Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39316 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2024-01-12 | N/A | 5.7 MEDIUM |
| FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade. | |||||
| CVE-2023-7223 | 1 Totolink | 2 T6, T6 Firmware | 2024-01-12 | N/A | 6.5 MEDIUM |
| A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-1561 | 1 Fabianros | 1 Simple Online Hotel Reservation System | 2024-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file add_room.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-223554 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-46146 | 1 Prometheus | 1 Exporter Toolkit | 2024-01-12 | N/A | 8.8 HIGH |
| Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality. | |||||
| CVE-2023-26456 | 1 Open-xchange | 1 Ox Guard | 2024-01-12 | N/A | 5.4 MEDIUM |
| Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known. | |||||
| CVE-2023-26455 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 7.8 HIGH |
| RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known. | |||||
| CVE-2023-26454 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 8.8 HIGH |
| Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. | |||||
| CVE-2023-26450 | 1 Open-xchange | 1 Open-xchange Appsuite Frontend | 2024-01-12 | N/A | 5.4 MEDIUM |
| The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known. | |||||
| CVE-2023-26449 | 1 Open-xchange | 1 Open-xchange Appsuite Frontend | 2024-01-12 | N/A | 5.4 MEDIUM |
| The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known. | |||||
| CVE-2023-26448 | 1 Open-xchange | 1 Open-xchange Appsuite Frontend | 2024-01-12 | N/A | 5.4 MEDIUM |
| Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content for those locations to avoid redirects to malicious content. No publicly available exploits are known. | |||||
| CVE-2023-26447 | 1 Open-xchange | 1 Open-xchange Appsuite Frontend | 2024-01-12 | N/A | 5.4 MEDIUM |
| The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content. No publicly available exploits are known. | |||||
| CVE-2023-26446 | 1 Open-xchange | 1 Open-xchange Appsuite Frontend | 2024-01-12 | N/A | 5.4 MEDIUM |
| The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the user-controllable clientID parameter. No publicly available exploits are known. | |||||
| CVE-2023-26445 | 1 Open-xchange | 1 Open-xchange Appsuite Frontend | 2024-01-12 | N/A | 5.4 MEDIUM |
| Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the theme value and use a default fallback if no theme matches. No publicly available exploits are known. | |||||
| CVE-2023-26443 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 9.8 CRITICAL |
| Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known. | |||||
| CVE-2023-26442 | 1 Open-xchange | 1 Open-xchange Appsuite Office | 2024-01-12 | N/A | 3.2 LOW |
| In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources. No publicly available exploits are known. | |||||
| CVE-2023-26441 | 1 Open-xchange | 1 Open-xchange Appsuite Office | 2024-01-12 | N/A | 5.5 MEDIUM |
| Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. We have improved path validation and make sure that any access is contained to the defined root directory. No publicly available exploits are known. | |||||
| CVE-2023-26440 | 1 Open-xchange | 1 Open-xchange Appsuite Office | 2024-01-12 | N/A | 7.8 HIGH |
| The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known. | |||||
| CVE-2023-26439 | 1 Open-xchange | 1 Open-xchange Appsuite Office | 2024-01-12 | N/A | 7.8 HIGH |
| The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known. | |||||
| CVE-2023-26438 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 3.1 LOW |
| External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known. | |||||
| CVE-2023-26430 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 4.3 MEDIUM |
| Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. We have added sanitization to all mail-filter APIs to avoid forwardning control characters to subsystems. No publicly available exploits are known. | |||||
| CVE-2023-26436 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 8.8 HIGH |
| Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processing the request. A check has been introduced to restrict processing of legal and expected classes for this API. We now log a warning in case there are attempts to inject illegal classes. No publicly available exploits are known. | |||||
| CVE-2023-26435 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 5.0 MEDIUM |
| It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. We have improved existing content filters and validators to avoid including any local resources. No publicly available exploits are known. | |||||
| CVE-2023-26434 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 4.3 MEDIUM |
| When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server response to reasonable length/size. No publicly available exploits are known. | |||||
| CVE-2023-26433 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 4.3 MEDIUM |
| When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known. | |||||
| CVE-2023-26432 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 4.3 MEDIUM |
| When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known. | |||||
| CVE-2023-26431 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 4.3 MEDIUM |
| IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known. | |||||
| CVE-2023-26429 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 5.3 MEDIUM |
| Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known. | |||||
| CVE-2023-26428 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 6.5 MEDIUM |
| Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known. | |||||
| CVE-2023-26427 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 3.3 LOW |
| Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known. | |||||
| CVE-2023-29047 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 7.3 HIGH |
| Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known. | |||||
| CVE-2023-29046 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 4.3 MEDIUM |
| Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known. | |||||
| CVE-2023-29045 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 5.4 MEDIUM |
| Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known. | |||||
| CVE-2023-29044 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 5.4 MEDIUM |
| Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known. | |||||
| CVE-2023-29043 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 6.1 MEDIUM |
| Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known. | |||||
| CVE-2023-26453 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 8.8 HIGH |
| Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. | |||||
| CVE-2023-26452 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-01-12 | N/A | 8.8 HIGH |
| Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. | |||||
| CVE-2023-26451 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 7.5 HIGH |
| Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known. | |||||
| CVE-2024-0393 | 2024-01-12 | N/A | N/A | ||
| Rejected reason: This CVE ID was unused by the CNA. | |||||
| CVE-2023-50570 | 1 Seancfoley | 1 Ipaddress | 2024-01-12 | N/A | 5.5 MEDIUM |
| An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. This is disputed because an infinite loop occurs only for cases in which the developer supplies invalid arguments. The product is not intended to always halt for contrived inputs. | |||||
| CVE-2023-51766 | 2 Exim, Fedoraproject | 3 Exim, Extra Packages For Enterprise Linux, Fedora | 2024-01-12 | N/A | 4.3 MEDIUM |
| Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. | |||||
| CVE-2023-34194 | 1 Tinyxml Project | 1 Tinyxml | 2024-01-12 | N/A | 7.5 HIGH |
| StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace. | |||||
| CVE-2021-42260 | 2 Debian, Tinyxml Project | 2 Debian Linux, Tinyxml | 2024-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. | |||||
| CVE-2023-6788 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2024-01-11 | N/A | 5.4 MEDIUM |
| The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update the options "mf_hubsopt_token", "mf_hubsopt_refresh_token", "mf_hubsopt_token_type", and "mf_hubsopt_expires_in" via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This would allow an attacker to connect their own Hubspot account to a victim site's metform to obtain leads and contacts. | |||||
| CVE-2023-6594 | 1 Maxfoundry | 1 Maxbuttons | 2024-01-11 | N/A | 4.8 MEDIUM |
| The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Administrators can give button creation privileges to users with lower levels (contributor+) which would allow those lower-privileged users to carry out attacks. | |||||
| CVE-2023-47489 | 1 Combodo | 1 Itop | 2024-01-11 | N/A | 7.8 HIGH |
| CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. | |||||
| CVE-2024-21738 | 1 Sap | 1 Netweaver Application Server Abap | 2024-01-11 | N/A | 5.4 MEDIUM |
| SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation. | |||||
| CVE-2023-27000 | 1 Netscout | 1 Ngeniusone | 2024-01-11 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s). | |||||
| CVE-2023-49621 | 1 Siemens | 1 Simatic Cn 4100 | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device. | |||||
| CVE-2023-49252 | 1 Siemens | 1 Simatic Cn 4100 | 2024-01-11 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition. | |||||
| CVE-2023-6875 | 2024-01-11 | N/A | N/A | ||
| The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover. | |||||