVE-2023-3779 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2023-07-28 | N/A | 5.3 MEDIUM |
| The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised. This only affects sites running the premium version of the plugin and that have the Mailchimp block enabled on a page. | |||||
| CVE-2023-37290 | 1 Infodoc | 1 Document On-line Submission And Approval System | 2023-07-28 | N/A | 7.5 HIGH |
| InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows unauthenticated remote attackers to perform Server-Side Request Forgery (SSRF) attacks, gaining unauthorized access to arbitrary system files and uncovering the internal network topology. | |||||
| CVE-2021-39822 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-07-28 | N/A | 7.8 HIGH |
| Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. | |||||
| CVE-2023-37289 | 1 Infodoc | 1 Document On-line Submission And Approval System | 2023-07-28 | N/A | 9.8 CRITICAL |
| It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567. | |||||
| CVE-2022-28734 | 1 Gnu | 1 Grub2 | 2023-07-28 | N/A | 9.8 CRITICAL |
| Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. | |||||
| CVE-2022-28737 | 1 Redhat | 1 Shim | 2023-07-28 | N/A | 7.8 HIGH |
| There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. | |||||
| CVE-2022-28736 | 1 Gnu | 1 Grub2 | 2023-07-28 | N/A | 7.8 HIGH |
| There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. | |||||
| CVE-2022-28735 | 1 Gnu | 1 Grub2 | 2023-07-28 | N/A | 7.8 HIGH |
| The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. | |||||
| CVE-2023-38257 | 1 Iagona | 1 Scrutisweb | 2023-07-28 | N/A | 7.5 HIGH |
| Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords. | |||||
| CVE-2023-0597 | 1 Linux | 1 Linux Kernel | 2023-07-28 | N/A | 5.5 MEDIUM |
| A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. | |||||
| CVE-2023-3722 | 1 Avaya | 1 Aura Device Services | 2023-07-28 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier. | |||||
| CVE-2023-26217 | 1 Tibco | 1 Ebx Add-ons | 2023-07-28 | N/A | 8.8 HIGH |
| The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0. | |||||
| CVE-2022-28733 | 1 Gnu | 1 Grub2 | 2023-07-28 | N/A | 8.1 HIGH |
| Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. | |||||
| CVE-2023-37748 | 1 Miniupnp Project | 1 Ngiflib | 2023-07-28 | N/A | 5.5 MEDIUM |
| ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c. | |||||
| CVE-2023-3467 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2023-07-28 | N/A | 8.0 HIGH |
| Privilege Escalation to root administrator (nsroot) | |||||
| CVE-2023-3466 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2023-07-28 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) | |||||
| CVE-2023-3827 | 1 Bugfinder | 1 Listplace Directory Listing Platform | 2023-07-28 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3826 | 1 Ibos | 1 Ibos | 2023-07-28 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=recruit/resume/edit&op=status of the component Interview Handler. The manipulation of the argument resumeid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3828 | 1 Bugfinder | 1 Listplace Directory Listing Platform | 2023-07-28 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument user_cover_photo leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3829 | 1 Bugfinder | 1 Icogenie | 2023-07-28 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Bug Finder ICOGenie 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/ticket/create of the component Support Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. VDB-235150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-32261 | 1 Microfocus | 1 Dimensions Cm | 2023-07-28 | N/A | 6.5 MEDIUM |
| A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ | |||||
| CVE-2023-32263 | 1 Microfocus | 1 Dimensions Cm | 2023-07-28 | N/A | 5.7 MEDIUM |
| A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when the Jenkins plugin is configured to use login certificate credentials. https://www.jenkins.io/security/advisory/2023-06-14/ | |||||
| CVE-2023-32262 | 1 Microfocus | 1 Dimensions Cm | 2023-07-28 | N/A | 6.5 MEDIUM |
| A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ | |||||
| CVE-2023-3674 | 2 Fedoraproject, Keylime | 2 Fedora, Keylime | 2023-07-28 | N/A | 2.8 LOW |
| A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted. | |||||
| CVE-2023-3638 | 1 Geovision | 2 Gv-adr2701, Gv-adr2701 Firmware | 2023-07-28 | N/A | 9.8 CRITICAL |
| In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application. | |||||
| CVE-2023-39190 | 2023-07-28 | N/A | N/A | ||
| ** REJECT ** CVE-2023-39190 was found to be a duplicate of CVE-2023-31436. Please see https://access.redhat.com/security/cve/CVE-2023-31436 for information about affected products and security errata. | |||||
| CVE-2021-32256 | 1 Gnu | 1 Binutils | 2023-07-28 | N/A | 6.5 MEDIUM |
| An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. | |||||
| CVE-2023-26023 | 1 Ibm | 1 Cloud Pak For Data | 2023-07-28 | N/A | 7.5 HIGH |
| Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. | |||||
| CVE-2023-29259 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2023-07-28 | N/A | 5.3 MEDIUM |
| IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055. | |||||
| CVE-2023-30433 | 1 Ibm | 1 Security Verify Access | 2023-07-28 | N/A | 5.4 MEDIUM |
| IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186. | |||||
| CVE-2023-3724 | 1 Wolfssl | 1 Wolfssl | 2023-07-28 | N/A | 8.8 HIGH |
| If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used. | |||||
| CVE-2023-35818 | 1 Espressif | 44 Esp-eye, Esp-eye Firmware, Esp32-d0wd-v3 and 41 more | 2023-07-28 | N/A | 6.8 MEDIUM |
| An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code. | |||||
| CVE-2023-37479 | 1 Openenclave | 1 Openenclave | 2023-07-28 | N/A | 7.5 HIGH |
| Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the `MXCSR` register on enclave entry. This makes applications vulnerable to MXCSR Configuration Dependent Timing (MCDT) attacks, where incorrect `MXCSR` values can impact instruction retirement by at most one cycle, depending on the (secret) data operand value. Please find more details in the guidance from Intel in the references. Second, Open Enclave SDK does not sanitize x86's alignment check flag `RFLAGS.AC` on enclave entry. This opens up the possibility for a side-channel attacker to be notified for every unaligned memory access performed by the enclave. The issue has been addressed in version 0.19.3 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-32635 | 1 Edinet-fsa | 1 Xbrl Data Create | 2023-07-28 | N/A | 5.5 MEDIUM |
| XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker. | |||||
| CVE-2020-22159 | 1 Evertz | 6 3080ipx, 3080ipx Firmware, 7801fc and 3 more | 2023-07-28 | N/A | 8.8 HIGH |
| EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files. | |||||
| CVE-2023-3757 | 1 Gzscripts | 1 Car Rental Php Script | 2023-07-28 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in GZ Scripts Car Rental Script 1.8. Affected is an unknown function of the file /EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234432. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||