Wzzz
/
NLP
Not watched
1
0
Fork 0
Code
Releases 0 Wiki evaluate Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain HPC
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 45915b2ba1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '45915b2ba1'
${ noResults }
NLP/Models+K-Means/dataset_more/test.csv

2.9 MB
Raw Blame History

CVE-2018-10360The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-2463The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N8.63.94.0HIGH2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDHIGHNONENONE
CVE-2018-12633An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage.CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H6.31.05.2MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2018-8320A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2018-12909Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-4976Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-16429GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-10969SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-4160An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-7930The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C567) has an information leak vulnerability due to insufficient validation on data transfer requests. When an affected mobile phone sends files to an attacker's mobile phone using the NFC function, the attacker can obtain arbitrary files from the mobile phone, causing information leaks.CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.72.13.6MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-5698libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-12023An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-0244A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy to drop the Server Message Block (SMB) protocol if a malware file is detected. The vulnerability is due to how the SMB protocol handles a case in which a large file transfer fails. This case occurs when some pieces of the file are successfully transferred to the remote endpoint, but ultimately the file transfer fails and is reset. An attacker could exploit this vulnerability by sending a crafted SMB file transfer request through the targeted device. An exploit could allow the attacker to pass an SMB file that contains malware, which the device is configured to block. This vulnerability affects Cisco Firepower System Software when one or more file action policies are configured, on software releases prior to 6.2.3. Cisco Bug IDs: CSCvc20141.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N5.83.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDNONELOWNONE
CVE-2018-13758The mintToken function of a smart contract implementation for LoliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-0449A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac client to perform such actions, allowing files to be created in an arbitrary location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten.CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N4.20.60000000000000013.6MEDIUM2024-12-07T08:02ZLOCALLOWHIGHREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2018-3948An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-4321A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2018-14945An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-10260A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-20010DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-6764util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1015A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1016.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-14505mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-19559CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-18924The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17668This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeAttribute method of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6522.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-13286Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-20789tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-3074Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H5.31.63.6MEDIUM2024-12-07T08:02ZNETWORKHIGHLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-14952The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-0546Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-13704The mintToken function of a smart contract implementation for eddToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-7668TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-1937IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317.CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2018-7442An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2018-20865cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-15169A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-17380SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-12627An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-6077Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-13602The mint function of a smart contract implementation for MiningToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-8479A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L5.62.23.4MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDLOWLOWLOW
CVE-2018-17125CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-6151Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-5044Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-10311A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-15369A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H6.82.24.0MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONECHANGEDNONENONEHIGH
CVE-2018-5877In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-10480This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the U3D Node Name buffer. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5401.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-12572Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13000An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-15907Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versionsCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-7231A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15502Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-10918A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-0659Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2018-19058An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-8050The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-15323On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-9841The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-3895An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15485An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2018-16480A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-13171The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-1523IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141804.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-10994js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-11750Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-1299In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-11559DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-6661DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-19051MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-0550Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2018-5851Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-3902An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H9.93.16.0CRITICAL2024-12-07T08:02ZNETWORKLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2018-12436wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N4.71.03.6MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-15140Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-15394A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15631Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-20633PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-6773In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9A008084.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-16523Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H7.42.25.2HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2018-0134A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2018-0328A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-13030An issue was discovered in jpeg-compressor 0.1. The build_huffman function in stb_image.c allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-12922Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-13053The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L3.31.81.4LOW2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONENONELOW
CVE-2018-12480Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-9986In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-19616An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-2684Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Registration Process). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2018-19370A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import.CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.60.70000000000000015.9MEDIUM2024-12-07T08:02ZNETWORKHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9145In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-5068Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-2466In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-1368IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N4.41.82.5MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2018-0838Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-16858It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15460A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H8.63.94.0HIGH2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDNONENONEHIGH
CVE-2018-1525IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142117.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-19331An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-9339In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13206The sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-0745The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747.CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N4.71.03.6MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-13776The mintToken function of a smart contract implementation for AppleToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-20029The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-15596An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-15719Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13714The mintToken function of a smart contract implementation for CM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-0273A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2018-14831An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2018-3609A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17161In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-18399SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8611An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11966Undefined behavior in UE while processing unknown IEI in OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15379A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9330register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-13396There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17846The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-6104Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2018-4368A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-12805Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-18803Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5455A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17613Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-6048Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2018-1168This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-3292Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H8.61.86.0HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2018-11218Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-19167CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-0363A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi55878.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-2459Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-6188django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-20218An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1000211Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-9573In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116467350.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-18567AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-16146The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-18330An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Consumer) versions 3.0.1324 and below could allow an attacker to potentially trick a victim into visiting a malicious URL using address bar spoofing on the Private Browser of the app on vulnerable installations.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2018-6580Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-19452A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-16668An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2018-0349A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1000417A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHHIGH
CVE-2018-7542An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H6.52.04.0MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONECHANGEDNONENONEHIGH
CVE-2018-0595Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-4347A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-10997Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15392A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending malicious DHCP lease requests to an affected application. A successful exploit could allow the attacker to cause the DHCP service to terminate, resulting in a DoS condition.CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L4.32.81.4MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2018-8157A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-6184ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-11549An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-18692A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-4201An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-15447A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13089The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-13843An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issueCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-12769Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-7828A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-7518In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9138An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-0969An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-7253The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-12972An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13992The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-14710Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-7327In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-6628In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8000010c.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-19025In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11880Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-0108A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacker to perform an out-of-band XXE injection on the system, which could allow an attacker to capture customer files and redirect them to another destination address. An exploit could allow the attacker to discover sensitive customer data. Cisco Bug IDs: CSCvg36996.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2018-19937A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H6.60.70000000000000015.9MEDIUM2024-12-07T08:02ZPHYSICALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8437A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8438.CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H6.21.70000000000000024.0MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWHIGHNONECHANGEDNONENONEHIGH
CVE-2018-0993A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-13793Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-14565An issue was discovered in libthulac.so in THULAC through 2018-02-25. A heap-based buffer over-read can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9867In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-2737Vulnerability in the Oracle Retail Returns Management component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 2.3.8, 2.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Returns Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Returns Management accessible data as well as unauthorized read access to a subset of Oracle Retail Returns Management accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N6.53.92.5MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWLOWNONE
CVE-2018-18741An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-0764Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-2833Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 2.7, 2.8, 2.9 and 2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Simphony accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2018-17852A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-0035QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. No other Juniper Networks products or platforms are affected by this issue.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11357In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-1505IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2018-7821An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-13283Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N7.42.25.2HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2018-6578SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-7495In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-6198w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N4.71.03.6MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2018-9458In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-71786287.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-18359Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-10730All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.12.36.0CRITICAL2024-12-07T08:02ZNETWORKLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2018-18958OPNsense 18.7.x before 18.7.7 has Incorrect Access Control.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2018-4339This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-12914A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13784PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2018-19818Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via the ConnPoolName parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-13444An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-17144Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-21053An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018).CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N4.60.93.6MEDIUM2024-12-07T08:02ZPHYSICALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-7340Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-4140An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-13395Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-2485It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N7.72.55.2HIGH2024-12-07T08:02ZLOCALLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2018-21087An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15417A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-8476A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-20598UCMS 1.4.7 has ?do=user_addpost CSRF.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-3193Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-1000539Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2018-7169An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2018-13543The mintToken function of a smart contract implementation for GemstoneToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-8260A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-12584The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1782IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H6.52.04.0MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONECHANGEDNONENONEHIGH
CVE-2018-18496When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-2762Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2018-7243An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-6396SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17069An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2018-5955An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9975This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shift events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5762.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-1607IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L7.12.84.2HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONELOW
CVE-2018-7363All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11507An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-1000159tlslite-ng version 0.7.3 and earlier, since commit d7b288316b contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line "end_pos = data_len - 1 - mac.digest_size" that can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng. This attack appears to be exploitable via man in the middle on a network connection. This vulnerability appears to have been fixed after commit 3674815d1b.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-0007An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target device receiving and processing the malicious LLDP packet, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over the target device thereby elevating their permissions and privileges, and taking control of the device. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to one or more local segments, via LLDP proxy / tunneling agents or other LLDP through Layer 3 deployments, through one or more local segment broadcasts, may be able to cause multiple Junos devices to enter an improper boundary check condition allowing a memory corruption to occur, leading to multiple distributed Denials of Services. These Denials of Services attacks may have cascading Denials of Services to adjacent connected devices, impacts network devices, servers, workstations, etc. Further crafted packets may be able to sustain these Denials of Services conditions. Score 6.8 MEDIUM (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) Further, if the attacker is authenticated on one or more target devices receiving and processing these malicious LLDP packets, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over multiple target devices thereby elevating their permissions and privileges, and taking control multiple devices. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D46, 14.1X53-D50, 14.1X53-D107; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7; 15.1X49 versions prior to 15.1X49-D90; 15.1X53 versions prior to 15.1X53-D65; 16.1 versions prior to 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2; 17.1 versions prior to 17.1R2. No other Juniper Networks products or platforms are affected by this issue.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5541When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-0145A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the affected system. Cisco Bug IDs: CSCvg45105.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-1000133Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the "System Administrator" permission to "yes" on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2.CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-12463An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17783A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-2896Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-0878Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N3.11.61.4LOW2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2018-13669The mintToken function of a smart contract implementation for NCU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-14420MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-8505A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-14007Citrix XenServer 7.1 and newer allows Directory Traversal.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13134TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-1528IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2018-5190PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5842An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15706WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-11986In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-0577Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-6605SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-18348Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2018-1000660TOCK version prior to commit 42f7f36e74. For example dfde28196c contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable "pub package_name: &'static str," in the file process.rs that can result in A tock capsule (untrusted driver) could access arbitrary memory by using only safe code. This vulnerability appears to have been fixed in commit 42f7f36e74.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-20420In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHNONE
CVE-2018-9113Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '><script type="text/javascript" src=' line. Fix released on 2018-03-29.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-1121procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-11544The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15480An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The cloud API had a hidden parameter, which allowed an authenticated user to reconfigure the server URL for a device registered to their account. In combination with an insecure device registration vulnerability, this allowed an attacker to reconfigure a maliciously registered device to their own rogue replica of the myStrom API and issue commands to the device, including firmware update commands.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-14969An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-11064Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-3311Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Payment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Payment. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L8.63.94.7HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHLOWLOW
CVE-2018-13555The mintToken function of a smart contract implementation for JaxBox, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-20243The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-13863The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-13127SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-7582WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-1000558OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-5749install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-20777Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-20450The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-13693The mintToken function of a smart contract implementation for GreenEnergyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-13397There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-7068HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-1633IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17911LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-9122In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-2668Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-19228An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-11771When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-3002Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N7.12.54.0HIGH2024-12-07T08:02ZLOCALLOWNONENONECHANGEDHIGHNONENONE
CVE-2018-1000154Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser. This attack appear to be exploitable via the victim openning a ticket. This vulnerability appears to have been fixed in 2.3.1, 2.2.2 and 2.1.3.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-20921cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-8545An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2018-6860Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-4350A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-6868Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-8305An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App Store.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-4152An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:02ZLOCALHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-1000854esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable via Use of another weakness in backend application to reflect ESI directives. This vulnerability appears to have been fixed in 5.3.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8849Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest.CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N4.60.93.6MEDIUM2024-12-07T08:02ZPHYSICALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-25008In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-10645Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker to configure the "AdditionalOpenVpnParameters" property and control the OpenVPN command line. Using the OpenVPN "plugin" parameter, an attacker may specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. This attack may be conducted using "VyprVPN Free" account credentials and the VyprVPN Desktop Client.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1000812Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-2805Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-15923Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-19981Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms).CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11515The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13009An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (conditional on a buffer_size_longs check).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-10016Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-0671Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors.CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-7846A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15588MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-11011ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-15499GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available right before writing to it. A check is only performed at the beginning of a long subroutine.CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H4.71.03.6MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-14451An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-3246Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-6893controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13160The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-15812DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-17071The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a ticket at a low price by directly calling the fallback function with small msg.value, because the developer set the currency unit incorrectly. Therefore, it allows attackers to always win and get rewards.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-0885The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka "Hyper-V Denial of Service Vulnerability".CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H5.81.34.0MEDIUM2024-12-07T08:02ZNETWORKHIGHHIGHNONECHANGEDNONENONEHIGH
CVE-2018-11734In e107 v2.1.7, output without filtering results in XSS.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-18712An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-7047An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-20129An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9245The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17077An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-10167The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows.CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-20352Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-4431A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-4975Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-18929The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username and password can leverage it to gain administrator-level access on the system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9366In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTelephony.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-14822Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15633Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-15594arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-0620Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-3156Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-11008An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2018-6119Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2018-1000007libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-7997Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-20962The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-18284Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H8.61.86.0HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2018-0845Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-0089A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-6099A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-5687NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-3221Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H7.12.84.2HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONEHIGH
CVE-2018-5806An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-9045In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002849.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15880An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-21021img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8506An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-7238A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13327The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-12015In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-19332An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-21203Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6100 before 1.0.1.20, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-20583Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt).CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-17088The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-1672IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L6.32.83.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2018-9059Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5141A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H8.23.94.2HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONEHIGH
CVE-2018-0829The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0830 and CVE-2018-0832.CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N4.71.03.6MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-0700YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-4200An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-7658NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-9456In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-6092An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-19391Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-0797Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-18387playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-19811Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via the ConnPoolName parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-6318In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-16013Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-11091An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the "HiddenFieldControlCustomWhiteListedExtensions" parameter and add arbitrary extensions to the whitelist during the upload. For instance, if the extension .asp is added to the "HiddenFieldControlCustomWhiteListedExtensions" parameter, the server accepts "secctest.asp" as a legitimate file. Hence malicious files can be uploaded in order to execute arbitrary commands to take over the server.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H9.93.16.0CRITICAL2024-12-07T08:02ZNETWORKLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2018-9846In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-2727Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Market Risk Measurement and Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Market Risk Measurement and Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Market Risk Measurement and Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2018-2628Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-0005QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior to 15.1R7.CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5701In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9356In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8609A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-6080Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-4924Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-3583A buffer overflow can occur while processing an extscan hotlist event in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9379, QCS605, SD 625, SD 636, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1046pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-18987VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-3069Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). The supported version that is affected is 6.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N2.71.21.4LOW2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDLOWNONENONE
CVE-2018-9947This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5472.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-18309An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-11081Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15186PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-7226An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-16704An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2018-12376Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5884Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.42.55.9HIGH2024-12-07T08:02ZLOCALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11591Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-7728An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-1643The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144588CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-1278Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-20298S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-10731All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H9.02.26.0CRITICAL2024-12-07T08:02ZNETWORKHIGHNONENONECHANGEDHIGHHIGHHIGH
CVE-2018-20836An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17374SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5344In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17211An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2018-11912In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-6493SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11278In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2018-16851Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-2621Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: Mobile Gangway and Mustering). The supported version that is affected is 7.3.874. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N8.23.94.2HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHLOWNONE
CVE-2018-11421Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5189Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-14619A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17632This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode event. The issue results from the lack of validation of the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6700.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-5217In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-19550Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-2676Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H8.21.56.0HIGH2024-12-07T08:02ZLOCALLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2018-13229The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-20034A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-15932Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-12410The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8465A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8466, CVE-2018-8467.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-3996An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-17169An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N7.73.14.0HIGH2024-12-07T08:02ZNETWORKLOWLOWNONECHANGEDHIGHNONENONE
CVE-2018-0098A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve57076.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-0926The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-20528JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-11442A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-17461An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-20442Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17654This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the insertInstance method of a Form object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6504.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-8222A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L5.31.83.4MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2018-15796Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2018-1468IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2018-12178Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2018-8439A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0965.CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H8.41.70000000000000026.0HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2018-16262The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5150Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8170An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka "Windows Image Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5518On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required.CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H5.41.04.0MEDIUM2024-12-07T08:02ZADJACENT_NETWORKHIGHHIGHNONECHANGEDNONENONEHIGH
CVE-2018-19827In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-16958An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is exposed to session hijacking attacks should an adversary be able to execute JavaScript in the origin of the portal installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWNONE
CVE-2018-9522In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1758IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148605.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-5261An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-0188Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-7538A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-10659There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-0823The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege Vulnerability".CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-20843In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-6593An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by connecting to the filter communication port and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1768IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-6237A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-14269This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6032.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-1999028An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-0514MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-20958The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device.CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-3838An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-2704Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Payments accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.0 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2018-14774An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N7.23.92.7HIGH2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDLOWLOWNONE
CVE-2018-5267Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13518The mintToken function of a smart contract implementation for TCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-20559An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-1000124I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H10.03.96.0CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2018-11687An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the "ownerUnderflow" issue.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-6129Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-2780Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-11826In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-16287LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17056Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-19080An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-13325The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-19190The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-1000204Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in a45b599ad8 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit.CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N5.31.63.6MEDIUM2024-12-07T08:02ZNETWORKHIGHLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-7507WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-7161All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-7105A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers prior to v1.35, HPE Integrated Lights-Out 4 (iLO 4) prior to v2.61, HPE Integrated Lights-Out 3 (iLO 3) prior to v1.90 could be remotely exploited to execute arbitrary code leading to disclosure of information.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15926Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-1000087WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in "Create New File" and "Create New Directory" input box from 'files' Tab that can result in Session Hijacking, Spread Worms,Control the browser remotely. . This attack appear to be exploitable via Attacker can execute the JavaScript into the "Create New File" and "Create New Directory" input box from 'files'.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-0682Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-10650There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-1000997A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-15514HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5221Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-7648An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11899While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-2930Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-25038A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-14079Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-8172A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-25096A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 0.4-alpha is able to address this issue. The patch is named 58b413aa40. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249191.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-12087Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N5.30.94.0MEDIUM2024-12-07T08:02ZPHYSICALLOWNONENONECHANGEDHIGHNONENONE
CVE-2018-16164Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-7240A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-6029The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn" substring.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-15942Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-3274Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 5.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H5.72.13.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-12382The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android < 62.*CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2018-5986SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17483Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-16158Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8245A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-10911A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-4859A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-18224A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2018-0169Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11088Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13443EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-9508In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-111936834CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-10323The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-12126Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdfCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N5.61.14.0MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONECHANGEDHIGHNONENONE
CVE-2018-13315Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5210On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-2779Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2018-1462IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to including deleting files or causing a denial of service. IBM X-Force ID: 140363.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H7.62.84.7HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWHIGH
CVE-2018-6162Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-9256In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-1946IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 153388.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-19118Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-1081A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2018-1923IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-14295This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF documents. When parsing shading patterns, the process does not properly validate user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6223.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-12201Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access.CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5074Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-4096An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-4956Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-1000629Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-9513In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/ACVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-4031An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H10.03.96.0CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2018-13670The mintToken function of a smart contract implementation for GFCB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-1338A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-11774Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15542An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurredCVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-07T08:02ZPHYSICALHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-3947An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-0136A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H8.63.94.0HIGH2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDNONENONEHIGH
CVE-2018-5314Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-21005The bbp-move-topics plugin before 1.1.6 for WordPress has code injection.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-19282Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-3067Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2018-4964Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-20803A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects MongoDB Server v4.0 versions prior to 4.0.5; MongoDB Server v3.6 versions prior to 3.6.10 and MongoDB Server v3.4 versions prior to 3.4.19.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-8460A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8491.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-0953A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-6460Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-19295Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8457A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8459.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-13339Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-8100The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-5161Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONELOW
CVE-2018-20149In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-9092There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-8464An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-13726The mintToken function of a smart contract implementation for ISeeVoiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-16369XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-11419An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9453In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78288378.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-12876Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-20159i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted by /admin/?req=modules&action=add as a plugin, and extracted to the main directory. In order for the ".zip" file to be accepted, it must also contain a package.json file.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-12903In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-9270In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-6447A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-13874An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17476Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2018-14271This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6034.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-14617An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-2475Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the "Gardener" context. The issue is rated high due to the high impact of a potential exploitation in "Gardener" context. This was fixed in Gardener release 0.12.4.CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H8.51.86.0HIGH2024-12-07T08:02ZNETWORKHIGHLOWNONECHANGEDHIGHHIGHHIGH
CVE-2018-5972SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17070An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2018-3063Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2018-12018The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-6498Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17034UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-21177Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-19276OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-14252This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6015.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-2813Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2018-19046keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N4.71.03.6MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-2486SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-17990An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13755The mintToken function of a smart contract implementation for OTAKUToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-16374Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-1000075RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-19933Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-6609SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8072An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function.CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-20730A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-13583The mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-18838An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-9417In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-7802A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5804A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-11651Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-8836Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2018-20235There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-12557An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-19982An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server's fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key.CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.31.63.6MEDIUM2024-12-07T08:02ZADJACENT_NETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-0135A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2018-17790Prospecta Master Data Online (MDO) 2.0 has Stored XSS.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-5779A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-10488This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Texture Width structures. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5420.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-1718IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147166.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-10738A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8211A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L5.31.83.4MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2018-0869SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-0039Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1002208SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2018-15587GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2018-14721FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H10.03.96.0CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2018-4126A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-18310An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-18261In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-13540The mintToken function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-20495An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2018-6038Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-6958VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-15325In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commandsCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONELOW
CVE-2018-19771Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPool.jsp" has reflected XSS via the PropName parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-7812An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-0414A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N5.72.13.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-18016ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-7569dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-17582Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2018-13031DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-3137Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-14637The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1000606A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2018-19905HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-1719IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-12299Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-17174A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8360An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-12378A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-2707Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2018-6777In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220400.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17879An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1390IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-8432A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-2403Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-7724The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-7552There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-0907Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature Bypass".CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-20385CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-0355A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-20640PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-7977There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-14467The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-10027ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-10305The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17589AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-0358A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to exhaustion of file descriptors while processing a high volume of traffic. An attacker could exploit this vulnerability by establishing a high number of concurrent TCP connections to the vulnerable system. An exploit could allow the attacker to cause a restart in a specific process, resulting in a temporary interruption of service. Cisco Bug IDs: CSCvh77056, CSCvh77058, CSCvh95264.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-7289An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens because characters that cannot be converted from Unicode are replaced with '?' characters.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N3.31.81.4LOW2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2018-6980VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-16965In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-18923AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-20570jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-20856An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-21197Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11147Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-2977Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-11789When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-2385Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-15736An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204F.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2018-11022kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-4157An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:02ZLOCALHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-13322Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-3294Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows low privileged attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.02.36.0CRITICAL2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2018-10539An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-16218A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-12983A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-19488The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11203A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-11851In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13496The mintToken function of a smart contract implementation for RajTestICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-6581SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8784FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-7716PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the config string from the corresponding XPC message. This string is supposed to point to an internal OpenVPN configuration file. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the config string pointing at an OpenVPN configuration file that he or she controls. In the configuration file, an attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the root user.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9271In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-18843The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H10.03.96.0CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2018-7535An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11179Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17201Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-1000117Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-12336Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1305Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-0222A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with root privileges. This vulnerability affects all releases of Cisco DNA Center Software prior to Release 1.1.3. Cisco Bug IDs: CSCvh98929.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H10.03.96.0CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2018-14615An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-21147Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5136A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-11645psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2018-0619Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-6084Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-11185Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-12989The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-19666The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9117WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2018-20584JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-14936The Add page option in my little forum 2.4.12 allows XSS via the Title field.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-20848Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-11902In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-0664A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-21004The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-21162Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400 before 1.0.1.12, R6700 before 1.0.1.16, R7000 before 1.0.7.10, R7100LG before 1.0.0.42, R7300DST before 1.0.0.44, R7900 before 1.0.1.12, R8000 before 1.0.3.36, R8300 before 1.0.2.74, R8500 before 1.0.2.74, WNDR3400v3 before 1.0.1.14, and WNR3500Lv2 before 1.2.0.48.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-0260A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the targeted application. An exploit could allow the attacker to view sensitive information that should require authentication. Cisco Bug IDs: CSCvh31272.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2018-11259Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition.CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N7.72.55.2HIGH2024-12-07T08:02ZLOCALLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2018-16005Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-0859Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-2610Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security). The supported version that is affected is 11.1.2.4.330. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Data Relationship Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion Data Relationship Management accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2018-20841HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9585In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-117554809.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8030A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-2671Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Registration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM Purchasing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-19323The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-4252An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notification content via Siri.CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N4.60.93.6MEDIUM2024-12-07T08:02ZPHYSICALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-0330A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker to execute commands with elevated privileges. This vulnerability affects the following if configured to use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-4006An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-18623Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-15386A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-3917On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H9.93.16.0CRITICAL2024-12-07T08:02ZNETWORKLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2018-17452An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15504An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-9091A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-10489This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Declaration structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5421.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-0645MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8397A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-15771Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-15126LibVNC before commit 73cb96fec0 contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code executionCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15206BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-14800Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-18449EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-10680Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-6194A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-13313In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-11748Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. This issue has been resolved as of device_manager 2.7.0.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-6345The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-13526The mintToken function of a smart contract implementation for WangWangToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-14060OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-18495WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-16308The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H8.61.86.0HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2018-17605An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-20906cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2018-1203In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9455In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78136677.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-1000422An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2018-13314System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5681PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-5362The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-6062Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-20588lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-5690Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-8004There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2018-1903IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-10944The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-12766Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2018-14570A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. This results in arbitrary code execution by requesting that .php file.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-5336In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2018-4148An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. A buffer overflow allows remote attackers to execute arbitrary code.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-4324A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-18724An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2018-18461The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-6179Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-8159An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWNONE
CVE-2018-7290Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2018-8330An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-5540On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2018-15976Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-12316OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17658This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the respose property of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6509.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-15748On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-9053In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf10026cc.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15353A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-15474CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2018-21071An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 (May 2018).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L7.33.93.4HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWLOWLOW
CVE-2018-10654There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-20354An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1631IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-17309On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-3279Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2018-11937Lack of input validation before copying can lead to a buffer over read in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-16723In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-8212A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L5.31.83.4MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2018-18194An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-4187An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2018-13227The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-10801TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2018-11245app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-7884An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-6924In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2018-18466An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability since the disclosure of a local account password (actually an alpha numeric passcode) is achievable only when a custom registry key is added to the windows registry. This action requires administrator access and the registry key is only provided by support staff at securenvoy to troubleshoot customer issuesCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-14449An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2018-0366A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf03514.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-0251A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of that portal on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the portal or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco ASA Software: 3000 Series Industrial Security Appliances, Adaptive Security Virtual Appliance (ASAv), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches, ASA Services Module for Cisco 7600 Series Routers. Cisco Bug IDs: CSCvh20742.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-14708An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-12839Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2018-1096An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2018-18315com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2018-0709Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-1875IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2018-12678Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2018-18950KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-11359Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-16729pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-18317A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-15082The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-11190The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N4.71.03.6MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-8836A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-5774Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-15699An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2019-5491Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-12764An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2019-3490A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-10175A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace. This could allow users to clone any PVC in the cluster into their own namespace, effectively allowing access to other user's data.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-12378An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issueCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-19590In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-5995Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier. A successful exploitation may result in a specially crafted firmware update or unofficial firmware update being applied without user's consent via unspecified vector.CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-2751Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OHS Config MBeans). Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-15211An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H4.60.93.6MEDIUM2024-12-07T08:02ZPHYSICALLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-4162IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-19506Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-9923pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-1963A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-13688Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-2589Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2019-15921An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H4.71.03.6MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-4086IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-10315Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-8704An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-12297An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9531The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-14973_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-14873In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-1126A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0975.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-11157Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-19451When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-9418In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450210CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-11973A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9101An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-5452Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N2.40.91.4LOW2024-12-07T08:02ZPHYSICALLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-0733A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L5.31.83.4MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2019-10297Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11736The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. <br>*Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1824A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2019-9794A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-6451On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-15924An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-20411Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2019-1003020A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2019-11592WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-16533On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-13988Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing).CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-12391The Anviz Management System for access control has insufficient logging for device events such as door open requests.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-12713A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-10222A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-5642Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-16684An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2019-8534A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5126An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-2593Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2019-3705Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-14060Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8963A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-10559Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8939, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2575Vulnerability in the Oracle AutoVue 3D Professional Advanced component of Oracle Supply Chain Products Suite (subcomponent: Format Handling - 2D). Supported versions that are affected are 21.0.0 and 21.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue 3D Professional Advanced. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue 3D Professional Advanced accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-4467IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-9442In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-6751This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7632.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-1679A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the affected server. Versions prior to XC4.3.4 are affected.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N5.03.11.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONECHANGEDNONELOWNONE
CVE-2019-18389A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-18232SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-14051Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-12368The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-10144rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are given all capabilities during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H7.71.16.0HIGH2024-12-07T08:02ZLOCALLOWHIGHREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2019-13298ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-0894A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-16792Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-10807Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9073An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-20843An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-1693A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-5840Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2019-2899Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N2.40.91.4LOW2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDUNCHANGEDLOWNONENONE
CVE-2019-5884php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-6210A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-10647ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if the 192.168.0.1 web server sends the contents of a .php file (i.e., it does not interpret a .php file).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-4296IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-0913A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-15605HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformedCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-16642App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-13916An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6.2 CYW20735B1 and CYW20819A1. As a Bluetooth Low Energy (BLE) packet is received, it is copied into a Heap (ThreadX Block) buffer. The buffer allocated in dhmulp_getRxBuffer is four bytes too small to hold the maximum of 255 bytes plus headers. It is possible to corrupt a pointer in the linked list holding the free buffers of the g_mm_BLEDeviceToHostPool Block pool. This pointer can be fully controlled by overflowing with 3 bytes of packet data and the first byte of the packet CRC checksum. The checksum can be freely chosen by adapting the packet data accordingly. An attacker might be able to allocate the overwritten address as a receive buffer resulting in a write-what-where condition. This is fixed in BT SDK2.4 and BT SDK2.45.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9657Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0951A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0950.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-5890An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0233An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-20093The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-5487An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-13114http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-0581A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-9492A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5821Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-2149In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113262406CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-4285IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-20659Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-12980In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the SWFInput_readSBits function in blocks/input.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-6202An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-3700yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-1881A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on an affected device. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-5159An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-20864An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-20426In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-12314Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-14312Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-18797LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-2473Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-10116An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-9750In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is 6 times bigger than spoofed requests. This occurs because the construction of a "4.01 Unauthorized" response is mishandled. NOTE: the vendor states "While this is an interesting attack, there is no plan for maintainer to fix, as we are migrating to IoTivity Lite."CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2019-20616An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-12263Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-3928Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-0348SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-6769This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8165.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-11449I, Librarian 4.10 has XSS via the notes.php notes parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-19837Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-18242In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-8565A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:02ZLOCALHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-11944A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-12527An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-15039An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-12730aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9023An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5427c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-14532An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-17343An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:02ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-6750This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7639.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-9170An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-12811ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code executionCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-19336A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-7389An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-10856In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-2813Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: GraalVM). The supported version that is affected is 19.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H7.73.14.0HIGH2024-12-07T08:02ZNETWORKLOWLOWNONECHANGEDNONENONEHIGH
CVE-2019-8580Source-routed IPv4 packets were disabled by default. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. Source-routed IPv4 packets may be unexpectedly accepted.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-10247In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-5060An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-13626SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-2046In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117556220CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9676Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1104A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-19379In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2019-9627A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20147An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-15923An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-11156Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-17539In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2603Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N8.22.84.7HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDHIGHLOWNONE
CVE-2019-14318Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-8128A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-6507An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-16680An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2019-15937Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8842A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N3.31.81.4LOW2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2019-2486Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2019-15450The Samsung j3popeltecan Android device with a build fingerprint of samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-15977Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-20884An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2019-12622A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2019-9121An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetSmartQoSSettings API function, as demonstrated by shell metacharacters in the smartqos_priority_devices field.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11775All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H7.42.25.2HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2019-20824An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-10945An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2184In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-5850Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2019-2672Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N8.22.84.7HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDHIGHLOWNONE
CVE-2019-7385An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-4536IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this vulnerability to obtain elevated privileges on the restored system. IBM X-Force ID: 165592.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N6.31.05.2MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2019-15743The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audio to external storage.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-14334An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-13314virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-16200GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-11523Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1000010phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-14696Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-11411An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5679NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial of service, escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privilegesCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-3794Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWNONE
CVE-2019-2898Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-11343Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1717A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to an affected component. A successful exploit could allow the attacker to download arbitrary files from the affected device, which could contain sensitive information.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-16293The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-18273OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The affected product is vulnerable to cross-site scripting, which may allow invalid input to be introduced.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2019-6163A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-14680The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N5.72.13.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2019-12782An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the application by spoofing GUIDs in pinboard update requests, effectively deleting them.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2019-0269SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-20052A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-10589Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, MDM9206, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-3895An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-07T08:02ZNETWORKLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-14826A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2019-7249In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0157Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-15143In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-19720Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-16910Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N5.31.63.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-8994The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contains vulnerabilities where an authenticated user can change settings that can theoretically adversely impact other users. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N4.62.12.5MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDUNCHANGEDLOWLOWNONE
CVE-2019-11104Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-4067IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-3597Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-12529An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-5050A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-17551In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter in the Notes section. Although versions 6.31.8.3 and 6.31.8.5 are confirmed to be affected, all versions with the vulnerable WYSIWYG editor in the Notes section are likely affected.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-9606PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-3500aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2187In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124940143CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-0741An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-6525AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-15163rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-2874Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L3.31.81.4LOW2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONENONELOW
CVE-2019-19110The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2019-8646An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-0618A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0662.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-18279In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-19560An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N4.60.93.6MEDIUM2024-12-07T08:02ZPHYSICALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-15679TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-13647Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerabilityCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-15130The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a predictable WRC01_USERID parameter. Moreover, the attacker can upload executable content (e.g., asp or aspx) for executing OS commands on the server.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8209Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-18355An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9348In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128431761CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-6681On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-14016Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-4154IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9423In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5030A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-12256Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9063PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2019-15437The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltexx/xcover4lte:8.1.0/M1AJQ/G390FXXU3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-19056A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H4.71.03.6MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-7524In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11502snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-0378SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-16002A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected instance of vManage. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2019-10374A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-2053In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-122074159CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-19772Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-10792bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L6.32.83.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2019-4457IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 163654.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-14882A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-5974Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-15064HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1208A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-17213The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-1003027A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-19890An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-12737UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-2979Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Payments). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 5.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N).CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N5.72.13.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2019-6764This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA Template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7972.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-6667On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile applied.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-13157nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-8110A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2915Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-1306A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-10017CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-13341In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2019-1010153zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sql inject. The component is: zs/subzs.php.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2010In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118152591CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8343In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-11974A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8526A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5596In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-07T08:02ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2019-6116In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-11945A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0689An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1719A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco ISE software version 2.1 is affected.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-15361The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2019-14909A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L8.33.93.7HIGH2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDLOWLOWLOW
CVE-2019-18609An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2143In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114746174CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-6691phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-3967In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-11269Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWNONE
CVE-2019-2766Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N3.11.61.4LOW2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2019-11126Pointer corruption in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-16917WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8546An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-5091An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-10931A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-13998u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-15936Intesync Solismed 3.3sp allows Insecure File Upload.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5151An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20700Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.110, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R8300 before 1.0.2.122, R8500 before 1.0.2.122, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7900P before 1.3.0.10, R8000P before 1.3.0.10, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.22, and WNR3500Lv2 before 1.2.0.54.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-4410IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-3709IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2019-7172A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-7000A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-25071A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-4335IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. IBM X-Force ID: 161413.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-8455A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N7.11.85.2HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2019-15033Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N7.73.14.0HIGH2024-12-07T08:02ZNETWORKLOWLOWNONECHANGEDHIGHNONENONE
CVE-2019-15830The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-12422Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-14557Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1596A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level to root. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5680In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges.CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9040S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-8232In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification.CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.60.70000000000000015.9MEDIUM2024-12-07T08:02ZNETWORKHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-6797An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-2902Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L7.33.93.4HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWLOWLOW
CVE-2019-16880An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-15457The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-3702A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0124Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20151An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the Note field. As a result, the payload is executed by the application's administrator(s).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-3461Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14.CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2588Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2019-16127Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2019-1110A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1111.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-9406In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112552517CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-5352A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-3496An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20760NETGEAR R9000 devices before 1.0.4.26 are affected by authentication bypass.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2799Vulnerability in the Oracle ODBC Driver component of Oracle Database Server<span class=font-red><b> ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***</b></span>. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege with network access via multiple protocols to compromise Oracle ODBC Driver. Successful attacks of this vulnerability can result in takeover of Oracle ODBC Driver. Note: The vulnerability affects Windows platforms only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1626A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage. A successful exploit could allow attackers to gain elevated privileges and make changes to the configuration that they would not normally be authorized to make.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1710A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device. This vulnerability has been fixed in Cisco IOS XR 64-bit Software Release 6.5.3 and 7.0.1, which will edit the calvados_boostrap.cfg file and reload the device.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-12165MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5447A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-6832A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L8.32.85.5HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHLOW
CVE-2019-16535In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0033A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-4556IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2019-17573By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-17295SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-16559A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2019-1002100In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-8162Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a race condition vulnerability. Successful exploitation could lead to arbitrary code execution .CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-17579SonarSource SonarQube before 7.8 has XSS in project links on account/projects.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-20833An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-16102Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0775An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0782.CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N4.71.03.6MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-17353An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N8.23.94.2HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWHIGHNONE
CVE-2019-14521The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-8412FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-6755This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7613.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-9283In AAC Codec, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663564CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-11841A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-14299Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11398Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-8622Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-7307Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-19982The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2019-19844Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1756A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9294In libstagefright, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111764444CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-9338In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762686CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-13955Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-8253Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-8560An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to read restricted memory.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-13271Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8694A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-1003006A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0384Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-16573A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-8525A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2818Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N3.11.61.4LOW2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2019-3799Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-9959The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-12712A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input in multiple sections of the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-17549ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-7790Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-0388SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2019-5469An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2019-1000011API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2019-14077Out of bound memory access while processing ese transmit command due to passing Response buffer received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9607, MDM9650, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, Rennell, SA415M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-18810A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka CID-a0ecd6fdbf5d.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-6500In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-7434PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-20383ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20782An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. LG Advanced Flash (LAF) has a buffer overflow. The LG ID is LVE-SMP-190001 (March 2019).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1948A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-1028An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-19722In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2019-1009An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-16462Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-4269IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-20636In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20055LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N6.53.92.5MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWLOWNONE
CVE-2019-7614A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-17415A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2549Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-3974Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2019-0923A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-17521An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerability that can change the admin's password via the password/ URI,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2019-17051Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-8052Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2019-1317A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H7.32.04.7HIGH2024-12-07T08:02ZLOCALLOWLOWNONECHANGEDNONELOWHIGH
CVE-2019-13636In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-8193Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-4575IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20715Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.63, D7800 before 1.0.1.47, DM200 before 1.0.0.61, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2019-5978Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-16674An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1010238Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0821An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0704.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-0066An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-encapsulated from an encapsulated format by a receiving device. Continued receipt of the malformed packet will result in a sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-10179A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-17393The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11370Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-11688An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N7.42.25.2HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2019-12375Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution.CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L6.32.14.2MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDHIGHNONELOW
CVE-2019-20794An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H4.71.03.6MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-5736runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H8.61.86.0HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2019-20584An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the HDCP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14850 (August 2019).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1268An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9164Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0213In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2019-7030Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-10633An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-19165AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5479An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-4087IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20051A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-10547When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8151A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier gateway.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5420A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-6330A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8216Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-19540The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-5350A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-4029IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-25027Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URLCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-8350The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password.CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:02ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-18329A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8439An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-12867Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2404Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-0123Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9403In cn-cbor, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113512324CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-19364A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-3953Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-12495An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-14456Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-1003036A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2019-15502The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-TO-LEFT ISOLATE).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-15327The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-13012The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-6137An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NULL pointer dereference.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-10668An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2019-10550Buffer Over-read when UE is trying to process the message received form the network without zero termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2019-19738log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-16168In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-14961JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-9516Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-7099Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0350SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of ServiceCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-18677An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-12928The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issueCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-15865The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-15049An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-1547Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N4.71.03.6MEDIUM2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-15698In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-18831Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate.CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N5.31.63.6MEDIUM2024-12-07T08:02ZNETWORKHIGHLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-12940LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-0177Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N4.41.82.5MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2019-9470In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144167528CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5527ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-07T08:02ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2019-9341In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214770CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-8762A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-5187An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-11234FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-19053A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-2333Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-17361In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5465An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-20139In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-12355An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-17532An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-20155An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-16786Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most encoding first, followed by any further transfer codings, ending with chunked. Requests sent with: "Transfer-Encoding: gzip, chunked" would incorrectly get ignored, and the request would use a Content-Length header instead to determine the body size of the HTTP message. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in Waitress 1.4.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-18574RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2019-0037In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496; 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-19370A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-10997An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-3740RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-13516In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-7067Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-14937REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9874Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-7936A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript.CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2019-4112IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-10195A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-0795A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-8576An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to cause unexpected system termination or read kernel memory.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2019-8383An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-0900A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0901, CVE-2019-0902.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-1290A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-6633On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N4.40.83.6MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDNONEHIGHNONE
CVE-2019-8158An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data allows an attacker to limited access to underlying XML data.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-18904A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-19610An issue was discovered in Halvotec RaQuest 10.23.10801.0. It allows session fixation. Fixed in Release 24.2020.20608.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWNONE
CVE-2019-1889A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded. An attacker could exploit this vulnerability by uploading malicious software using the REST API. A successful exploit could allow an attacker to escalate their privilege level to root. The attacker would need to have the administrator role on the device.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-13249ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9e7a.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-1303An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1278.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-19086Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-3951Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11778If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L5.42.82.5MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONELOWLOW
CVE-2019-16161Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-14797The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-6289uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-10325A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-0851A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0877, CVE-2019-0879.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-9971PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8312An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysLogSettings API function, as demonstrated by shell metacharacters in the IPAddress field.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20401Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2019-14719Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-10692In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-10426Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-15968A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-5692NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8091A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-16204Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-14596Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-10618Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-12374A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1003063Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2869Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:02ZLOCALHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-9258In wifilogd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113655028CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1699A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-19719Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-19782The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20650Certain NETGEAR devices are affected by denial of service. This affects R8900 before 1.0.5.2, R9000 before 1.0.5.2, XR500 before 2.3.2.56, and XR700 before 1.0.1.20.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-4703IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.31.63.6MEDIUM2024-12-07T08:02ZADJACENT_NETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-3695A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2480Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2019-12682Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1873A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H8.63.94.0HIGH2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDNONENONEHIGH
CVE-2019-16669The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-7100Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1010155D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can't actually configure anything. Thus, there is no denial of service or information leakageCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2019-11733When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8267UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-9234In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122465453CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-0243Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1601A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2035In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-122320256CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-9548Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H10.03.96.0CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2019-20711Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-13475In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-6977gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-5459An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2019-10496Lack of checking a variable received from driver and populating in Firmware data structure leads to buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5617Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-6128The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-1010249The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHNONE
CVE-2019-1584A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-10405Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2019-8368OpenEMR v5.0.1-6 allows XSS.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-1336An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1323.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-7402An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg&#95;qqcode parameter. This can be exploited via CSRF.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-14870All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2019-6284In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-12905FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-15912An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-9456In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1003A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-19366A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-11487The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5263HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-11327An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2019-9062PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-07T08:02ZNETWORKLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-13248ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x0000000000002450.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-16126Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-17223There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-9189Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8184Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-14706A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because of a buffer overflow in a Bash command string.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-14114Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-3752Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H8.23.94.2HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONEHIGH
CVE-2019-1602A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker could exploit this vulnerability by logging in to the CLI of an affected device, accessing a specific file, and leveraging this information to authenticate to the NX-API server. A successful exploit could allow an attacker to make configuration changes as administrator. Note: NX-API is disabled by default. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-15067An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0006A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only occurs when the crafted packet it destined to the device. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms; 15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms 15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-18888An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-12149SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11669Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-16261Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2019-11478Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac6.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-8544A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-25099A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The patch is identified as ea4f61e23e. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-20357A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-3420All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-8382An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference occurs in the function AP4_List:Find located in Core/Ap4List.h when called from Core/Ap4Movie.cpp. It can be triggered by sending a crafted file to the mp4dump binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-1244An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-3633Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-11018application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1364An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-10894In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-14914An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2019-5439A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-9855LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-18286A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-10908In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-6688On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup file while sending SNMP query to the BIG-IP or BIG-IQ system, however the user can not access to the UCS files.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-0240SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-15546An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-5915Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-15071The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-15579An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-2828Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Field Service. CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2019-12431An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-0701A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0695.CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H6.82.34.0MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWLOWNONECHANGEDNONENONEHIGH
CVE-2019-25142The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1003081A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2019-15682RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-1071An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1073.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-6822A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-2283Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-16023Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-7747DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2019-10867An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-4301BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H8.41.70000000000000026.0HIGH2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2019-0602An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-18423An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m->max_mapped_gfn will be updated using the original frame. It would be possible to set p2m->max_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m->max_mapped_gfn is off-by-one allowing "highest mapped + 1" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-18635An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-5881Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2019-4279IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-14913An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-1936A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-19889An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-9249In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120255805CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-1770A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20705Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1707A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco DNA Center versions prior to 1.2.5 are affected.CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-20876An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L5.42.82.5MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONELOWLOW
CVE-2019-20487An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account URI.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-17044An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during execution.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-3749Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2019-8335An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS].CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-10735In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2019-20731Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.20, R6300v2 before 1.0.4.18, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.46, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.34, R7300DST before 1.0.0.62, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WN2500RPv2 before 1.0.1.54, and WNDR3400v3 before 1.0.1.18.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8615Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-11584The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-0605A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-2701Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). The supported version that is affected is 18.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-10290A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2019-14066Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9205, MDM9607, Nicobar, QCS404, QCS405, Rennell, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SXR2130CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11776In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-9868An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-10594Stack overflow can occur when SDP is received with multiple payload types in the FMTP attribute of a video M line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-6958A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as "CWE-284: Improper Access Control." This vulnerability, for example, allows a potential attacker to delete video or read video data.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2019-17121REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-1003070Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8084Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-12139An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-8165Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-13936Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-5233Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-14875In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-2812Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-11147Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2140In libxaac, there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112705708CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-15919An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-7251An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2019-20809The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-19049A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unittest.c can only be reached during bootCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-0704An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0821.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-9011In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-18397A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-2009In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120665616CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-3568A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-13643Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the Notifications page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-1682A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An attacker with write permissions for files within a readable folder on the device could alter certain definitions in the affected file. A successful exploit could allow an attacker to cause the underlying FUSE driver to execute said crafted commands, elevating the attacker's privileges to root on an affected device.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-10746mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-19605X-Plane before 11.41 allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-13255XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-1010308Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-16776Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2019-2461Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2019-10969Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-17114A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-0999An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9134Architectural Information System 1.0 and earlier versions have a Stack-based buffer overflow, allows remote attackers to execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20379ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-10612UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MDM9650, QCS605, SA6155P, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11087Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:02ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11950A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-19835SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-9533The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-14226OX App Suite through 7.10.2 has Insecure Permissions.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2019-18786In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-2252Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11543XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-19913In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2019-19134The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based tokens or to launch other attacks.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-14814There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9743An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-7219Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-10077A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-4078IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-16459Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-17601In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-5488EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify_key parameter. install_pack/espcms_public/espcms_db.php may allow retrieving sensitive information from the ESPCMS database.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-19135In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N7.42.25.2HIGH2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2019-0626A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1010094domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change admin password. The component is: http://127.0.0.1/settings/password/ http://127.0.0.1/admin/users/add.php http://127.0.0.1/admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-1010261Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-8747A memory corruption vulnerability was addressed with improved locking. This issue is fixed in watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-7783Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-3838It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2019-8264UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-15988A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2019-1103A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106, CVE-2019-1107.CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:02ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-4638IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N3.72.21.4LOW2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDLOWNONENONE
CVE-2019-10215Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-18985Pimcore before 6.2.2 lacks brute force protection for the 2FA token.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-15542An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-1010207Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-11755A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-20553An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. Arbitrary memory read and write operations can occur in RKP. The Samsung ID is SVE-2019-15143 (October 2019).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-9631Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11036When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2019-20710Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-07T08:02ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-16863STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:02ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-1941A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. At the time of publication, this vulnerability affected Cisco ISE running software releases prior to 2.4.0 Patch 9 and 2.6.0.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-12067The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H6.52.04.0MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONECHANGEDNONENONEHIGH
CVE-2019-5667NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to code execution, denial of service or escalation of privileges.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-18873FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.02.36.0CRITICAL2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2019-15661An issue was discovered in Rivet Killer Control Center before 2.1.1352. IOCTL 0x120004 in KfeCo10X64.sys fails to validate parameters, leading to a stack-based buffer overflow, which can lead to code execution or escalation of privileges.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-18332A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-14777The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-20713Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D8500 before 1.0.3.44, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.46, R6700 before 1.0.2.6, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-0395SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-14773admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-6790An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests.CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2019-15573Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-20677Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2019-8601Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-10138A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-25011NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-9637An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-8180Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-15894An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code from flash. The fault injection attack does not disable the Flash Encryption feature, so if the ESP32 is configured with the recommended combination of Secure Boot and Flash Encryption, then the impact is minimized. If the ESP32 is configured without Flash Encryption then successful fault injection allows arbitrary code execution. To protect devices with Flash Encryption and Secure Boot enabled against this attack, a firmware change must be made to permanently enable Flash Encryption in the field if it is not already permanently enabled.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:02ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-2120In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130821293.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-15658connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L7.33.93.4HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWLOWLOW
CVE-2019-6980Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-18988TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:02ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-1832A vulnerability in the detection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies. The vulnerability is due to improper validation of ICMP packets. An attacker could exploit this vulnerability by sending crafted ICMP packets to the affected device. A successful exploit could allow the attacker to bypass configured access control policies.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2019-1266A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-6749This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZIX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7638.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-13702Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-16089An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H4.10.53.6MEDIUM2024-12-07T08:02ZLOCALHIGHHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2019-16244OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-8858A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2019-10192A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11992A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-17576An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:02ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2019-15995A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicious SQL statements in an affected field in the web UI. A successful exploit could allow the attacker to remove the SQL database, which would require the reinstallation of the Connector VM.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H6.51.25.2MEDIUM2024-12-07T08:02ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHHIGH
CVE-2019-0868A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871.CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2019-1908A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-1354A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-2308User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-13120Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which interacts with an associated vulnerable MQTT message in the application, specific circumstances could trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2019-7484Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-8611Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-18240In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-11727A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2019-9123An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "user" account has a blank password.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-16907An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2019-12625ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2019-1369An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2019-12749dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N7.11.85.2HIGH2024-12-07T08:02ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2019-9139DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:02ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2019-18994Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:02ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2019-1020018Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L7.33.93.4HIGH2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDLOWLOWLOW
CVE-2019-20722Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:02ZADJACENT_NETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2019-7973Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:02ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8708Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-0979A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0906.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-24598An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-16590A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-35899An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-12827MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L7.23.92.7HIGH2024-12-08T08:00ZNETWORKLOWNONENONECHANGEDLOWNONELOW
CVE-2020-7805An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-13843An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-12385Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-25155The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-23356dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-5667Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-15826In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2020-3736Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-9351An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the absolute path). NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server."CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-3632u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130PCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8116Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L7.33.93.4HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWLOWLOW
CVE-2020-12015A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-36109ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-27915A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-24513Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N6.52.04.0MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONECHANGEDHIGHNONENONE
CVE-2020-13582A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-4827IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2020-15800A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12645OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-35680smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-28246A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and only executable by admins.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-0159In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140768035CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-12358Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2020-5549Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-3902An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-23790An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-25872A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2020-5186DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-9919A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-17366An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H7.42.25.2HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2020-26870Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-23762Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-8587OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-9090FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9856This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L5.31.83.4MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2020-16252The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2020-27729In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-7803IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-11093Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the ledger. Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. A malicious DID with no particular role can ask an update for another DID (but cannot modify its verkey or role). This is bad because 1) Any DID can write a nym transaction to the ledger (i.e., any DID can spam the ledger with nym transactions), 2) Any DID can change any other DID's alias, 3) The update transaction modifies the ledger metadata associated with a DID.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-23727There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-0005In btm_read_remote_ext_features_complete of btm_acl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141552859CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11688In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-0454In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-161370134CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-1964It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-26997A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-3302A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to overwrite files on the file system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted file to the web UI on an affected device. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2020-7286Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-5334RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-10418The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-attachments.php by adding a question mark (?) followed by the payload.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-29139A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-35611An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-13822The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L7.72.25.5HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHLOW
CVE-2020-25119The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-7256Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-16014Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2020-13952In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the authenticated users’ password, and access to connection information including the plaintext password for the current connection. It would also be possible to run arbitrary methods on the database connection object for the Presto or Hive connection, allowing the user to bypass security controls internal to Superset. This vulnerability is present in every Apache Superset version < 0.37.2.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2020-27257This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-2732A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N6.82.34.0MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWLOWNONECHANGEDHIGHNONENONE
CVE-2020-25722Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9926A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-5605Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-36519Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N4.91.23.6MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHNONE
CVE-2020-15053An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-35832Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-10725A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H7.73.14.0HIGH2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDNONENONEHIGH
CVE-2020-25230A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-7126A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N5.83.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONECHANGEDLOWNONENONE
CVE-2020-3354A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-1634On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue affects: Juniper Networks Junos OS 12.3X48 version 12.3X48-D80 and later versions prior to 12.3X48-D95 on High-End SRX Series. This issue does not affect Branch SRX Series devices.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-14042** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-36447An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is an unconditional implementation of Sync for SyncRef<T>.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-7822DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-26597An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software. The Wi-Fi subsystem has incorrect input validation, leading to a crash. The LG ID is LVE-SMP-200022 (October 2020).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-36381An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-10994In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-0865An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0866, CVE-2020-0897.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-13659address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L2.50.81.4LOW2024-12-08T08:00ZLOCALHIGHHIGHNONECHANGEDNONENONELOW
CVE-2020-28617Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last().CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-10975GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-15420This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891. Authentication is not required to exploit this vulnerability. The specific flaw exists within loader_ajax.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9259.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-18155SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-27254Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-11937In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-3867A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-15437The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2020-4557IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-4675IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2020-3990VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N6.52.04.0MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONECHANGEDHIGHNONENONE
CVE-2020-6985In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-35224A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-9585Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-15141In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N4.12.31.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDNONELOWNONE
CVE-2020-2597Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Call Phone Number Page). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N4.72.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDNONELOWNONE
CVE-2020-10023The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-08T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-26983A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-28283Prototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2706Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager). Supported versions that are affected are 16.2.0.0 - 16.2.19.3, 17.12.0.0 - 17.12.17.0, 18.8.0.0 - 18.8.18.0, 19.12.1.0 - 19.12.3.0 and 20.1.0.0 - 20.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-10247MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-10263An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro LX06, (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’ SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-08T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-24981An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-14062FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-21992Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9443Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-22021Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-1415An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1422.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2148A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2020-12880An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-3398A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H8.63.94.0HIGH2024-12-08T08:00ZNETWORKLOWNONENONECHANGEDNONENONEHIGH
CVE-2020-1944There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2104Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2020-11235Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and NetworkingCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-5580Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2020-12769An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-19952Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-16140The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-1046A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input. CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-26975When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2020-0239In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-151095863CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-36670The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L6.32.83.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2020-0644An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0635.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9904A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-4988Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-26797Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-20808Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-8354A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-1430An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1354.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-7030A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-27716On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-0140In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146053215CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-36364An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2020-2818Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data as well as unauthorized update, insert or delete access to some of Oracle Universal Work Queue accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N8.22.84.7HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHLOWNONE
CVE-2020-3344A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-11040In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L2.71.21.4LOW2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONENONELOW
CVE-2020-8187Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-24502Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-6864ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-29572app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-28937OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-0234In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148189280CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11094The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as the potential exists for them to use this feature to view all requests being made to the application and obtain sensitive information from those requests. There even exists the potential for account takeovers of authenticated users by non-authenticated public users, which would then lead to a number of other potential issues as an attacker could theoretically get full access to the system if the required conditions existed. Issue has been patched in v3.1.0 by locking down access to the debugbar to all users; it now requires an authenticated backend user with a specifically enabled permission before it is even usable, and the feature that allows access to stored request information is restricted behind a different permission that's more restrictive.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9294An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-26905Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-29457A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N4.40.83.6MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONEHIGHNONE
CVE-2020-20252Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-4686IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2020-26962Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-8275Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2020-22151Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-3603Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-5283ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N3.50.92.5LOW2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDUNCHANGEDLOWLOWNONE
CVE-2020-36462An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-5831Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-11920An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2714Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-26539An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11996A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-25879A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-13588An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-22169PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-5551Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12116Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-16843In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-14987An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST transforming annotation such as @Grab.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-24673In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-28278Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14625Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-18428tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-11101Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-15793A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWNONE
CVE-2020-23303There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-35980An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-24397An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-17500Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result in unauthenticated remote code execution in the username and password fields of the logon prompt. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-26938In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N7.23.92.7HIGH2024-12-08T08:00ZNETWORKLOWNONENONECHANGEDLOWLOWNONE
CVE-2020-5577Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-3413A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for requests to delete scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to delete a scheduled meeting template. A successful exploit could allow the attacker to delete a scheduled meeting template that belongs to a user other than themselves.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2020-24314Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-8759Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a privileged user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12469admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2020-27948An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-3392A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-15217In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-24418Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-2106Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-6444Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L6.32.83.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWLOW
CVE-2020-14360A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-7717All versions of package dot-notes are vulnerable to Prototype Pollution via the create function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12619MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-36214An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-4223IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-11141u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, SA415M, SA515M, SC8180X, SDX55, SM8250CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2020-9736AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when browsing to the page containing the vulnerable field.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-6285SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-4324IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2020-26516A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-2623Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L6.01.24.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHLOWLOW
CVE-2020-27040In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153731880CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2020-8420An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-26926Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2020-9844A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-1936A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-14367A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H6.00.85.2MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONEHIGHHIGH
CVE-2020-10829An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), and Q(10.0) (Broadcom chipsets) software. A kernel driver heap overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-15880 (March 2020).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-3887A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2020-5922In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-1126A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1136, CVE-2020-1150.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-10421The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-11186Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to improper validation of input received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon MobileCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-0024In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-5642Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-27054In onFactoryReset of BluetoothManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-159061926CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-13409Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 3 of 3)CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L5.91.70000000000000023.7MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWLOWREQUIREDCHANGEDLOWLOWLOW
CVE-2020-13465The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-08T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-15951Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal credentials.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-2170Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-8905A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-3742Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14711Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14711 is applicable to macOS host only. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H6.50.60000000000000015.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-22327An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-35450Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-28579A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14385A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-13988An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-5783In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWNONE
CVE-2020-26029An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-20189SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-4643IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-12646OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-36650A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The patch is named 5108446c1e. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-27191LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-10913This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OCRAndExportToExcel command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9946.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-12443BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to bigbluebutton.properties. NOTE: this issue exists because of an ineffective mitigation to CVE-2020-12112 in which there was an attempted fix within an NGINX configuration file, without considering that the relevant part of NGINX is case-insensitive.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8449An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-0769An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0771.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-27870This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11917.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-25881A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2020-1188An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-0683An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8507The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-5249In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2020-9311In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-35930Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-15303Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-8973ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2020-20412lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-4435Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-08T08:00ZNETWORKHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-0915An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0916.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-6310Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-0211In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147491773CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-8775Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L8.92.36.0HIGH2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDHIGHHIGHLOW
CVE-2020-0281In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N4.50.93.6MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-13871SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-9750Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-8437The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-2702Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H7.50.86.0HIGH2024-12-08T08:00ZLOCALHIGHHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2020-35495There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-5561Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-15879Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-1327A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-1768The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L5.42.82.5MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONELOW
CVE-2020-16131Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-2768Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.3.28 and prior, 7.4.27 and prior, 7.5.17 and prior, 7.6.13 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster as well as unauthorized update, insert or delete access to some of MySQL Cluster accessible data. CVSS 3.0 Base Score 6.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H).CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H6.32.14.2MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDNONELOWHIGH
CVE-2020-14551Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 21.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle AutoVue accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2020-8936An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave memory. This allowed an attacker to read memory values from within the enclave.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-11016IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver. Version 2.1.1 fixes the vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-3309A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected device.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-25036UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-1918In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-12706Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.phpCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-12963An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-27847A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8952Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-28644The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2020-4794IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L5.42.82.5MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONELOW
CVE-2020-9493A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-25016A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2020-3664Out of bound read access in hypervisor due to an invalid read access attempt by passing invalid addresses in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and NetworkingCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H6.00.85.2MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONEHIGH
CVE-2020-7187A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-7145A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-26311Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no patches are available.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-15778scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-0523Improper access control in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2020-28251NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-6919Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-3778Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2020-15698An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentialsCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-5148SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N8.23.94.2HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWHIGHNONE
CVE-2020-7571A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-9124There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-19778Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-13414An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-15994Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-27449Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-1311An elevation of privilege vulnerability exists when Component Object Model (COM) client uses special case IIDs, aka 'Component Object Model Elevation of Privilege Vulnerability'.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-3155A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N7.42.25.2HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2020-1190An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1191.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-0935An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2020-0217In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141331405CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8790The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-24195An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.12.36.0CRITICAL2024-12-08T08:00ZNETWORKLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2020-7163A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14978An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-25781An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-27922A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-29615An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-0257In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-156741968CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-36193Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-1897A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11255Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon WearablesCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-7490A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-7591A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-21996AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-25285A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-08T08:00ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-25729ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-12388The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H10.03.96.0CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2020-13343An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project TemplateCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11519The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-3242A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to obtain the API key of another user, which would allow the attacker to impersonate the account of that user on the affected device. To exploit this vulnerability, the attacker must have administrative privileges on the device.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2020-10608In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-35800Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L9.43.95.5CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHLOW
CVE-2020-8694Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-0599Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-4825IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-6650UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-21862Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2020-11668In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2020-1695A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-11414An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the directory where the upload handler class is defined. Before 2020.1.330, a crafted web request could result in uploads to arbitrary locations.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-5537Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-35192The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11492An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12380Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-22617Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2972Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-18654Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-0354In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143604331CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-19455SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-27351Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L2.81.31.4LOW2024-12-08T08:00ZLOCALLOWLOWREQUIREDUNCHANGEDNONENONELOW
CVE-2020-29189Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NASCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2020-8284A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N3.72.21.4LOW2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDLOWNONENONE
CVE-2020-1613A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device that is vulnerable causing BGP session termination downstream. This issue affects IPv4 and IPv6 BGP FlowSpec deployment. This issue affects Juniper Networks Junos OS: 12.3; 12.3X48 on SRX Series; 14.1X53 on EX and QFX Series; 15.1 versions prior to 15.1R7-S5; 15.1F versions prior to 15.1F6-S13; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D497 on NFX Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3; 17.2 versions prior to 17.2R2-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R1-S8, 17.4R2; 18.1 versions prior to 18.1R2-S4, 18.1R3; 18.2X75 versions prior to 18.2X75-D20.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-4775A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IBM X-Force ID: 189153.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-8417The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-3423A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-26233Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option.CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N7.31.05.8HIGH2024-12-08T08:00ZNETWORKHIGHHIGHREQUIREDCHANGEDHIGHHIGHNONE
CVE-2020-28653Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-5960NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-17372SugarCRM before 10.1.0 (Q3 2020) allows XSS.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-7942Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 and 5.5.19 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. Affected software versions: Puppet 6.x prior to 6.13.0 Puppet Agent 6.x prior to 6.13.0 Puppet 5.5.x prior to 5.5.19 Puppet Agent 5.5.x prior to 5.5.19 Resolved in: Puppet 6.13.0 Puppet Agent 6.13.0 Puppet 5.5.19 Puppet Agent 5.5.19CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-27691The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-14506Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2020-14641Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2020-27653Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H8.31.66.0HIGH2024-12-08T08:00ZNETWORKHIGHNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2020-2737Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-08T08:00ZNETWORKHIGHHIGHREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-29651A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-3968VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H8.21.56.0HIGH2024-12-08T08:00ZLOCALLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2020-17439An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing DNS query with a transaction ID that matches the transaction ID of an incoming reply. Provided that the default DNS cache is quite small (only four records) and that the transaction ID has a very limited set of values that is quite easy to guess, this can lead to DNS cache poisoning.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L8.33.93.7HIGH2024-12-08T08:00ZNETWORKLOWNONENONECHANGEDLOWLOWLOW
CVE-2020-5976NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-5307PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-4672IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-10248BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-6870The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-21127MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-22041A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-18124A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N5.72.13.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2020-4358IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178762.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-5589SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9934An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-15997Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-36785In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() The "s3a_buf" is freed along with all the other items on the "asd->s3a_stats" list. It leads to a double free and a use after free.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2573Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-14519This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-28572A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9439Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 allows authenticated remote attackers to inject arbitrary web script or HTML via the search_key GET Parameter in TinCan_Content_List_Table.php, message GET Parameter in licensing.php, tc_filter_group parameter in reporting-admin-menu.php, tc_filter_user parameter in reporting-admin-menu.php, tc_filter_course parameter in reporting-admin-menu.php, tc_filter_lesson parameter in reporting-admin-menu.php, tc_filter_module parameter in reporting-admin-menu.php, tc_filter_action parameter in reporting-admin-menu.php, tc_filter_data_range parameter in reporting-admin-menu.php, or tc_filter_data_range_last parameter in reporting-admin-menu.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-12013A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2020-13936An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-15619This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the type parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9723.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-13791hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-11788Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-5834Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-10846An issue was discovered on Samsung mobile devices with P(9.x) and Q(10.x) software. Attackers can enable the OEM unlock feature on a KG-enrolled devices, leading to potentially unwanted binaries being downloaded. The Samsung ID is SVE-2019-16554 (February 2020).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-15162In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-6653Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices.CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N3.90.300000000000000043.6LOW2024-12-08T08:00ZPHYSICALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2020-13773Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-7388Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by exploiting CVE-2020-7387. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 including Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syracuse 9.24.1.3), Version 11 (components shipped with Syracuse 11.25.2.6 and later), and Version 12 (components shipped with Syracuse 12.10.2.8 and later) of Sage X3. Other on-premises versions of Sage X3 are unsupported by the vendor.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9040Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-35752Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-10746A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H6.11.84.2MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONELOWHIGH
CVE-2020-24359HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-1580A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-35228A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-6263Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2284Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N7.12.84.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHLOWNONE
CVE-2020-2137Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-4432Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810.CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-08T08:00ZNETWORKHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-6804A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-21785In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-7202A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-8127Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-0927A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-6393Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-25837Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-0665An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-27518All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12423When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-7817MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11973Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-20658Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denail of service when trying to calloc an unexpectiedly large space.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-28404An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-2593Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N4.82.22.5MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDLOWLOWNONE
CVE-2020-13977Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N4.91.23.6MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHNONE
CVE-2020-10063A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-21881Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2020-11509An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-12504Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8542OX App Suite through 7.10.3 allows XSS.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-15667When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-3208A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient access restrictions on the area of code that manages the image verification feature. An attacker could exploit this vulnerability by first authenticating to the targeted device and then logging in to the Virtual Device Server (VDS) of an affected device. The attacker could then, from the VDS shell, disable Cisco IOS Software integrity (image) verification. A successful exploit could allow the attacker to boot a malicious Cisco IOS Software image on the targeted device. To exploit this vulnerability, the attacker must have valid user credentials at privilege level 15.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-4015The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-19693An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14429Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2499A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-26996A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12027)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-25094LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem privileges.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-24563A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2604Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-13331An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-14377A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2020-14205The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2020-9560Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-35340A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-25712A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-15569PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-11071SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N8.63.94.0HIGH2024-12-08T08:00ZNETWORKLOWNONENONECHANGEDNONEHIGHNONE
CVE-2020-13328An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-7722All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-5806An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-24203Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-10464Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-24292Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-8027A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H6.61.84.7MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWLOWHIGH
CVE-2020-27936An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause unexpected system termination or read kernel memory.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2020-23481CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-0430In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153881554CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-25628The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-11437LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-6552Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-14561Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H7.31.35.9HIGH2024-12-08T08:00ZLOCALLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-25561SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8869This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9881.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-7577A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Through the use of several vulnerable fields of the application, an authenticated user could perform an SQL Injection attack by passing a modified SQL query downstream to the back-end server. The exploit of this vulnerability could be used to read, and potentially modify application data to which the user has access to.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2020-1975Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14452An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-17405This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12399NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-08T08:00ZLOCALHIGHLOWREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-26924Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-7507A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-5733In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-25474SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-15861Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-0673A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-08T08:00ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-4780OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-10615Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-17408This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-16260Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-4287IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-24613wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers.CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N6.81.65.2MEDIUM2024-12-08T08:00ZNETWORKHIGHLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2020-18705XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-1145An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1179.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-1556An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11685In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-8567Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2020-0207In next_marker of jdmarker.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135532289CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-15305An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-1696A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-10701A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-12131The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-1980A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-25138An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-25148An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-11114u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9576Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12041The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H9.43.95.5CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHLOWHIGH
CVE-2020-2224Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-26931Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-2723Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N7.12.84.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHLOWNONE
CVE-2020-28337A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-20467White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N6.53.92.5MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWLOWNONE
CVE-2020-5366Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-12608An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-26183Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2020-9241Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H7.02.24.7HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDLOWLOWHIGH
CVE-2020-12911A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-13174The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-4831IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-2541Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L6.53.92.5MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWLOW
CVE-2020-36550Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-7973GitLab through 12.7.2 allows XSS.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-5013IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 193245.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2020-4657IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-11987Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N8.23.94.2HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHLOWNONE
CVE-2020-16214In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N5.01.82.7MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-3168A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-13619php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-7643paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2020-5610Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earlier allows an attacker to cause a denial-of-service (DoS) condition and execute arbitrary code via unspecified vectors.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-28267Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-26930NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N3.81.22.5LOW2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDLOWLOWNONE
CVE-2020-8183A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-2036A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-9842An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHNONE
CVE-2020-4267IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-14297A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-8154An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H7.73.14.0HIGH2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDNONENONEHIGH
CVE-2020-35506A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11297Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & MusicCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-0936An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections, aka 'Windows Scheduled Task Elevation of Privilege Vulnerability'.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2020-35555An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-36212An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-10786A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-15702TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-08T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-28922An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-08T08:00ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2020-12860COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-35865An issue was discovered in the os_str_bytes crate before 2.0.0 for Rust. It has false expectations about char::from_u32_unchecked behavior.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-23273Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-24722An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is "We do not believe that TX power authentication would be a useful defense against relay attacks.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-0733An elevation of privilege vulnerability exists when the Windows Malicious Software Removal Tool (MSRT) improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability'.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14231A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-1951A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-14515CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-28407In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2020-2147A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2020-10632Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2020-10590Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-11596A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-17456SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-23931An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2020-3748Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-11223Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WearablesCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-23240Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-35197The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9109There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11).CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N4.60.93.6MEDIUM2024-12-08T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-3809Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-13887documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-7139Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2020-22015Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-3172A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-4863IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-35839Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N8.11.70000000000000025.8HIGH2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDHIGHHIGHNONE
CVE-2020-5886On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2020-13310A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-11903The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-6991In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-15566An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H6.52.04.0MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONECHANGEDNONENONEHIGH
CVE-2020-29299Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-4619IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-35916An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-12143The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N4.91.23.6MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHNONE
CVE-2020-2817Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Scripting accessible data as well as unauthorized update, insert or delete access to some of Oracle Scripting accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N8.22.84.7HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHLOWNONE
CVE-2020-25638A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N7.42.25.2HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2020-1899The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-0189In ihevcd_decode() of ihevcd_decode.c, there is possible resource exhaustion due to an infinite loop. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139939283CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-3755Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-9781The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2020-1907A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8764Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14676Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H7.50.86.0HIGH2024-12-08T08:00ZLOCALHIGHHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2020-9017LiteCart through 2.2.1 allows CSV injection via a customer's profile.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-08T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-36762A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. Affected by this issue is the function jobs of the file .github/workflows/comment.yml. The manipulation of the argument $COMMENT_BODY leads to os command injection. Upgrading to version 2.0.28 is able to address this issue. The name of the patch is dcaad2540f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-234248.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-10791app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2020-10007A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-16117In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-26941A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2020-2669Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N8.22.84.7HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHLOWNONE
CVE-2020-15025ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.91.23.6MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2020-6320SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2020-8246Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-6242SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-25612The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2020-1646On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-36152Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-3176A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying certain CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, which could result in a complete system compromise.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-20693A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-1928An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-5740Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12499In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H7.31.35.9HIGH2024-12-08T08:00ZLOCALLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-26234Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. This problem is fixed in Opencast 7.9 and Opencast 8.8 Please be aware that fixing the problem means that Opencast will not simply accept any self-signed certificates any longer without properly importing them. If you need those, please make sure to import them into the Java key store. Better yet, get a valid certificate.CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N4.81.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHLOWREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2020-19586Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.02.36.0CRITICAL2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2020-14149In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-13949In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-36540A vulnerability, which was classified as critical, was found in Neetai Tech. Affected is an unknown function of the file /product.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-4035In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to become unusable. This may happen in apps that don't validate IDs (valid IDs are `/^[a-zA-Z0-9_-.]+$/`) and use Watermelon Sync or low-level `database.adapter.destroyDeletedRecords` method. The integrity risk is low due to the fact that maliciously deleted records won't synchronize, so logout-login will restore all data, although some local changes may be lost if the malicious deletion causes the sync process to fail to proceed to push stage. No way to breach confidentiality with this vulnerability is known. Full exploitation of SQL Injection is mitigated, because it's not possible to nest an insert/update query inside a delete query in SQLite, and it's not possible to pass a semicolon-separated second query. There's also no known practicable way to breach confidentiality by selectively deleting records, because those records will not be synchronized. It's theoretically possible that selective record deletion could cause an app to behave insecurely if lack of a record is used to make security decisions by the app. This is patched in versions 0.15.1, 0.16.2, and 0.16.1-fixCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H5.91.64.2MEDIUM2024-12-08T08:00ZNETWORKHIGHLOWNONEUNCHANGEDNONELOWHIGH
CVE-2020-35730An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-22057The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2020-10439The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a question mark (?) followed by the payload.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-11272Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-36638** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be initiated remotely. The patch is named 9a45087814. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217043. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-19048Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-26405Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L7.12.84.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHLOW
CVE-2020-7681This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-36162An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems users can create directories under <drive>:\. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, which may result in arbitrary code execution. This would give the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-08T08:00ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2020-4527IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-5565Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2020-1101A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-15989Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-11130u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130PCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12470MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-23899A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-26582D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14178Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-2128Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-9201There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-4475IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-11628An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA's internal access control restrictions are still in place, and each respective protocol must be configured to allow for enrollment.)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-22056A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-1887Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2020-36246Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-27372A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12349Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-28657In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9413The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. If the attacker convinces an authenticated user with a currently active session to enter or click on the URL the commands will be executed on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2020-15488Re:Desk 2.3 allows insecure file upload.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-8919An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.52.11.4LOW2024-12-08T08:00ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-4271IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L6.32.83.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2020-14274Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-25988UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-27721In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, in a BIG-IP DNS / BIG-IP LTM GSLB deployment, under certain circumstances, the BIG-IP DNS system may stop using a BIG-IP LTM virtual server for DNS response.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-2509A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and laterCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-10266UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2696Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-08T08:00ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2020-27678An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-27402The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-25786webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer headerCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-12837ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-10284No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2020-5858On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-17398This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-11302.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N6.52.04.0MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONECHANGEDHIGHNONENONE
CVE-2020-26122Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator's rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-13262Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a linkCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-15634This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L6.32.83.4MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDLOWLOWLOW
CVE-2020-8286curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-20413SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-13980OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you are still required to be logged into the admin.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-0316In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-7066In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2020-6409Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-7043An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2020-8471For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12779Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-25240A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-6969It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-3249Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-28009Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-3749Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14700Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N5.30.84.0MEDIUM2024-12-08T08:00ZLOCALHIGHHIGHNONECHANGEDHIGHNONENONE
CVE-2020-15654When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2020-24634An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-22809In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14936Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid() may overwrite memory areas beyond the provided target buffer, when called from snmp_message_decode() upon an SNMP request reception. Because the content of the write operations is externally provided in the SNMP requests, it enables a remote overwrite of an IoT device's memory regions beyond the allocated buffer. This overflow may allow remote overwrite of stack and statically allocated variables memory regions by sending a crafted SNMP request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-36649A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758c. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-35329Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-5949On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-1361An information disclosure vulnerability exists in the way that the WalletService handles memory.To exploit the vulnerability, an attacker would first need code execution on a victim system, aka 'Windows WalletService Information Disclosure Vulnerability'.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-15036NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-13661Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-9803A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-9038Joplin through 1.0.184 allows Arbitrary File Read via XSS.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-8233A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2492If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-16156CPAN 2.28 allows Signature Verification Bypass.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-15632This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14184Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-13289A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2020-6581Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H7.31.35.9HIGH2024-12-08T08:00ZLOCALLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-8573The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-29396A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-29613A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2020-19513Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-10080GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-35717zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.02.36.0CRITICAL2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2020-7319Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-08T08:00ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2020-25846The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N7.42.84.0HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHNONENONE
CVE-2020-12122In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8797Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9453In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-8489Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-0695A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWNONE
CVE-2020-10537An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-4079Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N7.73.14.0HIGH2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDHIGHNONENONE
CVE-2020-7055An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H9.93.16.0CRITICAL2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2020-1121An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1111, CVE-2020-1165, CVE-2020-1166.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11110Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-16295A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-5674Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-9732The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.02.36.0CRITICAL2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2020-9607Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-15301SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-15258In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL's protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed. The issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-08T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-36745The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-0297In devicepolicy service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155183624CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-10612Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2020-23861A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-15321Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-6175Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-9865A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H8.61.86.0HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2020-25613An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-13675Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-15418This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSRSReport class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose file contents in the context of SYSTEM. Was ZDI-CAN-10709.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-11167Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2884Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-20122Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8320An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-08T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11866libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-9852An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-4471IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L6.53.92.5MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWLOW
CVE-2020-10457Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed).CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N2.71.21.4LOW2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONELOWNONE
CVE-2020-15477The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.exec function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-36238The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-15733An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-36379An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-7185A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-4384IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-6270SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2020-1904A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2020-0639An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0615.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-21787CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11136Buffer Over-read in audio driver while using malloc management function due to not returning NULL for zero sized memory requirement in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and NetworkingCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-27192BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-6009LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14334A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-08T08:00ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2020-1561A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-0047In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N3.31.81.4LOW2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2020-13275A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2020-29127An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en is visited from a different web browser.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14075TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-0481In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157472962CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N3.31.81.4LOW2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2020-11584A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-6286The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-1365An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1371.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-6271SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H8.23.94.2HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONEHIGH
CVE-2020-16267Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-5600TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-17490The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-4209IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L5.42.82.5MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWLOW
CVE-2020-15081In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-1778When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-35864An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. read_scalar (and read_scalar_at) can transmute values without unsafe blocks.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-11841Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-13699TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-10557An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-29610An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-3400A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacker to utilize parts of the web UI for which they are not authorized. This could allow a Read-Only user to perform actions of an Admin user.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8259Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2020-24025Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2020-17451flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-24375A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-27284TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-29456Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in Papermerge, a malicious document can be sent by email and is automatically uploaded into the Papermerge web application. Therefore, no authentication is required to exploit XSS if email consumption is configured. Otherwise authentication is required.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-15689Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-8879This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9626.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2020-2009An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9386In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-2852Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Calendar). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N8.22.84.7HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHLOWNONE
CVE-2020-7462In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-13260A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-8544OX App Suite through 7.10.3 allows SSRF.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-25791An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-24188Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-11914The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-2158Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-3855An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHHIGH
CVE-2020-0645A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-2883Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-35723Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainerCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-8170We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user' session information and/or account takeover of the admin user.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-28455This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-13614An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-35460common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2020-5579SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-18768There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-27230A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-35521A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-5873On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-25701If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2020-7109The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8615A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2020-7606docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-10940Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-3301Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2020-2308A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-5776Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-36521An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2020-27004A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-0857An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-27821A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H6.01.54.0MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONECHANGEDNONENONEHIGH
CVE-2020-3134A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L6.53.92.5MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWLOW
CVE-2020-15180A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H9.02.26.0CRITICAL2024-12-08T08:00ZNETWORKHIGHNONENONECHANGEDHIGHHIGHHIGH
CVE-2020-11287Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and NetworkingCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-1259A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-0227In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-129476618CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-10722A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-13397An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-11298While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers used by HLOS Invoke Call to secure kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and NetworkingCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-08T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-10802In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-08T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-24615Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2020-4685A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9228FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-18735A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-5353The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-9487In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-14040The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-0407In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153450752References: N/ACVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2020-24827A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-0094In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-6317In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.52.11.4LOW2024-12-08T08:00ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-29041A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contain sources used to generate the bundle, configuration settings (e.g., API keys), and developers' comments.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-0519Improper access control for Intel(R) Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-3346A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-36170The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2020-10971An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session. Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-14522Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-4395IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2020-3179A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory handling error when GRE over IPv6 traffic is processed. An attacker could exploit this vulnerability by sending crafted GRE over IPv6 packets with either IPv4 or IPv6 payload through an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-0506Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L2.30.81.4LOW2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONENONELOW
CVE-2020-11004SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-35981An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-5195Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attacker.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-11963IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-28144Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14162An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-0333In UrlQuerySanitizer, there is a possible improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-73822755CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14402An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L5.42.82.5MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONELOW
CVE-2020-0328In the camera, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150156131CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2020-22453Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-26100chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-24194A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-2252Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N4.82.22.5MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDLOWLOWNONE
CVE-2020-10463Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-13592An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-36651A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The identifier of the patch is c4c0f0138a. It is recommended to apply a patch to fix this issue. The identifier VDB-218461 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-24427Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2020-24113Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2020-10705A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-12986An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-5632InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege via a specially crafted executable files.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-25269An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2020-4099The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2020-3883This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-20124Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-7617ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-21526An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-13345An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple RoutesCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-26838SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.12.36.0CRITICAL2024-12-08T08:00ZNETWORKLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2020-0972A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0975, CVE-2020-0976, CVE-2020-0977.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2020-0114In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-11125u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9150, MDM9607, MDM9650, MSM8905, MSM8917, MSM8953, Nicobar, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-5644Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-5599TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-16281The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-14595Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Assessment Manager). Supported versions that are affected are 6.1 and 6.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle iLearning. CVSS 3.1 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L8.23.94.2HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONELOW
CVE-2020-24573BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-26412Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2020-35339In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-1793There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N4.60.93.6MEDIUM2024-12-08T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-24141Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on servicesCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2020-27993Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2020-12425Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-1775BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2020-5655NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-5797UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N6.10.95.2MEDIUM2024-12-08T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2020-1397An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-2567Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). The supported version that is affected is 18.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2020-0854An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2020-25176Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-0379In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150156492CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.72.13.6MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2020-15644This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the setAppFileBytes method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10550.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-27123A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2020-11718An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N7.42.25.2HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2020-8351A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-0638An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-15500An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-27543The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2020-6017Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-0330In iorap, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150331085CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-12415When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2020-2139An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2020-6484Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2020-24075Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2020-8645An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-8616A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H8.63.94.0HIGH2024-12-08T08:00ZNETWORKLOWNONENONECHANGEDNONENONEHIGH
CVE-2020-10587antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2020-2828Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-14704Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N6.01.54.0MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONECHANGEDHIGHNONENONE
CVE-2020-0351In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777537CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2020-2697Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications. Supported versions that are affected are 3.7 and 3.8. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N4.90.70000000000000014.2MEDIUM2024-12-08T08:00ZPHYSICALLOWLOWNONEUNCHANGEDHIGHLOWNONE
CVE-2020-15523In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-7816A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe vulnerability is due to a stack overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2020-6750GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2020-4291IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176334.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2021-30750The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user's recent contacts.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-39933An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-30738A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Mojave. An issue with path validation logic for hardlinks was addressed with improved path sanitization.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2021-3515A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription().CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-46240A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS).CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-42713Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-39237Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N4.60.93.6MEDIUM2024-12-07T08:01ZPHYSICALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-21001On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-26556When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-20078Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2021-30028SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmware remotely.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-30290Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon MobileCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:01ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-41780Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-24584The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be perform via CSRF against a logged in with such capability. In versions before 2.3.19, the lack of sanitisation and escaping in some of the fields, like the descritption could also lead to Stored XSS issuesCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-38144An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XSS when a viewing a form via the submission_id parameter, e.g., clients/forms/edit_submission.php?form_id=1&view_id=1&submission_id=[XSS].CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-0426In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174485572CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-24214The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-45931HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-40024Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-31292An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-22711A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to missing validation of input data.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-34934This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14912.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-28641Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-36178A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-34590In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-33325The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-1150Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33270D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-46163Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-41930Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-23416This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-31632b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-1445Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-46354Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-3370DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-22987On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H9.93.16.0CRITICAL2024-12-07T08:01ZNETWORKLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2021-38569An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-46022An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-21607Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-25159A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H6.51.25.2MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHHIGH
CVE-2021-23836An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. The injected payload will be executed in the browser of a user whenever one visits the affected module page.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-24700The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowedCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-31895A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37789stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2021-24970The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issueCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33882A Missing Authentication for Critical Function vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to reconfigure the device from an unknown source because of lack of authentication on proprietary networking commands.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N8.63.94.0HIGH2024-12-07T08:01ZNETWORKLOWNONENONECHANGEDNONEHIGHNONE
CVE-2021-29143A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba AOS-CX firmware: 10.04.xxxx - versions prior to 10.04.3070, 10.05.xxxx - versions prior to 10.05.0070, 10.06.xxxx - versions prior to 10.06.0110, 10.07.xxxx - versions prior to 10.07.0001. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-36408An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-24016An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H6.30.300000000000000045.9MEDIUM2024-12-07T08:01ZLOCALHIGHHIGHREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-3131The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-24227The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-33323The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-43420SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-42886TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-40175Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-40492A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-25031The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site ScriptingCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-35116APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WearablesCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N7.11.85.2HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2021-40674An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20753Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-1148Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-3146The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-29576TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPool3DGradGrad` is vulnerable to a heap buffer overflow. The implementation(596c05a159/tensorflow/core/kernels/pooling_ops_3d.cc (L694-L696)) does not check that the initialization of `Pool3dParameters` completes successfully. Since the constructor(596c05a159/tensorflow/core/kernels/pooling_ops_3d.cc (L48-L88)) uses `OP_REQUIRES` to validate conditions, the first assertion that fails interrupts the initialization of `params`, making it contain invalid data. In turn, this might cause a heap buffer overflow, depending on default initialized values. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-24973The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the pluginCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-20147ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-41588In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38978IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-29514TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the `splits` tensor buffer in the implementation of the `RaggedBincount` op(8b677d7916/tensorflow/core/kernels/bincount_op.cc (L430-L446)). Before the `for` loop, `batch_idx` is set to 0. The attacker sets `splits(0)` to be 7, hence the `while` loop does not execute and `batch_idx` remains 0. This then results in writing to `out(-1, bin)`, which is before the heap allocated buffer for the output tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are also affected.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-3479There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-46389IIPImage High Resolution Streaming Image Server prior to commit 882925b295 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-24808The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issueCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-38429OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2021-4316Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2021-41131python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_one_valid_targetinfo()`. It occurs because the rolename is used to form the filename, and may contain path traversal characters (ie `../../name.json`). The impact is mitigated by a few facts: It only affects implementations that allow arbitrary rolename selection for delegated targets metadata, The attack requires the ability to A) insert new metadata for the path-traversing role and B) get the role delegated by an existing targets metadata, The written file content is heavily restricted since it needs to be a valid, signed targets file. The file extension is always .json. A fix is available in version 0.19 or newer. There are no workarounds that do not require code changes. Clients can restrict the allowed character set for rolenames, or they can store metadata in files named in a way that is not vulnerable: neither of these approaches is possible without modifying python-tuf.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H8.72.25.8HIGH2024-12-07T08:01ZNETWORKHIGHNONENONECHANGEDNONEHIGHHIGH
CVE-2021-3693LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2021-39693In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208662370CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38186An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-23995When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-20312A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-22854The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-31426This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12791.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-07T08:01ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2021-46898views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-3717A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-36410A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-36226Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-0874In PVRSRVBridgeDevicememHistorySparseChange of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399633CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-35499The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-0955In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-192085766CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:01ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-31786The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-27428GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22718A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring project files.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-20569IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-33657There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-21440Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-44994There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-25278FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-44568Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-36041Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the 'pub/media` directory could lead to remote code execution.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45648Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-30270Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and NetworkingCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-25033The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issueCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-30808This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A malicious application may be able to modify protected parts of the file system.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-32275An issue was discovered in faust through v2.30.5. A NULL pointer dereference exists in the function CosPrim::computeSigOutput() located in cosprim.hh. It allows an attacker to cause Denial of Service.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-3597A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H5.92.23.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-36791The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-32860iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vulnerable to cross-site scripting (XSS) when handling untrusted modal titles. An attacker who is able to influence the field `title` when creating a `iziModal` instance is able to supply arbitrary `html` or `javascript` code that will be rendered in the context of a user, potentially leading to `XSS`. Version 1.6.1 contains a patch for this issueCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-43469VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37653TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [implementation](f24faa153a/tensorflow/core/kernels/resource_variable_ops.cc (L725-L731)) computes the value of a value, `batch_size`, and then divides by it without checking that this value is not 0. We have patched the issue in GitHub commit ac117ee8a8. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-32557It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H7.11.85.2HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2021-37983Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-22341There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Affected product versions include:IPS Module V500R005C00SPC100,V500R005C00SPC200;NGFW Module V500R005C00SPC100,V500R005C00SPC200;NIP6300 V500R005C00SPC100,V500R005C10SPC200;NIP6600 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 V500R005C00SPC100,V500R005C10SPC200;Secospace USG6600 V500R005C00SPC100,V500R005C00SPC200.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.91.23.6MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2021-40960Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20176A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-1280A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H7.31.35.9HIGH2024-12-07T08:01ZLOCALLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-27850A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-34326A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13422)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-45414A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-0119Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.20.300000000000000045.9MEDIUM2024-12-07T08:01ZPHYSICALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-31006Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-25457An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-36889Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6).CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-30543Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-1174Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-21849An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-29387Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-38723FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/itemsCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-36976libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-46908In the Linux kernel, the following vulnerability has been resolved: bpf: Use correct permission flag for mixed signed bounds arithmetic We forbid adding unknown scalars with mixed signed bounds due to the spectre v1 masking mitigation. Hence this also needs bypass_spec_v1 flag instead of allow_ptr_leaks.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-22954A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-32953An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37702Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-4280A vulnerability was found in styler_praat_scripts. It has been classified as problematic. Affected is an unknown function of the file file_segmenter.praat of the component Slash Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The name of the patch is 0cad44aa4a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216780.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-38584The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-42070When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the applicationCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L3.31.81.4LOW2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONELOW
CVE-2021-28814An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-0946The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameInt on the heap, fills the contents of the buffer via PMR_PDumpSymbolicAddr, and then copies the buffer to userspace. The method PMR_PDumpSymbolicAddr may fail, and if it does the buffer will be left uninitialized and despite the error will still be copied to userspace. Kernel leak of uninitialized heap data with no privs required.Product: AndroidVersions: Android SoCAndroid ID: A-236846966CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-21636A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-0005Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2021-39432diplib v3.0.0 is vulnerable to Double Free.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-36874Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-0333In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-168504491CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H7.31.35.9HIGH2024-12-07T08:01ZLOCALLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-31450This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13084.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-30612Chromium: CVE-2021-30612 Use after free in WebRTCCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-24556The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribe_email and subscribe_name POST parameters, inserting them in the DB and then outputting them back in the Subscriber list (/wp-admin/edit.php?post_type=kes_campaign&page=kento_email_subscriber_list_settings), leading a Stored XSS issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-20247A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N7.42.25.2HIGH2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2021-25394A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-07T08:01ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22281: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-38449Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected product.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-42379A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file functionCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33797Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38930IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-42627The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-23935OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-43736CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log ruleCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-46441In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-42986NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-07T08:01ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2021-35235The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-21618Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-33103Unintended intermediary in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-24894The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/pageCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-45950LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-24941The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issueCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-25661A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-39074IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-31826Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-31882A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-44528A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-32634Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the [`WorkSpaceClientEnqueue.action`](30c54ef16c/src/main/java/emissary/server/mvc/internal/WorkSpaceClientEnqueueAction.java) REST endpoint. This issue may lead to post-auth Remote Code Execution. This issue has been patched in version 6.5.0. As a workaround, one can disable network access to Emissary from untrusted sources.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-24162In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-29530TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid `permutation` to `tf.raw_ops.SparseMatrixSparseCholesky`. This is because the implementation(080f1d9e25/tensorflow/core/kernels/sparse/sparse_cholesky_op.cc (L85-L86)) fails to properly validate the input arguments. Although `ValidateInputs` is called and there are checks in the body of this function, the code proceeds to the next line in `ValidateInputs` since `OP_REQUIRES`(080f1d9e25/tensorflow/core/framework/op_requires.h (L41-L48)) is a macro that only exits the current function. Thus, the first validation condition that fails in `ValidateInputs` will cause an early return from that function. However, the caller will continue execution from the next line. The fix is to either explicitly check `context->status()` or to convert `ValidateInputs` to return a `Status`. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-44155An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-39533An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a heap-based buffer overflow.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-45628Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBS40V before 2.6.2.4, and RBW30 before 2.6.2.2.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-3020An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-26681A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-29960Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2021-45898SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-31816When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-41224TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `values`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2021-21958A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-40889CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22957A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-36372In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32138The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-43816containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.12.36.0CRITICAL2024-12-07T08:01ZNETWORKLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2021-0483In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38122A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N8.22.84.7HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDHIGHLOWNONE
CVE-2021-33507Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-0658In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-40155A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-39900Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N2.71.21.4LOW2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDLOWNONENONE
CVE-2021-23963When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2021-40656libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-1945Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and NetworkingCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-20209A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-0199Improper input validation in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2021-35296An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-21219Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-30827A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22469A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2021-26954An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insert_slice_clone can perform a double drop.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2021-37711Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45297An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-21825A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22303There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L3.31.81.4LOW2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONELOW
CVE-2021-22424A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-47518In the Linux kernel, the following vulnerability has been resolved: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done The done() netlink callback nfc_genl_dump_ses_done() should check if received argument is non-NULL, because its allocation could fail earlier in dumpit() (nfc_genl_dump_ses()).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-36869Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-41260Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-36129An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2021-20086Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-41116Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37839Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-28806A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 Build 20210414. QNAP Systems Inc. QuTScloud versions prior to c4.5.5.1656 Build 20210503. This issue does not affect: QNAP Systems Inc. QTS 4.3.6; 4.3.3.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-33441An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in exec_expr() in mjs.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-1169Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-46142An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-34756Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-1968Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-44387A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H7.73.14.0HIGH2024-12-07T08:01ZNETWORKLOWLOWNONECHANGEDNONENONEHIGH
CVE-2021-38685A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and laterCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-21577Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-21441There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-26805Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-28038An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H6.52.04.0MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONECHANGEDNONENONEHIGH
CVE-2021-29591TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be replaced by stack overflow due to too many recursive calls. For example, the `While` implementation(106d8f4fb8/tensorflow/lite/kernels/while.cc) could be tricked into a scneario where both the body and the loop subgraphs are the same. Evaluating one of the subgraphs means calling the `Eval` function for the other and this quickly exhaust all stack space. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. Please consult our security guide(https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-1041In (TBD) of (TBD), there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182950799References: N/ACVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-1446A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a logic error that occurs when an affected device inspects certain DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through an affected device that is performing NAT for DNS packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability can be exploited only by traffic that is sent through an affected device via IPv4 packets. The vulnerability cannot be exploited via IPv6 traffic.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-39076IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-24594The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-28793vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38278Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-0876In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400229CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-29955A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N5.31.63.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-20049A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-41543A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-21575 Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33022Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-1129A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. The vulnerability exists because a secure authentication token is not required when authenticating to the general purpose API. An attacker could exploit this vulnerability by sending a crafted request for information to the general purpose API on an affected device. A successful exploit could allow the attacker to obtain system and configuration information from the affected device, resulting in an unauthorized information disclosure.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-34594TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H6.51.25.2MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHHIGH
CVE-2021-1763A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-38459The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-30811This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-37419Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-43064A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-42102An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service agents could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-23958The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-45740TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-36093It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2021-34348A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and laterCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22516Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-0077Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before version 2021.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38461The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N8.23.94.2HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWHIGHNONE
CVE-2021-36159libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2021-24992The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-39503PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-42727Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-22145A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-32752Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-42568Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-25179SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-28145Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-43951Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-4398The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2021-25456OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-20108Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed (due to authtoken validation), the Asset Explorer agent will reach out to the manage engine server for an HTTP request. During this process, AEAgent.cpp allocates 0x66 bytes using "malloc". This memory is never free-ed in the program, causing a memory leak. Additionally, the instruction sent to aeagent (ie: NEWSCAN, DELTASCAN, etc) is converted to a unicode string, but is never freed. These memory leaks allow a remote attacker to exploit a Denial of Service scenario through repetitively sending these commands to an agent and eventually crashing it the agent due to an out-of-memory condition.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-38435RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-4193vim is vulnerable to Out-of-bounds ReadCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-22780Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N7.11.85.2HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2021-30775A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-44622A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22047In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-31516This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BNDB files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13670.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-20853ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors.CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-25464An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-22387There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-40060There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-20872Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier) allows a physical attacker to bypass the firmware integrity verification and to install malicious firmware.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:01ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-3801prism is vulnerable to Inefficient Regular Expression ComplexityCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-1886Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon WearablesCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37468NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-40087An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). This affects use of any of the following protocols: SCEP, CMP, or EST.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N2.71.21.4LOW2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDLOWNONENONE
CVE-2021-46054A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-33546Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-27135xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45263An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-45627Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-39644Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/ACVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-27165An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32790Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can exploit vulnerable endpoints of `/wp-json/wc/v3/webhooks`, `/wp-json/wc/v2/webhooks` and other webhook listing API. Read-only SQL queries can be executed using this exploit, while data will not be returned, by carefully crafting `search` parameter information can be disclosed using timing and related attacks. Version 3.3.6 is the earliest version of Woocommerce with a patch for this vulnerability. There are no known workarounds other than upgrading.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-20550IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199168.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-24715The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-20087Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33483An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-40970Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-21282Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been patched in Contiki-NG 4.5. Users can apply the patch for this vulnerability out-of-band as a workaround.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-29443jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. A possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). All major release versions have had a patch released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `^1.28.1 || ^2.0.5 || >=3.11.4`. Users should upgrade their v1.x dependency to ^1.28.1, their v2.x dependency to ^2.0.5, and their v3.x dependency to ^3.11.4. Thanks to Jason from Microsoft Vulnerability Research (MSVR) for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-23445This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-32490A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-22353There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the kernel to restart.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-45734TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-30737A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-46996In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix a memleak from userdata error path in new objects Release object name if userdata allocation fails.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-0532In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196177CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:01ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32859The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting (XSS) when handling untrusted `placeholder` entries. An attacker who is able to influence the field `placeholder` when creating a `Calendar` instance is able to supply arbitrary `html` or `javascript` that will be rendered in the context of a user leading to XSS. There are no known patches for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-36357An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-23274The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32677FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery (CSRF) attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if the content-type header sent was not set to application/json or a compatible JSON media type (e.g. application/geo+json). A request with a content type of text/plain containing JSON data would be accepted and the JSON data would be extracted. Requests with content type text/plain are exempt from CORS preflights, for being considered Simple requests. The browser will execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application. This is fixed in FastAPI 0.65.2. The request data is now parsed as JSON only if the content-type header is application/json or another JSON compatible media type like application/geo+json. It's best to upgrade to the latest FastAPI, but if updating is not possible then a middleware or a dependency that checks the content-type header and aborts the request if it is not application/json or another JSON compatible content type can act as a mitigating workaround.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHNONE
CVE-2021-22904The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-0359In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442011.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-25925in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-45513NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2021-23016On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-37552In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-21336Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install "Products.PluggableAuthService>=2.6.0"`.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-1592A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONENONELOW
CVE-2021-29843IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-3621A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-46529Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8814e. This vulnerability can lead to a Denial of Service (DoS).CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-1906Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-27436WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-22848HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-21729Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-27181An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the value of the anti-CSRF token, the attacker may trick the user into visiting his malicious page and performing any request with the privileges of attacked user.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-28053An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45819Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-43975In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-43032In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-42126An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20541IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198927.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-42574An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H8.31.66.0HIGH2024-12-07T08:01ZNETWORKHIGHNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2021-22733Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33004The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-45230In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2021-38895IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-38342The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHHIGH
CVE-2021-45268A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-onsCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-44531Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N7.42.25.2HIGH2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2021-28834Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-42242A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32561OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-26735The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-3271PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-35290File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-41181Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N2.40.91.4LOW2024-12-07T08:01ZPHYSICALLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-39047IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-27759This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-23419This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor payload.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37067There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality impacted.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-41459There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-39726In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/ACVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-46576This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15370.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-27396A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a stack based buffer overflow, a different vulnerability than CVE-2021-27398. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13279)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-30523Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-23889Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-29049Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-24639The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2021-31718The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-42090An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-40662A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-44731A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H7.81.16.0HIGH2024-12-07T08:01ZLOCALHIGHLOWNONECHANGEDHIGHHIGHHIGH
CVE-2021-31001An access issue was addressed with improved access restrictions. This issue is fixed in iOS 15 and iPadOS 15. An attacker in a privileged network position may be able to leak sensitive user information.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-22027The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-46629This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15459.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-3466A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32614A flaw was found in dmg2img through 20170502. fill_mishblk() does not check the length of the read buffer, and copy 0xCC bytes from it. The length of the buffer is controlled by an attacker. By providing a length smaller than 0xCC, memcpy reaches out of the malloc'ed bound. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2021-25489Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-39297Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-07T08:01ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2021-25099The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site ScriptingCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-34391Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-33827The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-30133A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-44868A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.doCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-29515TensorFlow is an end-to-end open source platform for machine learning. The implementation of `MatrixDiag*` operations(4c4f420e68/tensorflow/core/kernels/linalg/matrix_diag_op.cc (L195-L197)) does not validate that the tensor arguments are non-empty. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-34280Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer Vulnerability in PolarisOffice.exe and EngineDLL.dll that may cause a Remote Code Execution. To exploit the vulnerability, someone must open a crafted PDF file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-33923Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-45697An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-29983Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-40010The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-36898Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-42643cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37718A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-28646An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2021-33886An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as the device.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-4396The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the save_rc_post_meta() function. This makes it possible for unauthenticated attackers to save post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2021-40085An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2021-29781IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 203091.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-23373All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38785There is a NULL pointer deference in the Allwinner R818 SoC Android Q SDK V1.0 camera driver /dev/cedar_dev that could use the ioctl cmd IOCTL_GET_IOMMU_ADDR to cause a system crash.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-21301Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-21134Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-44020An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-3957kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2021-1228A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. This vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a crafted LLDP packet on the adjacent subnet to an affected device. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-33083Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-21042Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-45038An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-41458In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-33478The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:01ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-35534Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-1943Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and NetworkingCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-45623Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R7800 before 1.0.2.74, R9000 before 1.0.5.2, and XR500 before 2.3.2.66.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-0421In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-22454A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-34873This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14696.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-3523A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-3875vim is vulnerable to Heap-based Buffer OverflowCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-40058There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-22216A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request descriptionCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-37936It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-21187Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2021-24259The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-24688The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2021-21980The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-44966SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22772A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and earlier), and Easergy T200 ((DNP3) SC2-04DNP-07000102 and earlier) that could cause unauthorized operation when authentication is bypassed.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-25495A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-31615Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link.CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H5.31.63.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-44352A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-0461In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175124074CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-21931A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-21831A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-35077Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon MobileCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-27558A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-28280CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTMLCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-24686The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-21085Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-42782Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2021-25492Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2021-34709Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-07T08:01ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20745Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-23365The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2021-27217An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running process, depending on the memory layout. This could be used by an attacker to cause a client-side denial of service. The yubihsm-shell project is included in the YubiHSM 2 SDK product.CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.70000000000000013.6MEDIUM2024-12-07T08:01ZNETWORKHIGHHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2021-21586Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-39516An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function HuffmanDecoder::Get() located in huffmandecoder.hpp. It allows an attacker to cause Denial of Service.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-26085Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-22943A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2021-41810Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitableCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-3539EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-45989Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-43940Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-32821MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-24994The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issueCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-24604The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowedCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-23048On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-33618Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-21070Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to the file system could leverage this vulnerability to escalate privileges.CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H6.50.60000000000000015.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-20557IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-28054An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-45949Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-34301A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-42556Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-20612Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port. Control by MELSEC-F series PLC is not affected by this vulnerability, but system reset is required for recovery.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-25129The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func function path traversal vulnerability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-1393Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-46079An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45641Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.6, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.56.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-25045The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issueCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20746Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-43207Windows Common Log File System Driver Elevation of Privilege VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32819Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. This issue is fixed in version 9.0.0. For complete details refer to the referenced GHSL-2021-023.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-27254This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-25672A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-28132LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-30045SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2021-41931The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were each submitted in the id parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-39989The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-26995E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-27509In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-4371The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not have the capabilities to do so.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2021-29939An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L7.33.93.4HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWLOWLOW
CVE-2021-39458Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-22420A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing..CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-24041A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38703Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be exploited in conjunction with CVE-2021-20090.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-21833An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38149index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-24722The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-0707In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernelCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32937An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-1212Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22219All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-26934An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-21922A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-24485The Special Text Boxes WordPress plugin before 5.9.110 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-33445An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-25163A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2021-27266This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12293.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2021-20511IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-39937A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstancesCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-21880A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-30899A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:01ZLOCALHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-22818A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-22538A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their own. This occurs due to insufficient checks on the allowed set of permissions. The new user creation event would be captured in the Event Log.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32039Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-29825IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-3907OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-41526A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-25409Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N2.40.91.4LOW2024-12-07T08:01ZPHYSICALLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2021-32775Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-26971A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L6.32.83.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2021-21816An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2021-40924Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-3012A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-27984In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-44564A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products).CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-23497This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-25297Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37358SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=".CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-0997In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191086488CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-20763Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-20786Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2021-45729The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L5.42.82.5MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONELOWLOW
CVE-2021-45549Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33796In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-41162Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. There are no known workarounds for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-1960Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and NetworkingCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-38193An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-3546An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H8.21.56.0HIGH2024-12-07T08:01ZLOCALLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2021-29849IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-0091Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-25504Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information.CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N4.02.51.4MEDIUM2024-12-07T08:01ZLOCALLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-24038Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-35027A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-34869This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13797.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-07T08:01ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2021-32498SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulatorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H8.61.86.0HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2021-24644The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issueCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-33966Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-21812A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a static sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-42534The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-20072Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-30955A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:01ZLOCALHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-22738Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38295In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H7.31.35.9HIGH2024-12-07T08:01ZLOCALLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-32424In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-3763A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-0536In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176756691CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-24201In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-42763Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the "@" user credentials of the node processing the UI request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-22907An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-47617In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault The Power Fault Detected bit in the Slot Status register differs from all other hotplug events in that it is sticky: It can only be cleared after turning off slot power. Per PCIe r5.0, sec. 6.7.1.8: If a power controller detects a main power fault on the hot-plug slot, it must automatically set its internal main power fault latch [...]. The main power fault latch is cleared when software turns off power to the hot-plug slot. The stickiness used to cause interrupt storms and infinite loops which were fixed in 2009 by commits 5651c48cfafe ("PCI pciehp: fix power fault interrupt storm problem") and 99f0169c17f3 ("PCI: pciehp: enable software notification on empty slots"). Unfortunately in 2020 the infinite loop issue was inadvertently reintroduced by commit 8edf5332c393 ("PCI: pciehp: Fix MSI interrupt race"): The hardirq handler pciehp_isr() clears the PFD bit until pciehp's power_fault_detected flag is set. That happens in the IRQ thread pciehp_ist(), which never learns of the event because the hardirq handler is stuck in an infinite loop. Fix by setting the power_fault_detected flag already in the hardirq handler.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-33800In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-30896A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to read user's gameplay data.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-39247Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, related to is_last_single_ascii in code1.c, and rs_encode_uint in reedsol.c.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-41766Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated deserialization attacks, the implementation used by Apache Karaf is not protected against this kind of attack. The impact of Java deserialization vulnerabilities strongly depends on the classes that are available within the targets class path. Generally speaking, deserialization of untrusted data does always represent a high security risk and should be prevented. The risk is low as, by default, Karaf uses a limited set of classes in the JMX server class path. It depends of system scoped classes (e.g. jar in the lib folder).CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33504Couchbase Server before 7.1.0 has Incorrect Access Control.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-44050CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-38300arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-42093An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-40263A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-20991In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-31847Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-46329Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via the component _fini.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-25228An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-3841sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-1196Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-43541When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-32800Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2021-36716A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-37656TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`. The [implementation](f24faa153a/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc (L30)) has an incomplete validation of the splits values: it does not check that they are in increasing order. We have patched the issue in GitHub commit 1071f554db. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-44417A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H7.73.14.0HIGH2024-12-07T08:01ZNETWORKLOWLOWNONECHANGEDNONENONEHIGH
CVE-2021-35463Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-24349This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-28203The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33506jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-39501EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-1203Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-35491A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolved in Wowza Streaming Engine release 4.8.14.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHHIGH
CVE-2021-20121The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device's web interface.CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N4.00.43.6MEDIUM2024-12-07T08:01ZPHYSICALHIGHLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-0978In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192587406CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-35479Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-29844IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-39554An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function Lexer::Lexer() located in Lexer.cc. It allows an attacker to cause Denial of Service.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-27251This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-3967Improper Access Control in GitHub repository zulip/zulip prior to 4.10.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45547Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32688Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can also be configured by the user to not have any filesystem access. Due to a lacking permission check, the tokens were able to change their own permissions in versions prior to 19.0.13, 20.0.11, and 21.0.3. Thus fileystem limited tokens were able to grant themselves access to the filesystem. The issue is patched in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds aside from upgrading.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-47597In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. Other users of inet_sk_diag_fill() might make the same mistake in the future, so fix this in inet_sk_diag_fill(). [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:156 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670 instrument_copy_to_user include/linux/instrumented.h:121 [inline] copyout lib/iov_iter.c:156 [inline] _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670 copy_to_iter include/linux/uio.h:155 [inline] simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 __skb_datagram_iter+0x2cb/0x1280 net/core/datagram.c:425 skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533 skb_copy_datagram_msg include/linux/skbuff.h:3657 [inline] netlink_recvmsg+0x660/0x1c60 net/netlink/af_netlink.c:1974 sock_recvmsg_nosec net/socket.c:944 [inline] sock_recvmsg net/socket.c:962 [inline] sock_read_iter+0x5a9/0x630 net/socket.c:1035 call_read_iter include/linux/fs.h:2156 [inline] new_sync_read fs/read_write.c:400 [inline] vfs_read+0x1631/0x1980 fs/read_write.c:481 ksys_read+0x28c/0x520 fs/read_write.c:619 __do_sys_read fs/read_write.c:629 [inline] __se_sys_read fs/read_write.c:627 [inline] __x64_sys_read+0xdb/0x120 fs/read_write.c:627 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: slab_post_alloc_hook mm/slab.h:524 [inline] slab_alloc_node mm/slub.c:3251 [inline] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1126 [inline] netlink_dump+0x3d5/0x16a0 net/netlink/af_netlink.c:2245 __netlink_dump_start+0xd1c/0xee0 net/netlink/af_netlink.c:2370 netlink_dump_start include/linux/netlink.h:254 [inline] inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1343 sock_diag_rcv_msg+0x24a/0x620 netlink_rcv_skb+0x447/0x800 net/netlink/af_netlink.c:2491 sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:276 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x1095/0x1360 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x16f3/0x1870 net/netlink/af_netlink.c:1916 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] sock_write_iter+0x594/0x690 net/socket.c:1057 do_iter_readv_writev+0xa7f/0xc70 do_iter_write+0x52c/0x1500 fs/read_write.c:851 vfs_writev fs/read_write.c:924 [inline] do_writev+0x63f/0xe30 fs/read_write.c:967 __do_sys_writev fs/read_write.c:1040 [inline] __se_sys_writev fs/read_write.c:1037 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Bytes 68-71 of 312 are uninitialized Memory access of size 312 starts at ffff88812ab54000 Data copied to user address 0000000020001440 CPU: 1 PID: 6365 Comm: syz-executor801 Not tainted 5.16.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-40874An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-21637A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-36778A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-1076NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-31903In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-25449An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-0566In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175894436CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-24949The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injectionCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-28694IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:01ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-28699inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-44047A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-29993Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHHIGH
CVE-2021-0406In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05471418.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22512Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-27733In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-25680The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patchedCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-23377This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32982Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-37463In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-4198A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H6.11.84.2MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONELOWHIGH
CVE-2021-4016Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-20368IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195357.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-40330git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-0630In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-40000The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37833A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-37039There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Bluetooth DoS.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-43537An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-24462The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboardCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20300A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-34319A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13404)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-0948The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-3970A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-36713Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-20478IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-25920In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N6.51.25.2MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHNONE
CVE-2021-46350There is an Assertion 'ecma_is_value_object (value)' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c in JerryScript 3.0.0.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-32575HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-29442Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-32963Null pointer dereference in SuiteLink server while processing commands 0x03/0x10CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-33523MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-21726Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L2.30.81.4LOW2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDNONENONELOW
CVE-2021-23162Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions prior to 15.04.040; version 14 and prior versions.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45665Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-30924A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1. A remote attacker can cause a device to unexpectedly restart.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-22898curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N3.11.61.4LOW2024-12-07T08:01ZNETWORKHIGHNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2021-25527Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-20515IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-42067In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-40409An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-1071NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-37538Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-3971A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20369IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-41497Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-43228SymCrypt Denial of Service VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-1821A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a maliciously crafted webpage may lead to a system denial of service.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-24463The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboardCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-30145A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-20379IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-25296Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-0668In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670521; Issue ID: ALPS05670521.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-44427An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20608Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-26996E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-22311There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include: ManageOne versions 8.0.0, 8.0.1.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-28565Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-39491A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-44683The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N8.22.84.7HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDHIGHLOWNONE
CVE-2021-35093Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCoreCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-34379Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead to memory corruption.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33555In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-21116Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-23702The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-30797This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-42073An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N8.23.94.2HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHLOWNONE
CVE-2021-42315Microsoft Defender for IoT Remote Code Execution VulnerabilityCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-43590Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N6.00.85.2MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHNONE
CVE-2021-29571TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation(31bd502630/tensorflow/core/kernels/image/draw_bounding_box_op.cc (L116-L130)) assumes that the last element of `boxes` input is 4, as required by [the op](https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in `boxes` is less than 4, accesses similar to `tboxes(b, bb, 3)` will access data outside of bounds. Further during code execution there are also writes to these indices. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-46433In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H10.03.96.0CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2021-30756A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-3646btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-31840A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the user gaining elevated permissions and being able to execute arbitrary code.CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H7.31.35.9HIGH2024-12-07T08:01ZLOCALLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-36326Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-44779Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20576IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-32024A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-46247The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-28153An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2021-44170A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32980Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-27188The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-26746Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-27598SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-38130A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-25390Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N4.02.51.4MEDIUM2024-12-07T08:01ZLOCALLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-36784A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-28042Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-23977Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N5.31.63.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-44383A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoUpgrade param is not object. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H7.73.14.0HIGH2024-12-07T08:01ZNETWORKLOWLOWNONECHANGEDNONENONEHIGH
CVE-2021-31425This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12790.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-07T08:01ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2021-41599A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-35251Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-24568The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-26317Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-28909BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SSH root access.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-29622Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-24805The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2021-27908In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-41938An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-4239The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. In a separate issue, the Decrypt function increments the nonce state even when it fails to decrypt a message. If an attacker can provide an invalid input to the Decrypt function, this will cause the nonce state to desynchronize between the peers, resulting in a failure to encrypt all subsequent messages.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-39020IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-39272Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-37131There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-30230The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-36389In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-41917webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-21371Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run arbitrary commands through the yaml.load() method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. This is fixed in version 1.1.21 by using yaml.safe_load() instead of yaml.load().CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H8.61.86.0HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2021-32791mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-44942glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2021-3442A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-27150An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-32943The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45018Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this editor (the file suffix is allowed).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-0478In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-169255797CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33847Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-30064On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22789A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-45327Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-46619This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15413.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-26036An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-26084In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-21339TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-29107A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-43663totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:01ZADJACENT_NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22878Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-39652In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194499021References: N/ACVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-43408The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38343The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-33879Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38493Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-20851Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-41212TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2021-20635Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-28701Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H7.81.16.0HIGH2024-12-07T08:01ZLOCALHIGHLOWNONECHANGEDHIGHHIGHHIGH
CVE-2021-39998There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-22440There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. Affected product versions include:HUAWEI Mate 20 9.0.0.195(C01E195R2P1), 9.1.0.139(C00E133R3P1);HUAWEI Mate 20 Pro 9.0.0.187(C432E10R1P16), 9.0.0.188(C185E10R2P1), 9.0.0.245(C10E10R2P1), 9.0.0.266(C432E10R1P16), 9.0.0.267(C636E10R2P1), 9.0.0.268(C635E12R1P16), 9.0.0.278(C185E10R2P1); Hima-L29C 9.0.0.105(C10E9R1P16), 9.0.0.105(C185E9R1P16), 9.0.0.105(C636E9R1P16); Laya-AL00EP 9.1.0.139(C786E133R3P1); OxfordS-AN00A 10.1.0.223(C00E210R5P1); Tony-AL00B 9.1.0.257(C00E222R2P1).CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N4.60.93.6MEDIUM2024-12-07T08:01ZPHYSICALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-45901The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-31429This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13187.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H8.21.56.0HIGH2024-12-07T08:01ZLOCALLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2021-44394Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-40897A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-23387The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::createTrailing(), as the web server uses relative URLs instead of absolute URLs.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-30111A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-0063Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-39653In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193443223References: N/ACVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-36748A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-33721A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37859Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-24327The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloadsCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-0228An improper check for unusual or exceptional conditions vulnerability in Juniper Networks MX Series platforms with Trio-based MPC (Modular Port Concentrator) deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, may allow an attacker sending specific Layer 2 traffic to cause Distributed Denial of Service (DDoS) protection to trigger unexpectedly, resulting in traffic impact. Continued receipt and processing of this specific Layer 2 frames will sustain the Denial of Service (DoS) condition. An indication of compromise is to check DDOS LACP violations: user@device> show ddos-protection protocols statistics brief | match lacp This issue only affects the MX Series platforms with Trio-based MPC. No other products or platforms are affected. This issue affects: Juniper Networks Junos OS on MX Series: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S8; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2;CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-37657TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](84d053187c/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit f2a673bd34. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37497SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-25436Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45955Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." However, a contributor states that a security patch (mentioned in 016162.html) is neededCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38984IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-22217A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge requestCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-3603PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-46622This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15416.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-44407A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H7.73.14.0HIGH2024-12-07T08:01ZNETWORKLOWLOWNONECHANGEDNONENONEHIGH
CVE-2021-41231OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-27903An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33570Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-45406In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-25346A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-29536TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedReshape` by passing in invalid thresholds for the quantization. This is because the implementation(a324ac84e5/tensorflow/core/kernels/quantized_reshape_op.cc (L38-L55)) assumes that the 2 arguments are always valid scalars and tries to access the numeric value directly. However, if any of these tensors is empty, then `.flat<T>()` is an empty buffer and accessing the element at position 0 results in overflow. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-40506An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated for the msb and mac instructions, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-27002NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-30070An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-37197A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-24971The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform Cross-Site Scripting attacks against all visitor and users on the frontendCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-0337In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45408Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-34890This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14843.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2021-46314A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-43297A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some imformation for users, which may cause remote command execution. This issue affects Apache Dubbo Apache Dubbo 2.6.x versions prior to 2.6.12; Apache Dubbo 2.7.x versions prior to 2.7.15; Apache Dubbo 3.0.x versions prior to 3.0.5.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-1412Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-47025In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Always enable the clk on resume In mtk_iommu_runtime_resume always enable the clk, even if m4u_dom is null. Otherwise the 'suspend' cb might disable the clk which is already disabled causing the warning: [ 1.586104] infra_m4u already disabled [ 1.586133] WARNING: CPU: 0 PID: 121 at drivers/clk/clk.c:952 clk_core_disable+0xb0/0xb8 [ 1.594391] mtk-iommu 10205000.iommu: bound 18001000.larb (ops mtk_smi_larb_component_ops) [ 1.598108] Modules linked in: [ 1.598114] CPU: 0 PID: 121 Comm: kworker/0:2 Not tainted 5.12.0-rc5 #69 [ 1.609246] mtk-iommu 10205000.iommu: bound 14027000.larb (ops mtk_smi_larb_component_ops) [ 1.617487] Hardware name: Google Elm (DT) [ 1.617491] Workqueue: pm pm_runtime_work [ 1.620545] mtk-iommu 10205000.iommu: bound 19001000.larb (ops mtk_smi_larb_component_ops) [ 1.627229] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--) [ 1.659297] pc : clk_core_disable+0xb0/0xb8 [ 1.663475] lr : clk_core_disable+0xb0/0xb8 [ 1.667652] sp : ffff800011b9bbe0 [ 1.670959] x29: ffff800011b9bbe0 x28: 0000000000000000 [ 1.676267] x27: ffff800011448000 x26: ffff8000100cfd98 [ 1.681574] x25: ffff800011b9bd48 x24: 0000000000000000 [ 1.686882] x23: 0000000000000000 x22: ffff8000106fad90 [ 1.692189] x21: 000000000000000a x20: ffff0000c0048500 [ 1.697496] x19: ffff0000c0048500 x18: ffffffffffffffff [ 1.702804] x17: 0000000000000000 x16: 0000000000000000 [ 1.708112] x15: ffff800011460300 x14: fffffffffffe0000 [ 1.713420] x13: ffff8000114602d8 x12: 0720072007200720 [ 1.718727] x11: 0720072007200720 x10: 0720072007200720 [ 1.724035] x9 : ffff800011b9bbe0 x8 : ffff800011b9bbe0 [ 1.729342] x7 : 0000000000000009 x6 : ffff8000114b8328 [ 1.734649] x5 : 0000000000000000 x4 : 0000000000000000 [ 1.739956] x3 : 00000000ffffffff x2 : ffff800011460298 [ 1.745263] x1 : 1af1d7de276f4500 x0 : 0000000000000000 [ 1.750572] Call trace: [ 1.753010] clk_core_disable+0xb0/0xb8 [ 1.756840] clk_core_disable_lock+0x24/0x40 [ 1.761105] clk_disable+0x20/0x30 [ 1.764501] mtk_iommu_runtime_suspend+0x88/0xa8 [ 1.769114] pm_generic_runtime_suspend+0x2c/0x48 [ 1.773815] __rpm_callback+0xe0/0x178 [ 1.777559] rpm_callback+0x24/0x88 [ 1.781041] rpm_suspend+0xdc/0x470 [ 1.784523] rpm_idle+0x12c/0x170 [ 1.787831] pm_runtime_work+0xa8/0xc0 [ 1.791573] process_one_work+0x1e8/0x360 [ 1.795580] worker_thread+0x44/0x478 [ 1.799237] kthread+0x150/0x158 [ 1.802460] ret_from_fork+0x10/0x30 [ 1.806034] ---[ end trace 82402920ef64573b ]--- [ 1.810728] ------------[ cut here ]------------ In addition, we now don't need to enable the clock from the function mtk_iommu_hw_init since it is already enabled by the resume.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37191A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-25516An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-31635Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-28236LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-0363In mobile_log_d, there is a possible command injection due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05458478.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-29623Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2021-30483isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-32961A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-34329A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-23856The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-34615A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L6.32.83.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2021-34739A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22375There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20523IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N2.71.21.4LOW2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDLOWNONENONE
CVE-2021-39348The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-32005Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-1530A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a partial DoS condition on an affected system. There are workarounds that address this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L7.12.84.2HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONELOW
CVE-2021-30120Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user authenticates with username and password, the server sends a response to the client with the booleans MFARequired and MFAEnroled. If the attacker has obtained a password of a user and used an intercepting proxy (e.g. Burp Suite) to change the value of MFARequered from True to False, there is no prompt for the second factor, but the user is still logged in.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-28164In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-27451Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20657Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2021-40125A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a resource. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. A successful exploit could allow the attacker to trigger a reload of the device.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-4227The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment sectionCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2021-41017Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-41034The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-24147Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting payload in them, which will be triggered in the frontend when viewing the event.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-30311Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon MobileCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37080There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-1333Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-25487Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-41265Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. This only affects non database authentication types and new REST API endpoints. Users should upgrade to Flask-AppBuilder 3.3.4 to receive a patch.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-26118While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-42852A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-07T08:01ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37028There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-35580Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data as well as unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-21658Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2021-23401This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-24988The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-39742In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-41200TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-3509A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-25157A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-37666TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToVariant`. The [implementation](460e000de3/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc (L129)) has an incomplete validation of the splits values, missing the case when the argument would be empty. We have patched the issue in GitHub commit be7a4de6ad. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-4069vim is vulnerable to Use After FreeCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-34549An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-26565Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-32620XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for his registration. The problem has been patched in the following versions of XWiki: 11.10.13, 12.6.7, 12.10.2, 13.0. It is possible to workaround the issue by resetting the `validkey` property of the disabled XWiki users. This can be done by editing the user profile with object editor.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-30313Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and NetworkingCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-07T08:01ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-42892In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2021-39085IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 215888.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-34215Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-43114FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-1469Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-24660The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-24562The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and gradesCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-39777In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-35201NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-36055XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-24427The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issueCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-3374Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-3350deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-39021IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2021-22390There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-36846Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-23029On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-43681SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name'].CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-32162A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-23993An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-22533Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2021-3847An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-0179Improper Use of Validation Framework in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-45656Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-41687DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-38571An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-44033In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:01ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-34075In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-20683Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-44140Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2021-38348The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-27468The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-41644Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-1980Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and NetworkingCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2021-34932This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14910.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-31777The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-29846IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N2.71.21.4LOW2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDLOWNONENONE
CVE-2021-41028A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:01ZADJACENT_NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-46640This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15512.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-33692SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-41079Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-44900Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-35312A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-39632In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-202159709CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-35242Serv-U server responds with valid CSRFToken when the request contains only Session.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-23177An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-29740IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-4206A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H8.21.56.0HIGH2024-12-07T08:01ZLOCALLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2021-46085OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2021-31010A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-3795semver-regex is vulnerable to Inefficient Regular Expression ComplexityCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-34649The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-37750The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-1567A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for DLL files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALHIGHLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-25507Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.72.13.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-32474An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-44847A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33667Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-4124janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-38934IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-36489Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-39058IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-1791An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2021-4281A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-4175livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-41790An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20181A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H7.50.86.0HIGH2024-12-07T08:01ZLOCALHIGHHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2021-45345Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-0389In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168039904CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45667Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-25224A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-45386tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.cCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-33981An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-38345The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2021-24467The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the JavaScript library being used, or using malicious attributions which will be executed in all page with an embed map from the pluginCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-34815CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-40026There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2021-34085Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and CVE-2018-10778.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-38408A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-29578TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalAvgPoolGrad` is vulnerable to a heap buffer overflow. The implementation(dcba796a28/tensorflow/core/kernels/fractional_avg_pool_op.cc (L216)) fails to validate that the pooling sequence arguments have enough elements as required by the `out_backprop` tensor shape. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-26342In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-39306A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37962Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-32615Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45517NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-23263Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-4374The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to arbitrarily update the settings of a vulnerable site and ultimately compromise the entire site.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20633Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-31579Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-45739TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-25059The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-29931An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop().CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-25378Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2021-33733A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-46270JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N2.71.21.4LOW2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDLOWNONENONE
CVE-2021-27022A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-4208The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege usersCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:01ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-34315A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13356)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-35234Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-29892IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-42529XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-27098In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2021-45769A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-0542In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712890CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-46933In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmounts f_fs. If userland provided an eventfd along with function's USB descriptors, it ends up calling eventfd_ctx_put as many times, causing a refcount underflow. NULL-ify ffs_eventfd to prevent these extraneous eventfd_ctx_put calls. Also, set epfiles to NULL right after de-allocating it, for readability. For completeness, ffs_data_clear actually ends up being called thrice, the last call being before the whole ffs structure gets freed, so when this specific sequence happens there is a second underflow happening (but not being reported): /sys/kernel/debug/tracing# modprobe usb_f_fs /sys/kernel/debug/tracing# echo ffs_data_clear > set_ftrace_filter /sys/kernel/debug/tracing# echo function > current_tracer /sys/kernel/debug/tracing# echo 1 > tracing_on (setup gadget, run and kill function userland process, teardown gadget) /sys/kernel/debug/tracing# echo 0 > tracing_on /sys/kernel/debug/tracing# cat trace smartcard-openp-436 [000] ..... 1946.208786: ffs_data_clear <-ffs_data_closed smartcard-openp-431 [000] ..... 1946.279147: ffs_data_clear <-ffs_data_closed smartcard-openp-431 [000] .n... 1946.905512: ffs_data_clear <-ffs_data_put Warning output corresponding to above trace: [ 1946.284139] WARNING: CPU: 0 PID: 431 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15c [ 1946.293094] refcount_t: underflow; use-after-free. [ 1946.298164] Modules linked in: usb_f_ncm(E) u_ether(E) usb_f_fs(E) hci_uart(E) btqca(E) btrtl(E) btbcm(E) btintel(E) bluetooth(E) nls_ascii(E) nls_cp437(E) vfat(E) fat(E) bcm2835_v4l2(CE) bcm2835_mmal_vchiq(CE) videobuf2_vmalloc(E) videobuf2_memops(E) sha512_generic(E) videobuf2_v4l2(E) sha512_arm(E) videobuf2_common(E) videodev(E) cpufreq_dt(E) snd_bcm2835(CE) brcmfmac(E) mc(E) vc4(E) ctr(E) brcmutil(E) snd_soc_core(E) snd_pcm_dmaengine(E) drbg(E) snd_pcm(E) snd_timer(E) snd(E) soundcore(E) drm_kms_helper(E) cec(E) ansi_cprng(E) rc_core(E) syscopyarea(E) raspberrypi_cpufreq(E) sysfillrect(E) sysimgblt(E) cfg80211(E) max17040_battery(OE) raspberrypi_hwmon(E) fb_sys_fops(E) regmap_i2c(E) ecdh_generic(E) rfkill(E) ecc(E) bcm2835_rng(E) rng_core(E) vchiq(CE) leds_gpio(E) libcomposite(E) fuse(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) sdhci_iproc(E) sdhci_pltfm(E) sdhci(E) [ 1946.399633] CPU: 0 PID: 431 Comm: smartcard-openp Tainted: G C OE 5.15.0-1-rpi #1 Debian 5.15.3-1 [ 1946.417950] Hardware name: BCM2835 [ 1946.425442] Backtrace: [ 1946.432048] [<c08d60a0>] (dump_backtrace) from [<c08d62ec>] (show_stack+0x20/0x24) [ 1946.448226] r7:00000009 r6:0000001c r5:c04a948c r4:c0a64e2c [ 1946.458412] [<c08d62cc>] (show_stack) from [<c08d9ae0>] (dump_stack+0x28/0x30) [ 1946.470380] [<c08d9ab8>] (dump_stack) from [<c0123500>] (__warn+0xe8/0x154) [ 1946.482067] r5:c04a948c r4:c0a71dc8 [ 1946.490184] [<c0123418>] (__warn) from [<c08d6948>] (warn_slowpath_fmt+0xa0/0xe4) [ 1946.506758] r7:00000009 r6:0000001c r5:c0a71dc8 r4:c0a71e04 [ 1946.517070] [<c08d68ac>] (warn_slowpath_fmt) from [<c04a948c>] (refcount_warn_saturate+0x110/0x15c) [ 1946.535309] r8:c0100224 r7:c0dfcb84 r6:ffffffff r5:c3b84c00 r4:c24a17c0 [ 1946.546708] [<c04a937c>] (refcount_warn_saturate) from [<c0380134>] (eventfd_ctx_put+0x48/0x74) [ 1946.564476] [<c03800ec>] (eventfd_ctx_put) from [<bf5464e8>] (ffs_data_clear+0xd0/0x118 [usb_f_fs]) [ 1946.582664] r5:c3b84c00 r4:c2695b00 [ 1946.590668] [<bf546418>] (ffs_data_clear [usb_f_fs]) from [<bf547cc0>] (ffs_data_closed+0x9c/0x150 [usb_f_fs]) [ 1946.609608] r5:bf54d014 r4:c2695b00 [ 1946.617522] [<bf547c24>] (ffs_data_closed [usb_f_fs]) from [<bf547da0>] (ffs_fs_kill_sb+0x2c/0x30 [usb_f_fs]) [ 1946.636217] r7:c0dfcb ---truncated---CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2021-0170Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-32727Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client checking if a private key belonged to a previously downloaded public certificate. If the Nextcloud instance served a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. The vulnerability is patched in version 3.16.1. As a workaround, do not add additional end-to-end encrypted devices to a user account.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-44116Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-29482xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-0640In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-187957589CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-23906An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:01ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22056VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-37931Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33723A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2021-23846When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-30514Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-4296A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-34403NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality and integrity, or denial of service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-37053There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-0614In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05495528; Issue ID: ALPS05495528.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-46851The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-4106A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-24366The Admin Columns WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-43741CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-42009An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2021-27620SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H5.92.23.6MEDIUM2024-12-07T08:01ZNETWORKHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-3256KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2021-25829An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-36866Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-33463An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:01ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2021-24379The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client sideCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2021-32992FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-22703A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-39749In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205996115CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-26707The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-20672Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-20423IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-33631Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:01ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-41084http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values (`Header.value`), Status reason phrases (`Status.reason`), URI paths (`Uri.Path`), URI authority registered names (`URI.RegName`) (through 0.21). This issue has been resolved in versions 0.21.30, 0.22.5, 0.23.4, and 1.0.0-M27 perform the following. As a matter of practice http4s services and client applications should sanitize any user input in the aforementioned fields before returning a request or response to the backend. The carriage return, newline, and null characters are the most threatening.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N4.72.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDNONELOWNONE
CVE-2021-21675A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2021-24362The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly (ie in the /wp-content/uploads/photo-gallery/ folder), leading to a Cross-Site Scripting (XSS) issueCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2021-22258The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addressesCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:01ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2021-0345In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05432974.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-36388In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-44357Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-30149Composr 10.0.36 allows upload and execution of PHP files.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-26543The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-41153The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a **high** severity security advisory if you use `evm` crate for Ethereum mainnet. In this case, you should update your library dependency immediately to on or after `0.31.0`. This is a **low** severity security advisory if you use `evm` crate in Frontier or in a standalone blockchain, because there's no security exploit possible with this advisory. It is **not** recommended to update to on or after `0.31.0` until all the normal chain upgrade preparations have been done. If you use Frontier or other `pallet-evm` based Substrate blockchain, please ensure to update your `spec_version` before updating this. For other blockchains, please make sure to follow a hard-fork process before you update this.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-39711In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernelCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-07T08:01ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2021-25919In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:01ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2021-2452Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-30481Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.02.36.0CRITICAL2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2021-29002A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:01ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2021-36763In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2021-3325Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:01ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-30626Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:01ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2021-39735In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/ACVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-07T08:01ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2021-36134Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading to a Denial of Service (DoS).CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:01ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2021-32853Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:01ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2022-32478An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-28462novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-2101The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts on the file's page that will execute whenever an administrator accesses the editor area for the injected file page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-20206In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220737634CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-3998A vulnerability, which was classified as critical, was found in MonikaBrzica scm. This affects an unknown part of the file uredi_korisnika.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213699.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-48491Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-33891The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-34907An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0497A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2022-1522The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-42124ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-2314The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-1163Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-0476Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-36674Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-4835The Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-45766Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2022-45060An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2022-4904A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H8.63.94.7HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWLOWHIGH
CVE-2022-20182In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222348453References: N/ACVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2022-21934Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-25711Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WearablesCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3474A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-2560This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2022-44808A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30605A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-4962A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-21757In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-35252When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L3.72.21.4LOW2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONENONELOW
CVE-2022-46153Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-39820In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-34609H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /doping.asp.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-4446PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31074KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-30370Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-26128A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-25243"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2022-2208NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-0729Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-41963BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a meeting participant. This issue is patched in version 2.4.3 an version 2.5-alpha-1CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N3.11.61.4LOW2024-12-07T08:00ZNETWORKHIGHLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-31259The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30561When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-38881The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-23122This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-41290IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690.CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.42.55.9HIGH2024-12-07T08:00ZLOCALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-28312This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16342.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-25922Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2022-4881A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. The patch is identified as 8fc9e12dfa. It is recommended to apply a patch to fix this issue. VDB-217646 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-48942In the Linux kernel, the following vulnerability has been resolved: hwmon: Handle failure to register sensor with thermal zone correctly If an attempt is made to a sensor with a thermal zone and it fails, the call to devm_thermal_zone_of_sensor_register() may return -ENODEV. This may result in crashes similar to the following. Unable to handle kernel NULL pointer dereference at virtual address 00000000000003cd ... Internal error: Oops: 96000021 [#1] PREEMPT SMP ... pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mutex_lock+0x18/0x60 lr : thermal_zone_device_update+0x40/0x2e0 sp : ffff800014c4fc60 x29: ffff800014c4fc60 x28: ffff365ee3f6e000 x27: ffffdde218426790 x26: ffff365ee3f6e000 x25: 0000000000000000 x24: ffff365ee3f6e000 x23: ffffdde218426870 x22: ffff365ee3f6e000 x21: 00000000000003cd x20: ffff365ee8bf3308 x19: ffffffffffffffed x18: 0000000000000000 x17: ffffdde21842689c x16: ffffdde1cb7a0b7c x15: 0000000000000040 x14: ffffdde21a4889a0 x13: 0000000000000228 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000001120000 x7 : 0000000000000001 x6 : 0000000000000000 x5 : 0068000878e20f07 x4 : 0000000000000000 x3 : 00000000000003cd x2 : ffff365ee3f6e000 x1 : 0000000000000000 x0 : 00000000000003cd Call trace: mutex_lock+0x18/0x60 hwmon_notify_event+0xfc/0x110 0xffffdde1cb7a0a90 0xffffdde1cb7a0b7c irq_thread_fn+0x2c/0xa0 irq_thread+0x134/0x240 kthread+0x178/0x190 ret_from_fork+0x10/0x20 Code: d503201f d503201f d2800001 aa0103e4 (c8e47c02) Jon Hunter reports that the exact call sequence is: hwmon_notify_event() --> hwmon_thermal_notify() --> thermal_zone_device_update() --> update_temperature() --> mutex_lock() The hwmon core needs to handle all errors returned from calls to devm_thermal_zone_of_sensor_register(). If the call fails with -ENODEV, report that the sensor was not attached to a thermal zone but continue to register the hwmon device.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-26065Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-48854In the Linux kernel, the following vulnerability has been resolved: net: arc_emac: Fix use after free in arc_mdio_probe() If bus->state is equal to MDIOBUS_ALLOCATED, mdiobus_free(bus) will free the "bus". But bus->name is still used in the next line, which will lead to a use after free. We can fix it by putting the name in a local variable and make the bus->name point to the rodata section "name",then use the name in the error message without referring to bus to avoid the uaf.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0521Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2022-1953The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation firstCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2022-36533Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-41664A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-36791Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-3112An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-35092SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-30621Allows a remote user to read files on the camera's OS "GetFileContent.cgi". Reading arbitrary files on the camera's OS as root user.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-27494Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-24319A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-20233In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/ACVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-41015Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off)' command template.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-37139Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-24197iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-38256TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-47967A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-47606Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Stephenson WP-CORS plugin <= 0.2.1 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-37331An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-47341In engineermode services, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36994An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-36079Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields (keys used internally by Parse Server, prefixed by `_`) and protected fields (user defined) can be used as query constraints. Internal and protected fields are removed by Parse Server and are only returned to the client using a valid master key. However, using query constraints, these fields can be guessed by enumerating until Parse Server, prior to versions 4.10.14 or 5.2.5, returns a response object. The patch available in versions 4.10.14 and 5.2.5 requires the maser key to use internal and protected fields as query constraints. As a workaround, implement a Parse Cloud Trigger `beforeFind` and manually remove the query constraints.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-32028Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-22662A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-28025Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-44650A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3560A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-42301An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-38334XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-0990Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2022-22502IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-36559Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-28508An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-4927A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The patch is named abe9f57123. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-31776IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-45278Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-25355EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-38153An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H5.92.23.6MEDIUM2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-24317A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-21688OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing. Roughly 20 bytes lead to 2GB memory consumption and this can be triggered multiple times. To be abused, this vulnerability requires rendering in the history tab, so some user interaction is required. An adversary with knowledge of the Onion service address in public mode or with authentication in private mode can perform a Denial of Service attack, which quickly results in out-of-memory for the server. This requires the desktop application with rendered history, therefore the impact is only elevated. This issue has been patched in version 2.5.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-39256Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-07T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-30350Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-42969The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-40643This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17407.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-2458XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N8.23.94.2HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHLOWNONE
CVE-2022-38803Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDFCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N6.82.34.0MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDHIGHNONENONE
CVE-2022-1232Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-32739When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-3076The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-39198A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31395Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-45483Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-20917A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-41878Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the `requestKeywordDenylist` option. This issue is fixed in versions 4.10.19, and 5.3.2. If upgrade is not possible, the following Workarounds may be applied: Configure your firewall to only allow trusted servers to make request to the Parse Server Cloud Code Webhooks API, or block the API completely if you are not using the feature.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-37122Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-29840Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2022-24783Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H10.03.96.0CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2022-3255If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-34967The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database Server v11.43.13.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-35936Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2022-23425Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-44317PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-46848Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-2978A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-37598Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-48438In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2022-37134D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-22105Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & MusicCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2338Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.31.63.6MEDIUM2024-12-07T08:00ZADJACENT_NETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-29418Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color].CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-0318Heap-based Buffer Overflow in vim/vim prior to 8.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20661Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H4.60.93.6MEDIUM2024-12-07T08:00ZPHYSICALLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-27275InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packet.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-43770 Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2022-31760Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2022-34854Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-1499Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L6.32.83.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWLOW
CVE-2022-23141ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-34802Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-36682Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-42832A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-07T08:00ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-46648ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-07T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-35050OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-48446In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-2142The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-29709CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vulnerabilities via the username and password parameters.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-43422Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-27474SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36865Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-22301An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-45599Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-23464Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-36046Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests.CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H5.31.63.6MEDIUM2024-12-07T08:00ZNETWORKHIGHLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-0019An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-31405MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-46696A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-25439Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29983Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31383Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-22634A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-23630Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled.CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:00ZNETWORKHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3291Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cacheCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-31470An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-41593The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L3.40.82.5LOW2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONELOWLOW
CVE-2022-21680Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-43692Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-23672A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3837The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-43425Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-46344A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2913The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-31706The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-40662This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15351.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-0698Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-2751A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206024.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-21210An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2254A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-38072An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-4597A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1. Affected is an unknown function of the file /admin/api/admin/v2_products of the component Create Product Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216192.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-46712A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-44877login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29034A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-36700Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/manage_item.php.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-38220An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-20107In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2022-22615A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-25850The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-3449Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-36725Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /student/dele.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-21806A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-45669Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-40885Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-43702When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31571The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L9.33.94.7CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONECHANGEDHIGHNONELOW
CVE-2022-0430Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-24253Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31793do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-43333Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-45401Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-47144Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-25756A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-1741The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-07T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-34783Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-0217It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-24974Links may not be rewritten according to policy in some specially formatted emails.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-34393 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H7.50.86.0HIGH2024-12-07T08:00ZLOCALHIGHHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2022-38439Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-27041Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-32372itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject.php?id=.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29990Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0566It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-38137Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-34233Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-22514An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H7.12.84.2HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWHIGH
CVE-2022-41589The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-31232SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29397TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0083livehelperchat is vulnerable to Generation of Error Message Containing Sensitive InformationCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-28628A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.42.55.9HIGH2024-12-07T08:00ZLOCALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0296Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-25318An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-22316IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-34445 Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2022-3969A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73a. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-28692Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-34951Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-27158pearweb < 1.32 suffers from Deserialization of Untrusted Data.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-4876A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.96.rc2 is able to address this issue. The patch is named 13b8812ebc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217427.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-22828An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-39836An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-34760A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-3175Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-38663Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-28774Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-27167Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H7.11.85.2HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2022-21133Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-27932Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-23686Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L4.32.81.4MEDIUM2024-12-07T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2022-23387An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-44784An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed services, there is the Axis AdminService, which, through the default configuration, should normally be accessible only by the localhost. Nevertheless, by trying to access the mentioned service, both in LFS and DL229, the service can actually be reached even by remote users, allowing creation of arbitrary services on the server side. When an attacker can reach the AdminService, they can use it to instantiate arbitrary services on the server. The exploit procedure is well known and described in Generic AXIS-SSRF exploitation. Basically, the attack consists of writing a JSP page inside the root directory of the web application, through the org.apache.axis.handlers.LogHandler class.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-34442 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-27286D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-32473An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0350Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-41891TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-41806In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-27161Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsersCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-43482Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-22462 IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-20113In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-205996517CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0653The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-41026Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off) options WORD' command template.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0853A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-22567Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L5.10.84.2MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONEHIGHLOW
CVE-2022-4465The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-25357Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-2818Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-47757In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20540In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-24316A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-36862A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-23025On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-31291An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-41939knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N7.42.84.0HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHNONENONE
CVE-2022-42290NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-33243Memory corruption due to improper access control in Qualcomm IPC.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0290Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2022-45529AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2022-4701The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'contact-form-7', 'media-library-assistant', or 'woocommerce' plugins if they are installed on the site.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-40026SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-41733 IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. IBM X-Force ID: 237583. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2022-39153A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18187)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-22185A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. Continued receipt and processing of this specific packet will create a sustained DoS condition. This issue only affects SRX Series when 'preserve-incoming-fragment-size' feature is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS prior to 17.3R1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-0997Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29888A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2022-27794Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by the use of a variable that has not been initialized when processing of embedded fonts, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf fileCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-42718Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-28378Craft CMS before 3.7.29 allows XSS.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-32821A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-36797Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-32642In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-07T08:00ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-25417Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31384Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-39395Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to Server 0.16.0, Worker 0.16.0, and UI 0.17.0 to fix the issue. After upgrading, Vela administrators will need to explicitly change the default settings to configure Vela as desired. Some of the fixes will interrupt existing workflows and will require Vela administrators to modify default settings. However, not applying the patch (or workarounds) will continue existing risk exposure. Some workarounds are available. Vela administrators can adjust the worker's `VELA_RUNTIME_PRIVILEGED_IMAGES` setting to be explicitly empty, leverage the `VELA_REPO_ALLOWLIST` setting on the server component to restrict access to a list of repositories that are allowed to be enabled, and/or audit enabled repositories and disable pull_requests if they are not needed.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H9.93.16.0CRITICAL2024-12-07T08:00ZNETWORKLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2022-20489In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36075Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issueCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-26764A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N4.71.03.6MEDIUM2024-12-07T08:00ZLOCALHIGHNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2022-4761The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-43046Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-24075Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-43017OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-4658The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-32476An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-48585A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36835Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-35513The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-20747A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-38545Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2022-42492Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_AD command.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2244An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-25223Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-23236E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2022-38625Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position is that this is a design choice, not a vulnerabilityCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29683CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2147Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-43516A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2795By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2022-1767Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-22544Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.12.36.0CRITICAL2024-12-07T08:00ZNETWORKLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2022-22209A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and PFEs getting out of sync. The memory leak causes RTNEXTHOP/route and next-hop memory pressure issue and the KRT queue will eventually get stuck with the error- 'ENOMEM -- Cannot allocate memory'. The out-of-sync state between RIB and FIB can be seen with the "show route" and "show route forwarding-table" command. This issue will lead to failures for adding new routes. The KRT queue status can be checked using the CLI command "show krt queue": user@host > show krt state High-priority add queue: 1 queued ADD nhtype Router index 0 (31212) error 'ENOMEM -- Cannot allocate memory' kqp '0x8ad5e40' The following messages will be observed in /var/log/messages, which indicate high memory for routes/nexthops: host rpd[16279]: RPD_RT_HWM_NOTICE: New RIB highwatermark for routes: 266 [2022-03-04 05:06:07] host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host kernel: rts_veto_net_delayed_unref_limit: Route/nexthop memory is severe pressure. User Application to perform recovery actions. O p 8 err 12, rtsm_id 0:-1, msg type 10, veto simulation: 0. host kernel: rts_veto_net_delayed_unref_limit: Memory usage of M_RTNEXTHOP type = (806321208) Max size possible for M_RTNEXTHOP type = (689432176) Current delayed unref = (0), Max delayed unref on this platform = (120000) Current delayed weight unref = (0) Max delayed weight unref on this platform = (400000) curproc = rpd. This issue affects: Juniper Networks Junos OS 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2-S1, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 21.2R1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-26746This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-36058Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks (historical or actual) could encounter a `MultiESDTNFTTransfer` transaction like this: `MultiESDTNFTTransfer` with a missing function name. Basic functionality like p2p messaging, storage, API requests and such are unaffected. Version 1.3.34 contains a fix for this issue. There are no known workarounds.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2022-4048Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N7.72.55.2HIGH2024-12-07T08:00ZLOCALLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2022-22810A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-24298All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-20515In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-1749The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-37879Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-32475An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected chipset and OEM chipset code.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29146Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H8.31.66.0HIGH2024-12-07T08:00ZNETWORKHIGHNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2022-39067There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-24585A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-21760In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479562; Issue ID: ALPS06479562.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2022-46126Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-4661The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-2321Improper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. This results in login brute-force attacks.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-42324Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-0249A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2022-3059 The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-20145In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36553Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-37343Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2485Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-29061An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2870A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30809elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0912Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-20366In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-225877745References: N/ACVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-46317The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-20260In the Phone app, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220865698CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-34012Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2022-42720Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-41955Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionality, whereby an instructor with access to the feature might be able to execute code on the server hosting Autolab. This vulnerability has been patched in version 2.10.0. As a workaround, disable the MOSS feature if it is unneeded by replacing the body of `run_moss` in `app/controllers/courses_controller.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-28434Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-23503TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-37326Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29489Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-4698The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-38841Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-25406Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-26450In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177801; Issue ID: ALPS07177801.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-07T08:00ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-34392 SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-4252A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214629 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-32485Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3187Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-27292D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-36903A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-20737A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device. This vulnerability is due to insufficient bounds checking when parsing specific HTTP authentication messages. An attacker could exploit this vulnerability by sending malicious traffic to an affected device acting as a VPN Gateway. To send this malicious traffic, an attacker would need to control a web server that can be accessed through the Clientless SSL VPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition, or to retrieve bytes from the device process memory that may contain sensitive information.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H7.12.84.2HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONEHIGH
CVE-2022-34635The mstatus.sd field in CVA6 commit d315ddd0f1 does not update when the mstatus.fs field is set to Dirty.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-35931Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N2.71.21.4LOW2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONELOWNONE
CVE-2022-20924A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-36840DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-1660The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3285Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLabCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-40008SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at /lib/ttf.c.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-23603iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-28109Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-37086H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-22367IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-44737Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-33889A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-41336An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-1560The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious linkCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-4745The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N7.12.84.2HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHLOWNONE
CVE-2022-37243MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-36892Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-23103A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-26500Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29914When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2022-4775The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-32743Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2022-23004When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2022-24334In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-31675VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2022-42150TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H10.03.96.0CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONECHANGEDHIGHHIGHHIGH
CVE-2022-4297The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injectionCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20049In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-38753This update resolves a multi-factor authentication bypass attackCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L6.32.83.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2022-30981An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-39050An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldapCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-29232BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-38093Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-43045GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-21721Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-in i18n support. Deployments on Vercel, along with similar environments where invalid requests are filtered before reaching Next.js, are not affected. A patch has been released, `next@12.0.9`, that mitigates this issue. As a workaround, one may ensure `/${locale}/_next/` is blocked from reaching the Next.js instance until it becomes feasible to upgrade.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-42499In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242001391References: N/ACVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-33268Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-07T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2022-41851A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-44583Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-43693Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-48728In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix AIP early init panic An early failure in hfi1_ipoib_setup_rn() can lead to the following panic: BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0 PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI Workqueue: events work_for_cpu_fn RIP: 0010:try_to_grab_pending+0x2b/0x140 Code: 1f 44 00 00 41 55 41 54 55 48 89 d5 53 48 89 fb 9c 58 0f 1f 44 00 00 48 89 c2 fa 66 0f 1f 44 00 00 48 89 55 00 40 84 f6 75 77 <f0> 48 0f ba 2b 00 72 09 31 c0 5b 5d 41 5c 41 5d c3 48 89 df e8 6c RSP: 0018:ffffb6b3cf7cfa48 EFLAGS: 00010046 RAX: 0000000000000246 RBX: 00000000000001b0 RCX: 0000000000000000 RDX: 0000000000000246 RSI: 0000000000000000 RDI: 00000000000001b0 RBP: ffffb6b3cf7cfa70 R08: 0000000000000f09 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: ffffb6b3cf7cfa90 R14: ffffffff9b2fbfc0 R15: ffff8a4fdf244690 FS: 0000000000000000(0000) GS:ffff8a527f400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000001b0 CR3: 00000017e2410003 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: __cancel_work_timer+0x42/0x190 ? dev_printk_emit+0x4e/0x70 iowait_cancel_work+0x15/0x30 [hfi1] hfi1_ipoib_txreq_deinit+0x5a/0x220 [hfi1] ? dev_err+0x6c/0x90 hfi1_ipoib_netdev_dtor+0x15/0x30 [hfi1] hfi1_ipoib_setup_rn+0x10e/0x150 [hfi1] rdma_init_netdev+0x5a/0x80 [ib_core] ? hfi1_ipoib_free_rdma_netdev+0x20/0x20 [hfi1] ipoib_intf_init+0x6c/0x350 [ib_ipoib] ipoib_intf_alloc+0x5c/0xc0 [ib_ipoib] ipoib_add_one+0xbe/0x300 [ib_ipoib] add_client_context+0x12c/0x1a0 [ib_core] enable_device_and_get+0xdc/0x1d0 [ib_core] ib_register_device+0x572/0x6b0 [ib_core] rvt_register_device+0x11b/0x220 [rdmavt] hfi1_register_ib_device+0x6b4/0x770 [hfi1] do_init_one.isra.20+0x3e3/0x680 [hfi1] local_pci_probe+0x41/0x90 work_for_cpu_fn+0x16/0x20 process_one_work+0x1a7/0x360 ? create_worker+0x1a0/0x1a0 worker_thread+0x1cf/0x390 ? create_worker+0x1a0/0x1a0 kthread+0x116/0x130 ? kthread_flush_work_fn+0x10/0x10 ret_from_fork+0x1f/0x40 The panic happens in hfi1_ipoib_txreq_deinit() because there is a NULL deref when hfi1_ipoib_netdev_dtor() is called in this error case. hfi1_ipoib_txreq_init() and hfi1_ipoib_rxq_init() are self unwinding so fix by adjusting the error paths accordingly. Other changes: - hfi1_ipoib_free_rdma_netdev() is deleted including the free_netdev() since the netdev core code deletes calls free_netdev() - The switch to the accelerated entrances is moved to the success path.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-41171Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-33175Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-43718Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-1653The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-40843The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2022-4549The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-38708 IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2022-38272JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-25207A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-42711In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2022-0262Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-37360This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17635.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-44546The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-1418The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-31774IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-23862A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-24744Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N3.52.11.4LOW2024-12-07T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDLOWNONENONE
CVE-2022-32917The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-48554File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-48340In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-22286A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N7.11.85.2HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2022-42161D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2136The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-46422An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H4.81.23.6MEDIUM2024-12-07T08:00ZNETWORKHIGHLOWREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-22055The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-1298The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-45714IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formQOSRuleDel function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30326An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-23018On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-0641The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-22719A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-4091A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-0647The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-22426IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-20265In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-212804898CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N4.60.93.6MEDIUM2024-12-07T08:00ZPHYSICALLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2022-48839In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[], triggering a too big copy [1] Presumably, users of af_packet using mmap() already gets correct metadata from the mapped buffer, we can simply make sure to clear 12 bytes that might be copied to user space later. BUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:225 [inline] BUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489 Write of size 165 at addr ffffc9000385fb78 by task syz-executor233/3631 CPU: 0 PID: 3631 Comm: syz-executor233 Not tainted 5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xf/0x336 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189 memcpy+0x39/0x60 mm/kasan/shadow.c:66 memcpy include/linux/fortify-string.h:225 [inline] packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489 sock_recvmsg_nosec net/socket.c:948 [inline] sock_recvmsg net/socket.c:966 [inline] sock_recvmsg net/socket.c:962 [inline] ____sys_recvmsg+0x2c4/0x600 net/socket.c:2632 ___sys_recvmsg+0x127/0x200 net/socket.c:2674 __sys_recvmsg+0xe2/0x1a0 net/socket.c:2704 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fdfd5954c29 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29 RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005 RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60 R13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54 </TASK> addr ffffc9000385fb78 is located in stack of task syz-executor233/3631 at offset 32 in frame: ____sys_recvmsg+0x0/0x600 include/linux/uio.h:246 this frame has 1 object: [32, 160) 'addr' Memory state around the buggy address: ffffc9000385fa80: 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 ffffc9000385fb00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 >ffffc9000385fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3 ^ ffffc9000385fc00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 ffffc9000385fc80: f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 ==================================================================CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-38583On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20567In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186777253References: Upstream kernelCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-07T08:00ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-35538WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-1769Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-45654Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-36472H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMobileAPInfoById.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-24926Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-4714The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attackCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-39353xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30974compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-1441MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-38227XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-24219eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0965Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-47602Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in JoomUnited WP Table Manager plugin <= 3.5.2 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-41681There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-40291 The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-26526Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-21196MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3250Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-2741The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-25618Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-35904An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an IFC file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of IFC files could enable an attacker to read information in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2022-4484The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-28756The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-48603A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-4421A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 8a39b2b2bf. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215304.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-22517An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-3660Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-28651In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fieldsCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-23823A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-0377Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-27368Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-43025Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2903The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-47015MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-24887Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-20070In ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06362920; Issue ID: ALPS06362920.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-32292In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-38142 Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0170peertube is vulnerable to Improper Access ControlCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-34285A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-050)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-34914Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). A client can thus inject multiple arguments into the session startup. Systems that do not use the clientIP variable in the configuration are not vulnerable. The vulnerability is fixed in these versions: 20.1.16, 20.2.19, 21.1.8, 21.2.12, and 22.1.3.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-41591The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-32073WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29975An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 .CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-37843In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-37437When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-33253Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-35156Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-4105A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-34424Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-48067An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-48793In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebases I accidentally moved the call to nested_svm_load_cr3 to be too early, before the NPT is enabled, which is very wrong to do. KVM can't even access guest memory at that point as nested NPT is needed for that, and of course it won't initialize the walk_mmu, which is main issue the patch was addressing. Fix this for real.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-46582TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the login_name parameter in the do_graph_auth (sub_4061E0) function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-21733Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-23402The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-25098ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2022-32277Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific finding, not a finding about the Squiz Matrix CMS product.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-20663A vulnerability in the web-based management interface of Cisco&nbsp;Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco&nbsp;portfolio includes the renaming of security products under one brand: Cisco&nbsp;Secure. For more information, see .CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-0981A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2029Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-41220md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted inputCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-28622A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-4644Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-21215This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31584The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L9.33.94.7CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONECHANGEDHIGHNONELOW
CVE-2022-23637K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-30276The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks (potentially over a variety of serial, RF and/or Ethernet links) and TCP/IP networks. Communication with RTUs behind the gateway is done by means of the proprietary IPGW protocol (5001/TCP). This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2022-40193Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-44151Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0233The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 1.2.7.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-25782Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2022-23461Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-47780SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3835The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-30411Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2593The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacksCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30073WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-35240In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-35555A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-4691Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-25458Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-33155The ameos_tarteaucitron (aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible) extension before 1.2.23 for TYPO3 allows XSS.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-38833School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-48424In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20499In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246539931CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-3167Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-22742When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-28300This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation 10.16.02.034 CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16202.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-20239remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-1664Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-23040Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-23569Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-37952A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-23649Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and push permissions for the signature in OCI. This can happen with both standard signing with a keypair and "keyless signing" with Fulcio. If an attacker has access to the signature in OCI, they can manipulate cosign into believing the entry was stored in Rekor even though it wasn't. The vulnerability has been patched in v1.5.2 of Cosign. The `signature` in the `signedEntryTimestamp` provided by Rekor is now compared to the `signature` that is being verified. If these don't match, then an error is returned. If a valid bundle is copied to a different signature, verification should fail. Cosign output now only informs the user that certificates were verified if a certificate was in fact verified. There is currently no known workaround.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N3.31.81.4LOW2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-2417Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N4.50.93.6MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2022-34913md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted inputCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36463TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31149ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should upgrade to v0.12.0b2 or later to receive a patch. As a workaround, block DNS lookups that resolve to 127.0.0.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2022-24322A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior)CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N5.92.23.6MEDIUM2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONEHIGHNONE
CVE-2022-2641Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-46137AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-20706Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-48917In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min While the $val/$val2 values passed in from userspace are always >= 0 integers, the limits of the control can be signed integers and the $min can be non-zero and less than zero. To correctly validate $val/$val2 against platform_max, add the $min offset to val first.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-20168Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/ACVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-41639A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2799The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-20704Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N4.82.22.5MEDIUM2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDLOWLOWNONE
CVE-2022-42943A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-47170Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.48 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-4208The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-40293 The application was vulnerable to a session fixation that could be used hijack accounts. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2190The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsersCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-0440The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20420In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238377411CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-27952An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-35236In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-35968TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-22815path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L6.53.92.5MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWLOW
CVE-2022-28244Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content security policy, which could result in an attacker sending arbitrarily configured requests to the cross-origin attack target domain. Exploitation requires user interaction in which the victim needs to access a crafted PDF file on an attacker's server.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N6.31.84.0MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDCHANGEDHIGHNONENONE
CVE-2022-2652Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H6.00.85.2MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONEHIGH
CVE-2022-27677 Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-34366 Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-24789C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also truncate arbitrary files to zero size (effectively delete them) leading to denial of service (DoS) or altering application logic. The authenticated user may unknowingly perform the actions by visiting a specially crafted site. Patched in C1 CMS v6.12, no known workarounds exist.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H7.62.84.7HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWHIGH
CVE-2022-23981The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-3770A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29666CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36983This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15919.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-45586Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-29054A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-22777The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-48934In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX) inclusive. So NFP_MAX_MAC_INDEX (0xff) is a valid id. In order for the error handling path to work correctly, the 'invalid' value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range, inclusive. So set it to -1.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-39140A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17292)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-26380A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-42502In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231970References: N/ACVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20523In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-36502H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateWanParams.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2317The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-21149The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N3.50.92.5LOW2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDUNCHANGEDLOWLOWNONE
CVE-2022-35229An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-38163A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N3.52.11.4LOW2024-12-07T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-22549Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-26612In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30969A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-38454Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-2404The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site ScriptingCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-1810Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-41141This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16859.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0638Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-25511An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2022-28224Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H5.51.24.2MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONELOWHIGH
CVE-2022-20227In USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216825460References: Upstream kernelCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-43458Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Code Tides Advanced Floating Content plugin <= 1.2.1 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-2183Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-35002JPEGDEC commit be4843c was discovered to contain a segmentation fault via TIFFSHORT at /src/jpeg.inl.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-3941A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-47330In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-44079pycdc commit 44a730f3a8 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-46702The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-22868Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-2572In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20059In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781.CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H6.60.70000000000000015.9MEDIUM2024-12-07T08:00ZPHYSICALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-40746IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALHIGHLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-37865With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse "upwards" using ".." sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2022-1430Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:00ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-48317Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-44321PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-39135Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-23765This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-47355In log service, there is a missing permission check. This could lead to local denial of service in log service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-22794Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-27942tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-35056OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-4684Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-23729When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-26296BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-21748In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06511030; Issue ID: ALPS06511030.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-20916A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-37235Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncatCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-4560A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.32 is able to address this issue. The name of the patch is ecf8be8f6f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-1053Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2022-34650Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-25149The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-34199Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-23482xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2022-34056The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-26711An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-35526WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-1536A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert("home")</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-22435IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-24553An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-28773Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-3116The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-39359Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable `MB_CUSTOM_GEOJSON_ENABLED` was also added to disable custom GeoJSON completely (`true` by default).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-0288The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site ScriptingCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-36490H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditMacList.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-48588A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-41989Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service condition or code execution. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0597Open Redirect in Packagist microweber/microweber prior to 1.2.11.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-35590A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" ParameterCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-35411rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3018An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2022-23801An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-24713regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-0500A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31691Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-34183Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-24393Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-38212Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-41210SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings. CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N5.20.94.2MEDIUM2024-12-07T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHLOWNONE
CVE-2022-29404In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-42339Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-44611Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-07T08:00ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0570Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-34640The *tval of ecall/ebreak in CVA6 commit d315ddd0f1 was discovered to be incorrect.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-3839The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-24060This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. Crafted data in a DCM file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15099.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-29169BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5 service. The useragent library performs checking of device by parsing the input of User-Agent header and lets it go through lookupUserAgent() (alias of useragent.lookup() ). This function handles input by regexing and attackers can abuse that by providing some ReDos payload using `SmartWatch`. The maintainers removed `htmlclient/useragent` from versions 2.3.19, 2.4.7, and 2.5.0-beta.2. As a workaround, disable NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-33926Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. A remote malicious user could exploit this vulnerability in order to retain access to a file repository after it has been revoked.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-1046The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-3305Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-30828Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-25452Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-40655This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ND2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15071.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-48237In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2022-25899Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-35481OTFCC v0.10.4 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-0789Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-2543The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layoutsCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-47358In log service, there is a missing permission check. This could lead to local denial of service in log service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-29480On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2022-24366This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15853.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-48480Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-22455IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 224989.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-38723Gravitee API Management before 3.15.13 allows path traversal through HTML injection.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N8.63.94.0HIGH2024-12-07T08:00ZNETWORKLOWNONENONECHANGEDHIGHNONENONE
CVE-2022-4163The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_deactivate and cg_activate POST parameters before concatenating it to an SQL query in 2_deactivate.php and 4_activate.php, respectively. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-0953The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode charactersCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-28710An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-41993Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-38292SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3621A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-3034When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-35412Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N5.10.84.2MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHLOWNONE
CVE-2022-40009SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicode at /lib/ttf.c.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0025A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-1429SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the dataCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-28889In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-35921fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-41644 Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-25099A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-1615In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-41326The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-32658In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705059; Issue ID: GN20220705059.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-21214The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-25456Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2542The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-47010An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-27197Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-28006Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_delete.php.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-32924The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-40190SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive information, including user credentials.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2022-2318There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-4277A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-25980Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2072The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as wellCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-23314MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2471Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2480Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-1566The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV fileCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-23732A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-45825Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes WPComplete plugin <= 2.9.2 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-47895In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-38680In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-30829Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\users_edit.php.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-35104SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::reset() at /xpdf/Stream.cc.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-38303Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-38378An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N6.00.85.2MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHNONE
CVE-2022-29624An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-34265An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-25523TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-0263Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20660A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N4.60.93.6MEDIUM2024-12-07T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-22360IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36606Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2119OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30573The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO FTL - Enterprise Edition: version 6.8.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0017An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31897SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-0943Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-1683The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX actionCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3019The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-34187Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-1779The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHHIGH
CVE-2022-3381An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sitesCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-25558Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-36954In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2022-34263Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-1128Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-3317Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-44016An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\\"' value.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-31069NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in sensitive information such as OAuth bearer access tokens being inadvertently exposed to such services that should not see them. A new feature has been introduced in the patched version of nestjs-proxy that allows application developers to opt out of forwarding the Authorization headers on a per service basis using the `forwardToken` config setting. Developers are advised to review the README for this library on Github or NPM for further details on how this configuration can be applied. This issue has been fixed in version 0.7.0 of `@finastra/nestjs-proxy`. Users of `@ffdc/nestjs-proxy` are advised that this package has been deprecated and is no longer being maintained or receiving updates. Such users should update their package.json file to use `@finastra/nestjs-proxy` instead.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-22079Denial of service while processing fastboot flash command on mmc due to buffer over readCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H4.60.93.6MEDIUM2024-12-07T08:00ZPHYSICALLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-47950An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-34132Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-39185EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29862An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-31352Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-43461Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-45980Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-43603A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H5.92.23.6MEDIUM2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-0687The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-41599The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-23633Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-22084Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2158Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-32750IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228435.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-41385The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-42705A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-43032An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-34439Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-36972This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-28715Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-32397Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-39389Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version `v0.15.4` are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. Opening channels is prohibited, and also on chain transaction events will be undetected. This can cause loss of funds if a CSV expiry is researched during a breach attempt or a CLTV delta expires forgetting the funds in the HTLC. A patch is available in `lnd` version 0.15.4. Users are advised to upgrade. Users unable to upgrade may use the `lncli updatechanpolicy` RPC call to increase their CLTV value to a very high amount or increase their fee policies. This will prevent nodes from routing through your node, meaning that no pending HTLCs can be present.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L6.53.92.5MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWLOW
CVE-2022-36124It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-26094Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-42321Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H6.52.04.0MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONECHANGEDNONENONEHIGH
CVE-2022-48253nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-28618A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nimble appliance. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20351In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-44944Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-39824Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H8.92.36.0HIGH2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDHIGHLOWHIGH
CVE-2022-20453In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240685104CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-23365HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-44051The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-46159Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONELOW
CVE-2022-3505A vulnerability was found in SourceCodester Sanitization Management System. It has been classified as problematic. Affected is an unknown function of the file /php-sms/admin/. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210840.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-25493HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-38878School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0686Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2022-24761Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2022-35869This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20250In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226134095CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-34792A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-07T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-20010In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213519176CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-37051An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-38184There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-22274A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0366An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-4417The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list usersCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-41327A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2022-43106Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3906The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-28971Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-36861Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L5.31.83.4MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2022-35105SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via /bin/png2swf+0x552cea.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-4705The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-32368itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-33048Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-27004Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-34473The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code>&lt;use&gt;</code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnerability affects Firefox < 102.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-35449OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0466.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-35407An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-42176In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-23106Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-21685Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-24801Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29485Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-0001Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N6.52.04.0MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONECHANGEDHIGHNONENONE
CVE-2022-3586A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-30351PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the PDF file, to be leaked unintentionally. In cases where PDF text objects are present it is possible to copy-paste redacted information into the system clipboard. Once a document is "locked" and marked for redaction once, all redactions performed after this feature is triggered are vulnerable.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-3780Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-29701A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-45809Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.0.0. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N3.72.21.4LOW2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONELOWNONE
CVE-2022-4222A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214523.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20477In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241611867CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31860An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-35474OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b544e.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-20900Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31620In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-23690A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-3829The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-27188OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0502Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-20597In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243480506References: N/ACVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0147The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issueCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-20744A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-37298Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31211An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-48227An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-27416Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-26342A buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-25706Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WearablesCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-41798Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-2753The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation madeCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-48951In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() The bounds checks in snd_soc_put_volsw_sx() are only being applied to the first channel, meaning it is possible to write out of bounds values to the second channel in stereo controls. Add appropriate checks.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-39074There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N3.31.81.4LOW2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-42199Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-26979Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-25730Information disclosure in modem due to improper check of IP type while processing DNS server queryCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-31657VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-43359Gifdec commit 1dcbae1936 was discovered to contain an out-of-bounds read in the function read_image_data. This vulnerability is triggered when parsing a crafted Gif file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-23925Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H8.21.56.0HIGH2024-12-07T08:00ZLOCALLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2022-20504In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30059Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H6.51.25.2MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHHIGH
CVE-2022-44742Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin <= 1.4.8 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-34949Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-31287An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-2557The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the userCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0409Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-41910TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d6. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2022-35715IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 231202.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-36556Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3565A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0235node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized ActorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-30304An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-20458The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-37351This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17636.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-32297Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-07T08:00ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-33138A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-35981TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d16. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-1487Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-36689Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36223In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-43470Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed.CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H7.32.15.2HIGH2024-12-07T08:00ZADJACENT_NETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHHIGH
CVE-2022-23120A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-45918ILIAS before 7.16 allows External Control of File Name or Path.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-26181Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-0593The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L6.53.92.5MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWLOW
CVE-2022-22299A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-23468xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36171MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2022-1352Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-43329Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29945DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-35719IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-23973ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-26855Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-32035Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-32900A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to gain elevated privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-42218Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29220github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set to `dependabot[bot]` to determine if the PR is a legit PR. Theoretically, an owner of a seemingly valid and legit action in the pipeline can check if the PR is created by dependabot and if their own action has enough permissions to modify the PR in the pipeline. If so, they can modify the PR by adding a second seemingly valid and legit commit to the PR, as they can set arbitrarily the username and email in for commits in git. Because the bot only checks if the actor is valid, it would pass the malicious changes through and merge the PR automatically, without getting noticed by project maintainers. It would probably not be possible to determine where the malicious commit came from, as it would only say `dependabot[bot]` and the corresponding email-address. Version 3.2.0 contains a patch for this issue.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2022-31756The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-23745A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-41192Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-1670When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2022-2948GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-4542The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-40238A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-43457SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via NetworkCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-26122An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N8.63.94.0HIGH2024-12-07T08:00ZNETWORKLOWNONENONECHANGEDNONEHIGHNONE
CVE-2022-41848drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H4.20.53.6MEDIUM2024-12-07T08:00ZPHYSICALHIGHNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-27157pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-24792PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-45113Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2022-41013Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'static dhcp mac WORD (WORD|null) ip A.B.C.D hostname (WORD|null) description (WORD|null)' command template.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-40635Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-35678Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-41838A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-24918An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N4.41.32.7MEDIUM2024-12-07T08:00ZNETWORKHIGHLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-41226Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-22636An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-20142In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36858A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-33255Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-30819In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20204In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-171495100CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-41677An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-22223On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregation group (LAG) interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packets to cause multiple interfaces in the LAG to detach causing a Denial of Service (DoS) condition. Continued receipt and processing of these packets will sustain the Denial of Service. This issue affects IPv4 and IPv6 packets. Packets of either type can cause and sustain the DoS event. These packets can be destined to the device or be transit packets. On devices such as the QFX10008 with line cards, line cards can be restarted to restore service. On devices such as the QFX10002 you can restart the PFE service, or reboot device to restore service. This issue affects: Juniper Networks Junos OS on QFX10000 Series: All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S1. An indicator of compromise may be seen by issuing the command: request pfe execute target fpc0 command "show jspec pechip[3] registers ps l2_node 10" timeout 0 | refresh 1 | no-more and reviewing for backpressured output; for example: GOT: 0x220702a8 pe.ps.l2_node[10].pkt_cnt 00000076 GOT: 0x220702b4 pe.ps.l2_node[10].backpressured 00000002 <<<< STICKS HERE and requesting detail on the pepic wanio: request pfe execute target fpc0 command "show pepic 0 wanio-info" timeout 0 | no-more | match xe-0/0/0:2 GOT: 3 xe-0/0/0:2 10 6 3 0 1 10 189 10 0x6321b088 <<< LOOK HERE as well as looking for tail drops looking at the interface queue, for example: show interfaces queue xe-0/0/0:2 resulting in: Transmitted: Total-dropped packets: 1094137 0 pps << LOOK HERECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-44584Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2022-39853A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-27076Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-45039An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-44137SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-25515stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-38611Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-34232Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-26458In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032678; Issue ID: ALPS07032678.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-46256A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-37363This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17673.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-44801D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-32248Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-1306Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-43038Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-1263A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-45792Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-27779libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-29187Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-39087In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-2835A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N4.41.82.5MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2022-3127Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWNONE
CVE-2022-37887There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-24799wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious message, arbitrary code is injected and executed in the context of the victim. This allows the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-03-30-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-03-30-production.0-v0.29.2-0-d144552 or wire-server 2022-03-30 (chart/4.8.0), so that their applications are no longer affected. There are no known workarounds for this issue. ### Patches * The issue has been fixed in wire-webapp **2022-03-30-production.0** and is already deployed on all Wire managed services. * On-premise instances of wire-webapp need to be updated to docker tag **2022-03-30-production.0-v0.29.2-0-d144552** or wire-server **2022-03-30 (chart/4.8.0)**, so that their applications are no longer affected. ### Workarounds * No workarounds known ### For more information If you have any questions or comments about this advisory feel free to email us at [vulnerability-report@wire.com](mailto:vulnerability-report@wire.com) ### Credits We thank [Posix](https://twitter.com/po6ix) for reporting this vulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-29428Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin <= 1.4.5 at WordPress.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-46463An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-21496Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-45082Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-23711A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-39377sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-47501Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a  pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-1567The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-36174FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36034nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-43522Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba EdgeConnect Enterprise Orchestrator host in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-3699 A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20616Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-28740aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-23377Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-27229Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-1543Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-34282A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-047)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-25822An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.22.53.6MEDIUM2024-12-07T08:00ZLOCALLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-34330IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229469.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-41940Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-36444An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker (with network access to the admin interface) to disrupt system availability or potentially compromise the confidentiality and integrity of the system.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-40205Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-25303The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the error_message that is then rendered in the error.html template, using the [flask.render_template](https://flask.palletsprojects.com/en/2.1.x/api/flask.render_template) function. However, the error_message is rendered using the [| safe filter](https://jinja.palletsprojects.com/en/3.1.x/templates/working-with-automatic-escaping), meaning the user input is not escaped.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-32927The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-43945The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-20869A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-38757A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-45338An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-1886Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-39893Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-34450 PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root. CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-26760A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A malicious application may be able to elevate privileges.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30110The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-38295Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-39100In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-34464A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2022-2008Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-41381The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29965The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-43932Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-24588Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-28721Certain HP Print Products are potentially vulnerable to Remote Code Execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30715Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-33961Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WaspThemes Visual CSS Style Editor plugin <= 7.5.8 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-29439Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-37005The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-23112A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2022-41697A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-22758When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-3718172crm 9.0 has an Arbitrary file upload vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-28946An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-20835Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-24027A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the libcommon.so binary.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-46583TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reboot_type parameter in the wizard_ipv6 (sub_41C380) function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-33944The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-33920Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-26308Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2022-28131Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-38085Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-33718An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N3.31.81.4LOW2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-1208The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was only partially fixed in version 2.3.2.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-2374The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-31988Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-20541In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N4.20.60000000000000013.6MEDIUM2024-12-07T08:00ZLOCALLOWHIGHREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-41485Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-22064Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-24221eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-1988Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-26493Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30587Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-37898Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-47325In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-1987Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2022-2951 Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to improper validation of array index vulnerability during processing of H3D files. A DWORD value from a PoC file is extracted and used as an index to write to a buffer, leading to memory corruption. CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-4061The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2022-37430Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-29950Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existedCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-28070A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-46906Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-23723An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N7.73.14.0HIGH2024-12-07T08:00ZNETWORKLOWLOWNONECHANGEDHIGHNONENONE
CVE-2022-29510Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29609An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-4155The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2022-1137Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2022-3927 The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3🅰️hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-23438An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-27866A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-39343Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This function iterates through the log entries and performs required recovery operations. When properly crafted a log including entries of type `FX_FAULT_TOLERANT_DIR_LOG_TYPE` may be utilized to introduce unexpected behavior. This issue has been patched in version 6.2.0. A workaround to fix line 218 in fx_fault_tolerant_apply_logs.c is documented in the GHSA.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-22323IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-42187Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-23744Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L2.30.81.4LOW2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONENONELOW
CVE-2022-42156D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-44574An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2022-24811Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-30513School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-4819A vulnerability was found in HotCRP. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is d4ffdb0ef8. It is recommended to apply a patch to fix this issue. VDB-216998 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-38724Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-30958A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-44049The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-48594A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-35572On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-1123The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-24628An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0603Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-4807Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2022-45393A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N3.52.11.4LOW2024-12-07T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-20071In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID: ALPS06183315.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-33257Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-07T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-28634A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5).CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-36367Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2022-43672Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-39859Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-34551Sims v1.0 was discovered to allow path traversal when downloading attachments.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-29515Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2022-3358OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-36326An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.91.23.6MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2022-3160 The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-31206The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC's CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. However, it was not confirmed whether these sufficiently segment the runtime from the rest of the RTOS.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-41657 Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations and could ultimately result in remote code execution. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0847A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-33004The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-1328Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input lineCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-36570Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-46295Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the Gaussian file formatCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-28104Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-22788The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-4851Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-38124Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H6.51.25.2MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHHIGH
CVE-2022-32771A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the "success" parameter which is inserted into the document with insufficient sanitization.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-28917Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-20709Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2022-39279discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsafe HTML into them. Version 0.9 has addressed this issue. Users are advised to upgrade. There are no known workarounds for this issue.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-40480Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-07T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-28063Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2022-3030An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-0266Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.60.70000000000000015.9MEDIUM2024-12-07T08:00ZNETWORKHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-37238MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-38533In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-47065TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29909Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-38485A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-41260SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-34911An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text().CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-30592liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-22626An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2022-28206An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-21162Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H7.31.35.9HIGH2024-12-07T08:00ZLOCALLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-3763The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attackCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHHIGH
CVE-2022-20231In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211485702References: N/ACVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-26635PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-37611Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-30526A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-48964In the Linux kernel, the following vulnerability has been resolved: ravb: Fix potential use-after-free in ravb_rx_gbeth() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-29265Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - EvaluateXPath - EvaluateXQuery - ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-46670 Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution.  The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-4944A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-25155Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-07T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-39852A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0838Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2022-24412Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-20001fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-27094Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-32827A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2022-34991Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-22401IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2022-23620XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like "../", "./". or "/" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWNONE
CVE-2022-4845Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2022-20539In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0140The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2022-4529The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2022-32257A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-37403Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nikhil Vaghela's Add User Role plugin <= 0.0.1 at WordPress.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-07T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2022-47498In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-07T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2022-3060Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requestsCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N7.32.15.2HIGH2024-12-07T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDHIGHHIGHNONE
CVE-2022-30400Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-07T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-47648An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can gain access to the same panel without requiring any sort of authorization. The B420 module was already obsolete at the time this vulnerability was found (The End of Life announcement was made in 2013).CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-43022OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2022-32260A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-43717Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-07T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2022-34655In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-29304Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-0715A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2022-43143A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-07T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2022-25048Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-42067Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerabilityCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2022-24166Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-07T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2022-37391This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17661.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2022-44733Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-07T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-4661072crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2022-41949DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources (like third party servers). This could allow an attacker, for example, to identify vulnerable services which might not be otherwise exposed to the public internet or to determine whether a specific file is present on the DHIS2 server. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. At this time, there is no known workaround or mitigation for this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-07T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-6876The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L5.42.82.5MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWLOW
CVE-2023-5911The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-47517Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.23.11.6 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-32619Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-51717Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-42528Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2097A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226105 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-24417Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2023-50928"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.02.36.0CRITICAL2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2023-29914H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.91.23.6MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2023-47131The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-26474XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-27260Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2023-25183 In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-22888Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affectedCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-29347Windows Admin Center Spoofing VulnerabilityCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N6.82.34.0MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDNONEHIGHNONE
CVE-2023-28722Improper buffer restrictions for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2892The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated attackers to bulk delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-24471An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-4115A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-1415A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerability affects the function sliderPicSubmit of the file adminHome.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-223126 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-32290The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-27033Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent().CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-52101Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2023-46857Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-31465An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-4850A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0209NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-39939SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2023-5702A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-2295A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-21446Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-24993A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19815)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-0311Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-31847In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-49178Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS.This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4219A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-4968The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-36137There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4148The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-22815Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have admin/root privileges to carry out the exploit. An authentication bypass is required for this exploit, thereby making it more complex. The attack may not require user interaction. Since an attacker must already be authenticated, the confidentiality impact is low while the integrity and availability impact is high.  This issue affects My Cloud OS 5 devices: before 5.26.300.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H6.71.25.5MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDLOWHIGHHIGH
CVE-2023-1181Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-35811An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-24403Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-24436A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-26562In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2023-22934In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H8.02.15.9HIGH2024-12-09T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-38621Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-28561Memory corruption in QESL while processing payload from external ESL device to firmware.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3658A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file Master.php?f=delete_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234012.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-48300The `Embed Privacy` plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via `embed_privacy_opt_out` shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 1.8.1 contains a patch for this issue. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-43717Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-45247Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N7.11.85.2HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-0513A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-41093Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N3.11.61.4LOW2024-12-09T08:00ZADJACENT_NETWORKHIGHNONENONEUNCHANGEDLOWNONENONE
CVE-2023-34137SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0602The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-48278Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-29389Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated" messages via CAN Injection, as exploited in the wild in (for example) July 2022.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-09T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-39949eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-50330A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-30784Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kaya Studio Kaya QR Code Generator plugin <= 1.5.2 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-35184The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0942The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-3316A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-20925In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/ACVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5077The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2023-28772An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-52146Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-38505DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-32411This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2023-38718IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-42456Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user). An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system. An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames. The issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values. The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2023-36397Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-23001In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-40643In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-24959IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-34971An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-25663TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-28813An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2023-6700The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-47236Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum iPages Flipbook For WordPress.This issue affects iPages Flipbook For WordPress: from n/a through 1.4.8. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2023-50993Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33580Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-23956A user can supply malicious HTML and JavaScript code that will be executed in the client browserCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-2155A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file classes/Master.php?f=save_cargo_type. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226276.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-48826Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-6875The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-52139Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](406b4bdbe7/packages/backend/src/server/api/endpoints.ts (L811)) or [secure](406b4bdbe7/packages/backend/src/server/api/endpoints.ts (L805)) without the user's permission and perform operations such as reading or adding non-public content. As a result, if the user who authenticated the application is an administrator, confidential information such as object storage secret keys and SMTP server passwords will be leaked, and general users can also create invitation codes without permission and leak non-public user information. This is patched in version [2023.12.1](c96bc36fed).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N9.63.15.8CRITICAL2024-12-09T08:00ZNETWORKLOWLOWNONECHANGEDHIGHHIGHNONE
CVE-2023-36646Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-30790MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-34365A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-24781Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-45880GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-42947A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H8.61.86.0HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2023-25210Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-39275Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `value` array.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-24404Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-23547A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-21176In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2023-47801An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password Record API Key to Copy/Move private password records.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L4.71.23.4MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDLOWLOWLOW
CVE-2023-28999Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.? This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L6.40.95.5MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDUNCHANGEDHIGHHIGHLOW
CVE-2023-31902RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20890Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-34488NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handler function of mqtt_parser.c when it processes malformed messages.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-22889SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-42740In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges neededCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-23733Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Lazy Social Comments plugin <= 2.0.4 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-31981Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-42666 The affected product is vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which may allow an attacker to create malicious requests for obtaining the information of the version about the web server used. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-3691A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.8.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-234237 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-23927Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-36387An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L5.42.82.5MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWLOW
CVE-2023-38678OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-34194StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-35917Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-5639The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-21340In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-23772Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33080Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-46421TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-21515InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-0321Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2023-45008Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPJohnny Comment Reply Email plugin <= 1.0.3 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-27394Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-27601OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP body that does not terminate by a line feed (i.e. `\n`). The vulnerability was found while performing black-box fuzzing against an OpenSIPS server running a configuration that made use of the functions `codec_delete_except_re` and `codec_delete_re`. The same issue was also discovered while performing coverage guided fuzzing on the function `codec_delete_except_re`. The crash happens because the function `delete_sdp_line` expects that an SDP line is terminated by a line feed (`\n`): By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. Due to the sanity check that is performed in the `del_lump` function, exploitation of this issue will generate an `abort` in the lumps processing function, resulting in a Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-34050 In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-41158A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-43784Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-21351In multiple locations, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0264A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L5.01.63.4MEDIUM2024-12-09T08:00ZNETWORKHIGHLOWNONEUNCHANGEDLOWLOWLOW
CVE-2023-30946A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-29069A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability. CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-35035Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-51655In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configurationCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38368IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-26515Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko Takagi Simple Slug Translate plugin <= 2.7.2 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-3687A vulnerability was found in Bylancer QuickVCard 2.1. It has been rated as critical. This issue affects some unknown processing of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack may be initiated remotely. The identifier VDB-234233 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20019A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-34219In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST APICVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-26140Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-24763In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-32273Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-24320An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-6707Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-26332Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-6456The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-25954KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2023-25572react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `<RichTextField>` are affected. `<RichTextField>` outputs the field value using `dangerouslySetInnerHTML` without client-side sanitization. If the data isn't sanitized server-side, this opens a possible cross-site scripting (XSS) attack. Versions 3.19.12 and 4.7.6 now use `DOMPurify` to escape the HTML before outputting it with React and `dangerouslySetInnerHTML`. Users who already sanitize HTML data server-side do not need to upgrade. As a workaround, users may replace the `<RichTextField>` by a custom field doing sanitization by hand. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-38840Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-43575A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-21611Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-22321 Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2023-23785Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-48307Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-36558ASP.NET Core - Security Feature Bypass VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-33883In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-37868Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-48302Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup (Ctrl+Shift+V) the markup will actually render. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app text.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-26818Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-42942This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-5228The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-42870A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-28346An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N7.32.15.2HIGH2024-12-09T08:00ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-21588Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-36146A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-23925Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version 3.1.4. As a workaround, avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-6356A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-46496Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H8.32.85.5HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWHIGHHIGH
CVE-2023-22668Memory Corruption in Audio while invoking IOCTLs calls from the user-space.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-22508This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to avoid this bug using the following options: * Upgrade to a Confluence feature release greater than or equal to 8.2.0 (ie: 8.2, 8.2, 8.4, etc...) * Upgrade to a Confluence 7.19 LTS bugfix release greater than or equal to 7.19.8 (ie: 7.19.8, 7.19.9, 7.19.10, 7.19.11, etc...) * Upgrade to a Confluence 7.13 LTS bugfix release greater than or equal to 7.13.20 (Release available early August) See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Data Center & Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). If you are unable to upgrade your instance please use the following guide to workaround the issue https://confluence.atlassian.com/confkb/how-to-disable-the-jmx-network-port-for-cve-2023-22508-1267761550.html This vulnerability was discovered by a private user and reported via our Bug Bounty program.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-37644SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-37532HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2023-5690Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-0945A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input "><img src=x onerror=prompt(document.domain);> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221592.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-33782D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38910CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-48645An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0636Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38691matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-5376An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2023-3256Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-33553An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-35779Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed Webs Seed Fonts plugin <= 2.3.1 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-7265Permission verification vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect availabilityCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.22.53.6MEDIUM2024-12-09T08:00ZLOCALLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-23906Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-37975Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin <= 2.3.7 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-24747Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-1655Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-33947The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-41708References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-52894In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproducible crash report from an aarch64 GKI 5.10.149-android13 running device. AFAICT the source code is at: https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2022-12-05_13-5.10 The call stack is: ncm_close() -> ncm_notify() -> ncm_do_notify() with the crash at: ncm_do_notify+0x98/0x270 Code: 79000d0b b9000a6c f940012a f9400269 (b9405d4b) Which I believe disassembles to (I don't know ARM assembly, but it looks sane enough to me...): // halfword (16-bit) store presumably to event->wLength (at offset 6 of struct usb_cdc_notification) 0B 0D 00 79 strh w11, [x8, #6] // word (32-bit) store presumably to req->Length (at offset 8 of struct usb_request) 6C 0A 00 B9 str w12, [x19, #8] // x10 (NULL) was read here from offset 0 of valid pointer x9 // IMHO we're reading 'cdev->gadget' and getting NULL // gadget is indeed at offset 0 of struct usb_composite_dev 2A 01 40 F9 ldr x10, [x9] // loading req->buf pointer, which is at offset 0 of struct usb_request 69 02 40 F9 ldr x9, [x19] // x10 is null, crash, appears to be attempt to read cdev->gadget->max_speed 4B 5D 40 B9 ldr w11, [x10, #0x5c] which seems to line up with ncm_do_notify() case NCM_NOTIFY_SPEED code fragment: event->wLength = cpu_to_le16(8); req->length = NCM_STATUS_BYTECOUNT; /* SPEED_CHANGE data is up/down speeds in bits/sec */ data = req->buf + sizeof *event; data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget)); My analysis of registers and NULL ptr deref crash offset (Unable to handle kernel NULL pointer dereference at virtual address 000000000000005c) heavily suggests that the crash is due to 'cdev->gadget' being NULL when executing: data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget)); which calls: ncm_bitrate(NULL) which then calls: gadget_is_superspeed(NULL) which reads ((struct usb_gadget *)NULL)->max_speed and hits a panic. AFAICT, if I'm counting right, the offset of max_speed is indeed 0x5C. (remember there's a GKI KABI reservation of 16 bytes in struct work_struct) It's not at all clear to me how this is all supposed to work... but returning 0 seems much better than panic-ing...CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-42455Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the API, even if their dashboard role is not. Version 4.4.2 contains a fix. There are no known workarounds.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-35774Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-52148Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-25964Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah Hearle, Design Extreme We’re Open! plugin <= 1.46 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-20613In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-23792Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-20230A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2023-47175Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-35158XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-2078The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to update the plugins settings. CVE-2023-25030 may be a duplicate of this issue.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-2796The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-25809runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L6.32.03.7MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONECHANGEDLOWLOWLOW
CVE-2023-22595IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-0424The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacksCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4095User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-49121A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-43239D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20256Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N5.83.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONECHANGEDNONELOWNONE
CVE-2023-41361An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5850Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-45644Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-30993IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-37134A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-7008A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N5.92.23.6MEDIUM2024-12-09T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONEHIGHNONE
CVE-2023-26509AnyDesk 7.0.8 allows remote Denial of Service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-20520Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-6446The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-49796MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2023-20773In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07611449; Issue ID: ALPS07441735.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-28856Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-24329An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2023-25647 There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event. CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2023-23670Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team Heateor Fancy Comments WordPress plugin <= 1.2.10 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-1346The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-6368In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-47062Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2023-5791A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-5114The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idbbee' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-34385Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.This issue affects Export Import Menus: from n/a through 1.8.0. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-1505A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-223409 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-09T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-51095Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-49126A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-48420there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-09T08:00ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-49947Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2023-38075A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-46852In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-29049The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-28823Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H7.31.35.9HIGH2024-12-09T08:00ZLOCALLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-41742Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-2604The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-20878VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-41807Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-24081Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-40800The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38553In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges neededCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-51676Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-4347Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-23828Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Swashata WP Category Post List Widget plugin <= 2.0.3 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-38406bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33245Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-24392Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <= 1.1.7 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-30415Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5261A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240870 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-31091Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pradeep Singh Dynamically Register Sidebars plugin <= 1.0.1 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-37281Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done before decompressing the IPv6 address. Therefore, up to 16 bytes can be read out of bounds on the line with the statement `memcpy(&ipaddr->u8[16 - postcount], iphc_ptr, postcount);`. The value of `postcount` depends on the address compression used in the received packet and can be controlled by the attacker. As a result, an attacker can inject a packet that causes an out-of-bound read. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2509 to patch the system.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-2174The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the plugin's log entries.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-6558The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5537The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumet_options_page() function. This makes it possible for unauthenticated attackers to remove user meta for arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-1680A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224237 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-0342MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-47548URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-20219Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-34478Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+ CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-1070External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H7.12.84.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWHIGH
CVE-2023-39198A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-09T08:00ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33536TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2023-30442IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-29011Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\etc\connectrc` files on multi-user machines.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-42828This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-0248An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader. CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.31.63.6MEDIUM2024-12-09T08:00ZADJACENT_NETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-22756There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-49182Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.This issue affects List all posts by Authors, nested Categories and Titles: from n/a through 2.7.10. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-1352A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-09T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-32714In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-49280XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain password hash of users by performing an edit on the user profiles and then downloading the XML file that has been created. This is also true for any document that might contain password field and that a user can view. This vulnerability impacts all version of Change Request, but the impact depends on the rights that has been set on the wiki since it requires for the user to have the Change request right (allowed by default) and view rights on the page to target. This issue cannot be easily exploited in an automated way. The patch consists in denying to users the right of editing pages that contains a password field with change request. It means that already existing change request for those pages won't be removed by the patch, administrators needs to take care of it. The patch is provided in Change Request 1.10, administrators should upgrade immediately. It's possible to workaround the vulnerability by denying manually the Change request right on some spaces, such as XWiki space which will include any user profile by default.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-34959An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-25793Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <= 2.0.2 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-38873The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2023-26023Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-40444A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2023-4417Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-33906In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-37369In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-34433 PiiGAB M-Bus stores passwords using a weak hash algorithm. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33333Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-20933In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-47244Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.13.8. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-46198Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-41652Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-50612Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5831An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-0114A vulnerability was found in Netis Netcore Router. It has been rated as problematic. Affected by this issue is some unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The identifier of this vulnerability is VDB-217592.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-24402Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-21494Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-41163A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-20998In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749936CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-2375A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-25449Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-4369Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-26776Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-0907A vulnerability, which was classified as problematic, has been found in Filseclab Twister Antivirus 8.17. Affected by this issue is the function 0x220017 in the library ffsmon.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221456.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-5744The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-42476SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N6.82.34.0MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDHIGHNONENONE
CVE-2023-48887A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-35188 SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5671HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0116The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-48631@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-22948An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph cluster.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2023-22597 InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An unauthorized user could intercept this communication and steal sensitive information such as configuration information and MQTT credentials; this could allow MQTT command injection. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-09T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-43876A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4708A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-238571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5556Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-46540TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3797A vulnerability, which was classified as critical, was found in Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712. This affects an unknown part of the file /Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx. The manipulation of the argument Filedata leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier VDB-235065 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-32811In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-42470The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-41129Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-46146Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-29426Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-28848user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWLOWNONE
CVE-2023-38237Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2023-3668Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38486A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-09T08:00ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-6767A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. This affects an unknown part of the file /endpoint/add-guest.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-247899.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-39059An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-28625mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-46290 Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-09T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-31065Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.  An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2023-34626Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-29046Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONELOW
CVE-2023-44847An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2189The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-42095Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21879.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2023-2806A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-1118A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-43762Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5184 Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-09T08:00ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2023-24256An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-1403The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-6509Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-39810An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-27419Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Viable Blog theme <= 1.1.4 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-29517XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user running the servlet engine (e.g. tomcat) running XWiki. The same vulnerability also allowed to perform internal requests to resources from the hosting server. The problem has been patched in XWiki 13.10.11, 14.10.1, 14.4.8, 15.0-rc-1. Users are advised to upgrade. It might be possible to workaround this vulnerability by running XWiki in a sandbox with a user with very low privileges on the machine. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-4050In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-44467langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-44974An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-50959IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-25838 There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-09T08:00ZNETWORKHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-39039An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N6.53.92.5MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWLOWNONE
CVE-2023-44175 A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-2228Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-51928An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20243A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details ["#details"] section of this advisory.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H8.63.94.0HIGH2024-12-09T08:00ZNETWORKLOWNONENONECHANGEDNONENONEHIGH
CVE-2023-30696An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-37687Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-37305An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-3722An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20122Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-34855A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-46298Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-4239The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2023-27420Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose theme <= 1.0.5 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-43721Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "PACKING_SLIPS_SUMMARY_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-3752A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sort_by leads to cross site scripting. The attack may be launched remotely. VDB-234422 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-5103Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2023-2139 A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-28471Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-27075A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-37914XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-41894Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-43504A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for testing cache validation service in affected application is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-4713A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-4126Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-30859Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-37428A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-44098Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-45194Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2023-25195Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic.  This issue affects Apache Fineract: from 1.4 through 1.8.3. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-20521TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H5.70.55.2MEDIUM2024-12-09T08:00ZPHYSICALHIGHNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2023-0652Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5375Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-1097Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-37215 JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded CredentialsCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-34250Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-1786Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-1205NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-7110A vulnerability, which was classified as critical, has been found in code-projects Library Management System 2.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249005 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2922A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-35759In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-3477A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-50446An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-45662stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2023-34672Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-25010A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-35965Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-42029IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-48239Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Enterprise Server, a malicious user could update any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud Server 25.0.13, 26.0.8, and 27.1.3 and Nextcloud Enterprise Server is upgraded to 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 contain a patch for this issue. As a workaround, disable app files_external. This workaround also makes the external storage inaccessible but retains the configurations until a patched version has been deployed.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H7.12.84.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWHIGH
CVE-2023-28121An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-22428 Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2023-23562Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-35782The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-49118 in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-43648baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-21022In BufferBlock of Suballocation.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236098131CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-21390In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-48360 in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-25217Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-25973Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-48828Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-20892The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-34150** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2023-4338Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options HeadersCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20049A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-35384Windows HTML Platforms Security Feature Bypass VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2023-45868The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside the documentRoot, to a publicly accessible location via the PHP function rename(). This results in a total loss of confidentiality, exposing sensitive resources, and potentially denying access to the affected component and the operating system's components. To exploit this, an attacker must manipulate a POST request during the creation of an exercise unit, by modifying the old_name and new_name parameters via directory traversal. However, it's essential to note that, when exploiting this vulnerability, the specified directory will be relocated from its original location, rendering all files obtained from there unavailable.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2023-40097In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38690matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-36274LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-47646Auth. (Shop Manager+) Stored Cross-Site Scripting (XSS) vulnerability in CedCommerce Recently viewed and most viewed products plugin <= 1.1.1 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-44365Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-26213On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33218 The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20199A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission.CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H6.60.70000000000000015.9MEDIUM2024-12-09T08:00ZPHYSICALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-28658Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-34111The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. Attackers can inject malicious commands which will be executed by the workflow. This happens because `${{ github.event.pull_request.title }}` is directly passed to bash command on like 25 of the workflow. This may allow an attacker to gain access to secrets which the github action has access to or to otherwise make use of the compute resources.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-45847Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-21027In multiple functions of PasspointXmlUtils.java, there is a possible authentication misconfiguration due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216854451CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-43134There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-1105External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2023-22844An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-23711Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optimized WP plugin <= 3.0.4 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-6383The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive dataCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-40520The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2023-31762Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack.CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-09T08:00ZADJACENT_NETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-30477Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essitco AFFILIATE Solution plugin <= 1.0 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-50073EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-40984A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-23342If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented.  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N7.11.85.2HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-45120Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-31407SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-41343Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-51695Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! allows Stored XSS.This issue affects Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!: from n/a through 2.0.4.1. CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-6373The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above)CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20879VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-28429Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-22792A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-4035The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-5612An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-50362A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-45377In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20018A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N6.53.92.5MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWLOWNONE
CVE-2023-32316CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-44123The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag. CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-51729This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4756Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-24114typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-30428Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0. The vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability. There are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants. 2.8 Pulsar Broker users and earlier are unaffected. 2.9 Pulsar Broker users should upgrade to one of the patched versions. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-33563In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-34108mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using specially crafted passwords during the authentication process. The issue arises from the behavior of the `passwd-verify.lua` script, which is responsible for verifying user passwords during login attempts. Upon a successful login, the script returns a response in the format of "password=<valid-password>", indicating the successful authentication. By crafting a password with additional key-value pairs appended to it, an attacker can manipulate the returned string and influence the internal behavior of Dovecot. For example, using the password "123 mail_crypt_save_version=0" would cause the `passwd-verify.lua` script to return the string "password=123 mail_crypt_save_version=0". Consequently, Dovecot will interpret this string and set the internal variables accordingly, leading to unintended consequences. This vulnerability can be exploited by an authenticated attacker who has the ability to set their own password. Successful exploitation of this vulnerability could result in unauthorized access to user accounts, bypassing security controls, or other malicious activities. This issue has been patched in version `2023-05a`. Users are advised to upgrade. There are no known workarounds for this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-26073An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the extended emergency number list.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-48111Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attackCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-29723The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-42718In dialer, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges neededCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-4604The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4571In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H8.61.86.0HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2023-7171A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6093d8182. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249307.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-0740Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.02.36.0CRITICAL2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2023-2482The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-32393The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-6867The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-27444Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-37944A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-5968Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.  CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2023-42881The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing a file may lead to unexpected app termination or arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-44243Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-1443A vulnerability was found in Filseclab Twister Antivirus 8. It has been declared as problematic. This vulnerability affects the function 0x80112053 in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223288.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-46260An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0604The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-51535Cross-Site Request Forgery (CSRF) vulnerability in ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-35783The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-39125NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is "this main application was not intended to be a well tested program, it's just something to demonstrate it works and for the user to see how to integrate it into their own programs."CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-29086An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Min-SE header.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-40604Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes Madsen Cookies by JM plugin <= 1.0 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-23510A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.2. An app may be able to access a user’s Safari history.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2023-32542Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-23585Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.  See Honeywell Security Notification for recommendations on upgrading and versioning. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-2845Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-1490A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is the function 0x220020 in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223376.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2023-1812Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-3946 A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-0271The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-50936IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-27569The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3450A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232547. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-4808The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-45823Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories loaded into Artifact Hub, it was possible to read internal files. Artifact Hub indexes content from a variety of sources, including git repositories. When processing git based repositories, Artifact Hub clones the repository and, depending on the artifact kind, reads some files from it. During this process, in some cases, no validation was done to check if the file was a symbolic link. This made possible to read arbitrary files in the system, potentially leaking sensitive information. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-40686Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38704import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for remote code execution in cases where an application passes user-supplied input directly to the `import()` function. This vulnerability has been patched in import-in-the-middle version 1.4.2. Some workarounds are available. Do not pass any user-supplied input to `import()`. Instead, verify it against a set of allowed values. If using import-in-the-middle, directly or indirectly, and support for EcmaScript Modules is not needed, ensure that no options are set, either via command-line or the `NODE_OPTIONS` environment variable, that would enable loader hooks.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-28839Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-27092Cross Site Scripting vulnerability found in Jbootfly allows attackers to obtain sensitive information via the username parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-51043In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-09T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-22497Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has access to a Netdata Agent has access to its MACHINE_GUID. Streaming is a feature that allows a Netdata Agent to act as parent for other Netdata Agents (children), offloading children from various functions (increased data retention, ML, health monitoring, etc) that can now be handled by the parent Agent. Configuration is done via `stream.conf`. On the parent side, users configure in `stream.conf` an API key (any random UUID can do) to provide common configuration for all children using this API key and per MACHINE GUID configuration to customize the configuration for each child. The way this was implemented, allowed an attacker to use a valid MACHINE_GUID as an API key. This affects all users who expose their Netdata Agents (children) to non-trusted users and they also expose to the same users Netdata Agent parents that aggregate data from all these children. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, do not enable streaming by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2023-33487TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38407bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-26735blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-25611A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H7.31.35.9HIGH2024-12-09T08:00ZLOCALLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-45106Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-46411TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-24044A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-1039A vulnerability classified as critical was found in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index3.php of the component POST Parameter Handler. The manipulation of the argument password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221797 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-41850Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-51721This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-34116Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-23546A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-09T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38556Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-6307A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2685A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1  CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H6.30.300000000000000045.9MEDIUM2024-12-09T08:00ZLOCALHIGHHIGHREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-4842The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social_warfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-1185A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222357 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-51671Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L5.42.82.5MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWLOW
CVE-2023-49842Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpexpertsio Rocket Maintenance Mode & Coming Soon Page allows Stored XSS.This issue affects Rocket Maintenance Mode & Coming Soon Page: from n/a through 4.3. CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-49740Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-0012In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0244A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \App\Manage\Controller\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218152.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5485Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-22935In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-2896The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated attackers to duplicate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-5522Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel.  CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONELOW
CVE-2023-51885Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-28481An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using their own SSH key.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-28868Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2023-4961The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-37378Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2023-48486Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-27115WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-46086Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-52427In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resource_limits.max_samples. NOTE: the vendor's position is that the product is not designed to handle a max_samples value that is too large for the amount of memory on the system.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-47666Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-24199Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-26127All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-40209Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-4841The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-33077Memory corruption in HLOS while converting from authorization token to HIDL vector.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-46227 Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8814 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2023-49430Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3849A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235200. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-52026TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interfaceCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2808Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-29299Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to Unrestricted, making the attack complexity high. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H4.71.03.6MEDIUM2024-12-09T08:00ZLOCALHIGHNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-47397WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-25122Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38615The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-5822The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a 'multiple file upload' form field with '*' acceptable file types.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-30350FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-26395Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-27898Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2023-35012IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-23703Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Arconix Shortcodes plugin <= 2.1.7 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-25644 There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-6671A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-46246Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-2669A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228885 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-28119The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-44306 Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H6.51.25.2MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHHIGH
CVE-2023-47142IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0138Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-4011An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-4155A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H5.61.14.0MEDIUM2024-12-09T08:00ZLOCALHIGHLOWNONECHANGEDNONENONEHIGH
CVE-2023-23584 An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-34577SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-27383Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of privilege via adjacent access.CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-09T08:00ZADJACENT_NETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0257A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input <?php system($_GET['c']); ?> leads to unrestricted upload. The attack can be launched remotely. The identifier VDB-218185 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-41935Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-3981Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2023-35670In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-34982 This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H7.11.85.2HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2023-27066Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-41137Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-31429Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-22682Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | Pixedelic.Com Camera slideshow plugin <= 1.4.0.1 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-2768A vulnerability was found in Sucms 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin_ads.php?action=add. The manipulation of the argument intro leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229274 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-1339The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-5868A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-30414Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-4678Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-25527NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-26486Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-0205NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H7.73.14.0HIGH2024-12-09T08:00ZNETWORKLOWLOWNONECHANGEDNONENONEHIGH
CVE-2023-42816Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users' admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H5.31.63.6MEDIUM2024-12-09T08:00ZNETWORKHIGHNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-36384Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-43281Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-3280A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-50251php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. An attacker sending multiple request to a system to render the above payload can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 0.5.1 contains a patch for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-0001An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33235MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3057A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-30553Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the `sql_api/api_workflow.py` endpoint `ExecuteCheck`. User input coming from the `db_name` parameter value and the `full_sql` parameter value in the `api_workflow.py` `ExecuteCheck` endpoint is passed to the methods that follow in given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution. The affected methods are `execute_check` in `sql/engines/clickhouse.py` which concatenates input which is passed to execution on the database in the `sql/engines/clickhouse.py` `query` method, `execute_check` in `sql/engines/goinception.py`which concatenates input which is passed to execution on the database in the `sql/engines/goinception.py` `query` method, `execute_check` in `sql/engines/oracle.py`which passes unsafe user input into the `object_name_check` method in `sql/engines/oracle.py` which in turn is passed to execution on the database in the `sql/engines/oracle.py` `query` method. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-102`.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-34567Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-37943Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-09T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-4594Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-28036 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-25571Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` prior to 0.12.4, and `@backstage/plugin-catalog-backend` prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicious actor with access to add or modify content in an instance of the Backstage software catalog to inject script URLs in the entities stored in the catalog. If users of the catalog then click on said URLs, that can lead to an XSS attack. This vulnerability has been patched in both the frontend and backend implementations. The default `Link` component from `@backstage/core-components` version 1.2.0 and greater will now reject `javascript:` URLs, and there is a global override of `window.open` to do the same. In addition, the catalog model v0.12.4 and greater as well as the catalog backend v1.7.2 and greater now has additional validation built in that prevents `javascript:` URLs in known annotations. As a workaround, the general practice of limiting access to modifying catalog content and requiring code reviews greatly help mitigate this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4448A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-30351Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-26407Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-6902A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. This vulnerability affects unknown code of the file /file-manager/upload.php. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248260.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-1650The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blogCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-46420TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5054The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2023-6574A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-43809Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the `allow-keyless` setting, and the public key requires additional client-side verification for example using FIDO2 or GPG. This is due to insufficient validation procedures of the public key step during SSH request handshake, granting unauthorized access if the keyboard-interaction mode is utilized. An attacker could exploit this vulnerability by presenting manipulated SSH requests using keyboard-interactive authentication mode. This could potentially result in unauthorized access to the Soft Serve. Users should upgrade to the latest Soft Serve version `v0.6.2` to receive the patch for this issue. To workaround this vulnerability without upgrading, users can temporarily disable Keyboard-Interactive SSH Authentication using the `allow-keyless` setting.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-0294The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-0868Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-21587Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-7024Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-25601On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-31133Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack. Ghost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below v5.46.1. v5.46.1 contains a fix for this issue. As a workaround, add a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-21086In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238298970CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-24804The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N4.41.82.5MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDLOWLOWNONE
CVE-2023-28776Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-38043A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-22731Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP function and thus execute arbitrary code. The attacker must have access to a Twig environment in order to exploit this vulnerability. This problem has been fixed with 6.4.18.1 with an override of the specified filters until the integration of the Sandbox extension has been finished. Users are advised to upgrade. Users of major versions 6.1, 6.2, and 6.3 may also receive this fix via a plugin. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20028Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-42780Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-1708An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-49554Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-39668D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-39018FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which FFmpeg.java uses untrusted input for the path of the executable file.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2120The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-33087Memory corruption in Core while processing RX intent request.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-45556Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-37298Joplin before 2.11.5 allows XSS via a USE element in an SVG document.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-47997An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-24195Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4982Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4058Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-26514Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Dynamic XML Sitemaps Generator for Google plugin <= 1.3.3 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-32490 Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover. CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-49805Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting to the server using Socket.IO, the server does not validate the `Origin` header leading to other site being able to open connections to the server and communicate with it. Other websites still need to authenticate to access most features, however this can be used to circumvent firewall protections made in place by people deploying the application. Without origin validation, Javascript executed from another origin would be allowed to connect to the application without any user interaction. Without login credentials, such a connection is unable to access protected endpoints containing sensitive data of the application. However, such a connection may allow attacker to further exploit unseen vulnerabilities of the application. Users with "No-auth" mode configured who are relying on a reverse proxy or firewall to provide protection to the application would be especially vulnerable as it would grant the attacker full access to the application. In version 1.23.9, additional verification of the HTTP Origin header has been added to the socket.io connection handler. By default, if the `Origin` header is present, it would be checked against the Host header. Connection would be denied if the hostnames do not match, which would indicate that the request is cross-origin. Connection would be allowed if the `Origin` header is not present. Users can override this behavior by setting environment variable `UPTIME_KUMA_WS_ORIGIN_CHECK=bypass`.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-24058Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-35827An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-09T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-36818Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-21102In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernelCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-24369A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-35186The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-49752Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-48330Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Comment Remove allows Cross Site Request Forgery.This issue affects Bulk Comment Remove: from n/a through 2. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-52185Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n/a through 2.1.9. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-4294The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-28337When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-36666INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-50445Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-27654An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2572The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-22435Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-20231A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-49294Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-43830A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-51368A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and laterCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-34467XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-22957An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-42542Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-39640UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList().CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-25690Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-31477A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-33216Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments woodiscuz-woocommerce-comments allows Stored XSS.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.2.9. CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-32224D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication AttemptsCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-46332WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-34422A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H6.51.25.2MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHHIGH
CVE-2023-4181A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-25934 DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2023-2304The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-0487The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as adminCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-41107TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-46735Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now doesn't return any user-submitted input in its response.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-39999Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-50879Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-46706 Multiple MachineSense devices have credentials unable to be changed by the user or administrator. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-26258Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-25606An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4  all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-48362XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-28533Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in M Williams Cab Grid plugin <= 1.5.15 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-5468The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-3187A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2023-5884The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2023-32040Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-44959An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-37245Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2023-6816A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-31011NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-46224An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-1418A vulnerability classified as problematic was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file cashconfirm.php of the component POST Parameter Handler. The manipulation of the argument transactioncode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223129 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-26208A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2023-45899An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2023-28736Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-1007A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2503The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-33156Microsoft Defender Elevation of Privilege VulnerabilityCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-09T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-48676Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N7.11.85.2HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-45068Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-3074Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-34035Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC’s DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2023-20872VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-09T08:00ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2023-34005Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-32676Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-26530Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Kehrer Updraft plugin <= 0.6.1 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-6056A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N7.42.25.2HIGH2024-12-09T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2023-33517carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-6485The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like adminsCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-43017IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-52198Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-32821In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08013430; Issue ID: ALPS08013433.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33485TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5720A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-48866A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-37393Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.9.3 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-20162Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-41443SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-26152All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-6699The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-45227 An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-41070A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2023-50828Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through 3.7.11. CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-0572Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-42941The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H4.81.23.6MEDIUM2024-12-09T08:00ZADJACENT_NETWORKHIGHLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-6300A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246126 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-43999An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2023-23753The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-32104Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2023-0162The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-29088An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Session-Expires header.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-22878IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-46629Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remove Add to Cart WooCommerce plugin <= 1.4.4.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-30088An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-43233A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-41891FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-43824A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-5362The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-41882vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-5851Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-46613Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jens Kuerschner Add to Calendar Button plugin <= 1.5.1 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-22376Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-30269CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2023-39301A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-1391A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222978 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-21183In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235863754CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-1402The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-47240Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap plugin <= 1.1.11 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-44297 Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service. CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-09T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-21130In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33872Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-42692In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges neededCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5869A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2964The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-27032Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38405On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-35162XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as: > <hostname>/xwiki/bin/get/FlamingoThemes/Cerulean xpage=xpart&vm=previewactions.vm&xcontinue=javascript:alert(document.domain). This vulnerability exists since XWiki 6.1-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-30638Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-40052 This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 .  An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server’s remaining ability to process valid requests. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-7218A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-24164Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38611The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-27877IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-1371The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access themCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-30765 ?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-24820RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-4622A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15. CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-09T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-31245 Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-33053Memory corruption in Kernel while parsing metadata.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-26290Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-43501A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2023-29438Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <= 1.2.9 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-22678Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-31617An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-4693An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N4.60.93.6MEDIUM2024-12-09T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-30905The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-35719ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-09T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-21445Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-24736PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33657A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-32182A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-30764OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-23869Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <= 1.6.1 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-45143Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N3.52.11.4LOW2024-12-09T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDLOWNONENONE
CVE-2023-0474Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-4891 A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-28376Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-28062 Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-50465A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-27497Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38571This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2023-36661Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-31848davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-23462Libpeconv – integer overflow, before commit 75b1565 (30/11/2022).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-35785Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-09T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-24582Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-20009A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege of operator - validate actual name. The vulnerability is due to the processing of a specially crafted SNMP configuration file. An attacker could exploit this vulnerability by authenticating to the targeted device and uploading a specially crafted SNMP configuration file that when uploaded could allow for the execution of commands as root. An exploit could allow the attacker to gain root access on the device.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3588A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-40408An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2023-5858Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-32612Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-40719A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-34470 AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-40731A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-45799In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-51698Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-0236The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-29157Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-1108A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-23788Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Florin Arjocu Custom More Link Complete plugin <= 1.4.1 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-44158Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-21395In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-43267A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-28733AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-25059Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-0588The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-31135Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being encrypted. This is problematic because two log lines will often have the same length, so due to these collisions we are reusing the same nonce many times. All audit logs generated by versions of Dgraph <v23.0.0 are affected. Attackers must have access to the system the logs are stored on. Dgraph users should upgrade to v23.0.0. Users unable to upgrade should store existing audit logs in a secure location and for extra security, encrypt using an external tool like `gpg`.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-39979There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.   CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33356IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-37254An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-22315 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN) protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20987In btm_read_link_quality_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569414CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.50.93.6MEDIUM2024-12-09T08:00ZADJACENT_NETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2023-44205Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-29622Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-48301Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clicking the circle name in a search filter. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app circles.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-45627An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-28835Nextcloud server is an open source home cloud implementation. In affected versions the generated fallback password when creating a share was using a weak complexity random number generator, so when the sharer did not change it the password could be guessable to an attacker willing to brute force it. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. This issue only affects users who do not have a password policy enabled, so enabling a password policy is an effective mitigation for users unable to upgrade.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-2211A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226976.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-42931The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5143** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 up to 20151231. This issue affects some unknown processing of the file /log/webmailattach.php. The manipulation of the argument table_name leads to an unknown weakness. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240239. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-40766User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-48291Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2  Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-30577AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-34237SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface. This issue has been patched in commits `e3a722` and `422b4f` which have been included in the 4.0.2 release. Users are advised to upgrade. Users unable to upgrade should ensure that a username and password have been set if their instance is web accessible.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-39407The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N9.13.95.2CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHNONE
CVE-2023-20183Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-32610Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-52900In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling __nilfs_btree_get_block() against an invalid virtual block address, it returns -ENOENT because conversion of the virtual block address to a disk block address fails. However, this return value is the same as the internal code that b-tree lookup routines return to indicate that the block being searched does not exist, so functions that operate on that b-tree may misbehave. When nilfs_btree_insert() receives this spurious 'not found' code from nilfs_btree_do_lookup(), it misunderstands that the 'not found' check was successful and continues the insert operation using incomplete lookup path data, causing the following crash: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] ... RIP: 0010:nilfs_btree_get_nonroot_node fs/nilfs2/btree.c:418 [inline] RIP: 0010:nilfs_btree_prepare_insert fs/nilfs2/btree.c:1077 [inline] RIP: 0010:nilfs_btree_insert+0x6d3/0x1c10 fs/nilfs2/btree.c:1238 Code: bc 24 80 00 00 00 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 4b 02 92 fe 4d 8b 3f 49 83 c7 28 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 2e 02 92 fe 4d 8b 3f 49 83 c7 02 ... Call Trace: <TASK> nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline] nilfs_bmap_insert+0x20d/0x360 fs/nilfs2/bmap.c:147 nilfs_get_block+0x414/0x8d0 fs/nilfs2/inode.c:101 __block_write_begin_int+0x54c/0x1a80 fs/buffer.c:1991 __block_write_begin fs/buffer.c:2041 [inline] block_write_begin+0x93/0x1e0 fs/buffer.c:2102 nilfs_write_begin+0x9c/0x110 fs/nilfs2/inode.c:261 generic_perform_write+0x2e4/0x5e0 mm/filemap.c:3772 __generic_file_write_iter+0x176/0x400 mm/filemap.c:3900 generic_file_write_iter+0xab/0x310 mm/filemap.c:3932 call_write_iter include/linux/fs.h:2186 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x7dc/0xc50 fs/read_write.c:584 ksys_write+0x177/0x2a0 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd ... </TASK> This patch fixes the root cause of this problem by replacing the error code that __nilfs_btree_get_block() returns on block address conversion failure from -ENOENT to another internal code -EINVAL which means that the b-tree metadata is corrupted. By returning -EINVAL, it propagates without glitches, and for all relevant b-tree operations, functions in the upper bmap layer output an error message indicating corrupted b-tree metadata via nilfs_bmap_convert_error(), and code -EIO will be eventually returned as it should be.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-22776An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.91.23.6MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2023-5621The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-22482Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token was signed by Argo CD's configured OIDC provider. But Argo CD _does not_ validate the audience claim, so it will accept tokens that are not intended for Argo CD. If Argo CD's configured OIDC provider also serves other audiences (for example, a file storage service), then Argo CD will accept a token intended for one of those other audiences. Argo CD will grant the user privileges based on the token's `groups` claim, even though those groups were not intended to be used by Argo CD. This bug also increases the impact of a stolen token. If an attacker steals a valid token for a different audience, they can use it to access Argo CD. A patch for this vulnerability has been released in versions 2.6.0-rc3, 2.5.6, 2.4.19, and 2.3.13. There are no workarounds.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3095Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-43770Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4852A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38065In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possibleCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-26847A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-23815Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Jackson Multi-column Tag Map plugin <= 17.0.24 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-39846An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-32338IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-21304In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-40825An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-21346In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2023-0637A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220017 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-43358Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-42849The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2023-0866Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-27149A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-46556TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3433The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of service to the application. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-51459Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-50922An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-30506Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-32680Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that: Anyone–including people in sandboxed groups–could edit SQL snippets. They could edit snippets via the API or, in the application UI, when editing the metadata for a model based on a SQL question, and people in sandboxed groups could edit a SQL snippet used in a query that creates their sandbox. If the snippet contained logic that restricted which data that person could see, they could potentially edit that snippet and change their level of data access. The permissions model for SQL snippets has been fixed in Metabase versions 0.46.3, 0.45.4, 0.44.7, 1.46.3, 1.45.4, and 1.44.7. Users are advised to upgrade. Users unable to upgrade should ensure that SQL queries used to create sandboxes exclude SQL snippets.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N9.63.15.8CRITICAL2024-12-09T08:00ZNETWORKLOWLOWNONECHANGEDHIGHHIGHNONE
CVE-2023-7226A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250232.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-24232A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-40083In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-6534In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers.  This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-33881In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-0206NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-37439Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-1469The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-38526A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-41028A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0193 NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L4.41.82.5MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWNONELOW
CVE-2023-52060A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-46525TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-46352In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-25149TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search_path`, allowing malicious users to create functions that would be executed by the telemetry job, leading to privilege escalation. In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension, non-superusers can install the extension without help from a superuser. Version 2.9.3 fixes this issue. As a mitigation, the `search_path` of the user running the telemetry job can be locked down to not include schemas writable by other users. The vulnerability is not exploitable on instances in Timescale Cloud and Managed Service for TimescaleDB due to additional security provisions in place on those platforms.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3430A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-26529Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-44088Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-45174IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-25722A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access of the Jenkins remote) to discover Veracode API credentials by listing the process and its arguments. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs and when the "Connect using proxy" option is enabled and configured with proxy credentials, allows local users of the Jenkins remote to discover proxy credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0 invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover Veracode API credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0, when configured with proxy credentials, allows users (with shell access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover proxy credentials by listing the process and its arguments.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-1018An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-24845A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The affected products insufficiently block data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-4449A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237570 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-6298A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-246124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. A statement published afterwards explains that the exception is not a vulnerability and the identified CWEs might not apply to the software.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-45875An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-0554The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-36158Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-6637The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin settings.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2023-1278A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-29916H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.91.23.6MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2023-36479Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-41319Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox can be bypassed to execute any arbitrary code. The vulnerability allows the execution of arbitrary code on the target system within the context of the webserver python process owner on the webserver container, which by default is `root`, and leverage that access to attack underlying infrastructure and integrated systems. This vulnerability affects Fides versions `2.11.0` through `2.19.0`. Exploitation is limited to API clients with the `CONNECTOR_TEMPLATE_REGISTER` authorization scope. In the Fides Admin UI this scope is restricted to highly privileged users, specifically root users and users with the owner role. Exploitation is only possible if the security configuration parameter `allow_custom_connector_functions` is enabled by the user deploying the Fides webserver container, either in `fides.toml` or by setting the env var `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS=True`. By default this configuration parameter is disabled. The vulnerability has been patched in Fides version `2.19.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. Users unable to upgrade should ensure that `allow_custom_connector_functions` in `fides.toml` and the `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS` are both either unset or explicit set to `False`.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5301A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-39549A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19562)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-44261Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-45005Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Castos Seriously Simple Stats plugin <= 1.5.1 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-21015In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569778CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-27636Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-31164 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-52285ExamSys 9150244 allows SQL Injection via the /Support/action/Pages.php s_score2 parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-21141In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-2729Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-49173Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10to8 Sign In Scheduling Online Appointment Booking System allows Stored XSS.This issue affects Sign In Scheduling Online Appointment Booking System: from n/a through 1.0.9. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-46378Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-3698Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2023-51257An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-6292The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-23675Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catchsquare WP Smart Preloader plugin <= 1.15 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-20116A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H5.72.13.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-5753Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0486VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-39404Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-21275In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-50028In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-4535An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L3.80.43.4LOW2024-12-09T08:00ZPHYSICALHIGHNONEREQUIREDUNCHANGEDLOWLOWLOW
CVE-2023-3427The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'save_customer' function. This makes it possible for unauthenticated attackers to change the admin role to customer or change the user meta to arbitrary values via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-1300A vulnerability classified as critical was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file patient-report.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222661 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3743Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-38648Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-1855A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H6.31.05.2MEDIUM2024-12-09T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2023-6058A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N6.81.65.2MEDIUM2024-12-09T08:00ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHNONE
CVE-2023-48411In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-31717A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-46238ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to an SVG to gain access to the victim’s account in certain scenarios. A victim would need to directly open the malicious image in the browser, where a single session in ZITADEL needs to be active for this exploit to work. If the possible victim had multiple or no active sessions in ZITADEL, the attack would not succeed. This issue has been patched in version 2.39.2 and 2.38.2.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-36819Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint `_/knowage/restful-services/dossier/importTemplateFile_` allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch and prior to version 8.1.8, the application does not sanitize the `_templateName_ `parameter allowing an attacker to use `*../*` in it, and escaping the directory the template are normally placed and download any file from the system. This vulnerability allows a low privileged attacker to exfiltrate sensitive configuration file. This issue has been patched in Knowage version 8.1.8.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-2262 A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-50564An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-6084A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VU_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-43469SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-23040TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-21851Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2023-33975RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. This issue is fixed in pull request 19680. As a workaround, disable support for fragmented IP datagrams.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33371Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-31823An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-42835A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to access user data.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-36707Windows Deployment Services Denial of Service VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-4865A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-20193A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-35690 In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-47765Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-26139Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “__proto__”.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-41706Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-32482 Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N4.91.23.6MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHNONE
CVE-2023-35946Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2023-48176An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3398Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-45057Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hitsteps Web Analytics plugin <= 5.86 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-44127he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2023-42643In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-25548 A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-34796Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-20264A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user to access a site that is under the control of the attacker, allowing the attacker to modify the login URL. A successful exploit could allow the attacker to intercept a successful SAML assertion and use that assertion to establish a remote access VPN session toward the affected device with the identity and permissions of the hijacked user, resulting in access to the protected network.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-26941Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2023-51373Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Google Photos Gallery with Shortcodes: from n/a through 4.0.2. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-43728Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-43767Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-2996The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3087The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-2805The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-32489 Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges.   CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-51023TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-27812bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2023-24117Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth_5g parameter at /goform/WifiBasicSet.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-22715Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-21315In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-3987A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235608.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20008A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H7.11.85.2HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2023-1110The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-37240 Vulnerability of missing input length verification in the distributed file system. Successful exploitation of this vulnerability may cause out-of-bounds read. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H9.13.95.2CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONEHIGH
CVE-2023-7040A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The manipulation of the argument oldName leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248689 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-32306Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in `ttReportHelper.class.php` from version 1.22.13.5792.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-26595Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-1251Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-31140OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication (2FA) device for an account, existing logged in sessions for that user account are not terminated. Likewise, if an administrators creates a mobile phone 2FA device on behalf of a user, their existing sessions are not terminated. The issue has been resolved in OpenProject version 12.5.4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround, users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2023-28554Information Disclosure in Qualcomm IPC while reading values from shared memory in VM.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-25938 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2529The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-46240CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-5462A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Modbus Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-241585 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-35060Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33082Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-22480KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-1987A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is the function update_order_status of the file /classes/Master.php?f=update_order_status. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225535.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-31412The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-35769Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-45750Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-33938Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-0102LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2023-22341On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-28360An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-6757A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /adplanet/PlanetUser of the component API. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247885 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-2946Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-25289Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-27239Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-29516XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on `XWiki.AttachmentSelector` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping in the "Cancel and return to page" button. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. There are no known workarounds for this vulnerability. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2348A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227591.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-45853MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5555Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203f.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-49402Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-29060The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H5.70.94.7MEDIUM2024-12-09T08:00ZPHYSICALLOWNONENONEUNCHANGEDLOWLOWHIGH
CVE-2023-26942Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2023-49825Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-6570Server-Side Request Forgery (SSRF) in kubeflow/kubeflowCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-7220A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3392The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-46259An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2422A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N7.12.84.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHLOWNONE
CVE-2023-1684A vulnerability was found in HadSky 7.7.16. It has been classified as problematic. This affects an unknown part of the file upload/index.php?c=app&a=superadmin:index. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224241 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-2837Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-0443The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-40131In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-09T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-39611An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-6013H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-33003A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2023-50180An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-27513Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-6526The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-26283IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-6524The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-2056A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-43826Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-22973A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-26061An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-25428A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-35676In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-46311Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N6.51.25.2MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-49371RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-25668TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38050A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-1780The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-3878A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235240.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-39318The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4512CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture fileCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-47326Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-28400mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-46176IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5196Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-23397Microsoft Outlook Elevation of Privilege VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-30948A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-38198acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-42541Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2023-0014SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-0078The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege usersCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-44961SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-2231A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-49567A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N6.81.65.2MEDIUM2024-12-09T08:00ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHNONE
CVE-2023-27450Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-23531The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H8.61.86.0HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2023-23646Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-46503Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-36755A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5653The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in adminsCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-37239Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-40251Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-09T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-46954SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-29196Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an attacker succeeds in embedding Javascript that does pass the CSP, it could result in session hijacking for any users that view the attacker’s post. The vulnerability is patched in the latest tests-passed, beta and stable branches. Users are advised to upgrade. Users unable to upgrade should enable and/or restore your site's CSP to the default one provided with Discourse. Remove any embed-able hosts configured.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-30872Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N6.51.25.2MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHNONE
CVE-2023-0887A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The associated identifier of this vulnerability is VDB-221351.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-43722Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_groups_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-39419A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-27119WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-23688Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-23370An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.1.0.0518 and later CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2023-5282A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file seed_message_student.php. The manipulation of the argument teacher_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240910 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-21152In FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269174022References: N/ACVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-5808SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-29850SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-48668 Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC. CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-23277Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-27470BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-09T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-21505Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N8.63.94.0HIGH2024-12-09T08:00ZNETWORKLOWNONENONECHANGEDNONEHIGHNONE
CVE-2023-41030Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-26281IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-42096Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21880.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-44191 An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-44256A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-3578A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file co_do.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233371.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-1839The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-5073The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-1963A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php of the component Search. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225359.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-35005In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-46705in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-33617An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-32549Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-27973Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-42453Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2023-4746A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. This affects the function Validity_check. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the impact is to bypass the validation which leads to to OS command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238635.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-30399Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-09T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38633A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-0579The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-52173XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-3972A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-52133Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhileTrue Most And Least Read Posts Widget.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.16. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-27385Heap-based buffer overflow vulnerability exists in CX-Drive All models all versions. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed. CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-0927Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-46845EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-46409TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-29058A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2023-41678A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-37527A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-4314The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-09T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-48705Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's `mark_safe()` API when rendering certain types of user-authored content; including custom links, job buttons, and computed fields; it is possible that users with permission to create or edit these types of content could craft a malicious payload (such as JavaScript code) that would be executed when rendering pages containing this content. The maintainers have fixed the incorrect uses of `mark_safe()` (generally by replacing them with appropriate use of `format_html()` instead) to prevent such malicious data from being executed. Users on Nautobot 1.6.x LTM should upgrade to v1.6.6 and users on Nautobot 2.0.x should upgrade to v2.0.5. Appropriate object permissions can and should be applied to restrict which users are permitted to create or edit the aforementioned types of user-authored content. Other than that, there is no direct workaround available.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-50712Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.3.7 of iris-web. No known workarounds are available.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-47544Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.12 versions.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-30186A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-46435Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-20859In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-31014NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution.CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L4.81.33.4MEDIUM2024-12-09T08:00ZLOCALLOWLOWREQUIREDUNCHANGEDLOWLOWLOW
CVE-2023-51541Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uroševic Stock Ticker allows Stored XSS.This issue affects Stock Ticker: from n/a through 3.23.4. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-2819A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. ?This could result in arbitrary javascript code execution in an admin context.?All versions prior to 5.10.0 are affected.? CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.31.22.7MEDIUM2024-12-09T08:00ZADJACENT_NETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-21401In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-24698Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-22308An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-39924Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin <= 6.1.9 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-3655cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-43793Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-34477Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-5491A vulnerability, which was classified as critical, has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This issue affects some unknown processing of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241643. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-33879In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2023-25526NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-24994A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19816)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-27956The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2023-28411Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-0936A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-34158Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2023-41419An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38623Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `vindex_offset` array.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-26439The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-50651TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-49801Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-28482An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-31366Improper input validation in AMD ?Prof could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-30786Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benjamin Guy Captcha Them All plugin <= 1.3.3 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-23343A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-29693H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-31025NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-22915A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-20898Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash. CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H7.81.16.0HIGH2024-12-09T08:00ZLOCALHIGHLOWNONECHANGEDHIGHHIGHHIGH
CVE-2023-2772A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/manage_budget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-229278 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-45810OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2023-2876Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-6567The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-37376A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051)CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-32041Windows Update Orchestrator Service Information Disclosure VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-52271The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time).CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H6.52.04.0MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONECHANGEDNONENONEHIGH
CVE-2023-20793In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H4.40.83.6MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDNONENONEHIGH
CVE-2023-34388An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-50291Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue:   '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*' CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-45604Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Scott Reilly Get Custom Field Values plugin <= 4.0.1 versions.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-09T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2023-36386A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the get_elements parameters.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-09T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2023-40705Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-09T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2023-0875The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-49092RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-09T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-5700A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243138 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-32432A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2023-27279IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-25900Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2023-2977A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H7.11.85.2HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONEHIGH
CVE-2023-30086Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-28182The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2023-46014SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2023-36308disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenceCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2023-20727In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-09T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2023-41090Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H6.40.55.9MEDIUM2024-12-09T08:00ZLOCALHIGHHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-38688twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-09T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2023-32638Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2023-45169IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-09T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2023-3932An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-09T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-42948Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-23834Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-41735SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-21670Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7417The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2024-38435Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of serviceCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-35154IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-43846In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases: Without and with hints, where hints are a pre-computed recommendation on how to aggregate the provided objects. Nesting is not possible in the first case due to a check that prevents it, but in the second case there is no check because the assumption is that nesting cannot happen when creating objects based on hints. The violation of this assumption leads to various warnings and eventually to a general protection fault [1]. Before fixing the root cause, error out when nesting happens and warn. [1] general protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80 [...] Call Trace: <TASK> mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270 mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-24399An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-47449Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2024-50020In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() This patch addresses an issue with improper reference count handling in the ice_sriov_set_msix_vec_count() function. First, the function calls ice_get_vf_by_id(), which increments the reference count of the vf pointer. If the subsequent call to ice_get_vf_vsi() fails, the function currently returns an error without decrementing the reference count of the vf pointer, leading to a reference count leak. The correct behavior, as implemented in this patch, is to decrement the reference count using ice_put_vf(vf) before returning an error when vsi is NULL. Second, the function calls ice_sriov_get_irqs(), which sets vf->first_vector_idx. If this call returns a negative value, indicating an error, the function returns an error without decrementing the reference count of the vf pointer, resulting in another reference count leak. The patch addresses this by adding a call to ice_put_vf(vf) before returning an error when vf->first_vector_idx < 0. This bug was identified by an experimental static analysis tool developed by our team. The tool specializes in analyzing reference count operations and identifying potential mismanagement of reference counts. In this case, the tool flagged the missing decrement operation as a potential issue, leading to this patch.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-9751Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24468.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-7531Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2024-41830Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-30086Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-24015A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exitCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-0585The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-21536Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-40322An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/dataCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-41715The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2024-11074A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file /incadd.php. The manipulation of the argument inccat/desc/date/amount leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "inccat" to be affected. But it must be assumed "desc", "date", and "amount" are affected as well.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-25417flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-0703The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-10886The Tribute Testimonials – WordPress Testimonial Grid/Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tribute_testimonials_slider' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N6.43.12.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDLOWLOWNONE
CVE-2024-1194A vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-43896In the Linux kernel, the following vulnerability has been resolved: ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL Call efi_rt_services_supported() to check that efi.get_variable exists before calling it.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-51076A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-10427A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /deleteanimal.php. The manipulation of the argument t1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "refno" to be affected. But further inspection indicates that the name of the affected parameter is "t1".CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-24308SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-41237A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-50023In the Linux kernel, the following vulnerability has been resolved: net: phy: Remove LED entry from LEDs list on unregister Commit c938ab4da0eb ("net: phy: Manual remove LEDs to ensure correct ordering") correctly fixed a problem with using devm_ but missed removing the LED entry from the LEDs list. This cause kernel panic on specific scenario where the port for the PHY is torn down and up and the kmod for the PHY is removed. On setting the port down the first time, the assosiacted LEDs are correctly unregistered. The associated kmod for the PHY is now removed. The kmod is now added again and the port is now put up, the associated LED are registered again. On putting the port down again for the second time after these step, the LED list now have 4 elements. With the first 2 already unregistered previously and the 2 new one registered again. This cause a kernel panic as the first 2 element should have been removed. Fix this by correctly removing the element when LED is unregistered.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-38043PowerShell Elevation of Privilege VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-46942In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2024-34344Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Users who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page. Since web pages can send requests to arbitrary addresses, a malicious web page can repeatedly try to exploit this vulnerability, which then triggers the exploit when the test server starts.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-9462The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N5.52.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONECHANGEDLOWLOWNONE
CVE-2024-0265A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-35701Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.13.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-45610GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form. Upgrade to 10.0.17.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-0688The "WebSub (FKA. PubSubHubbub)" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-1661A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-20012In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H6.70.85.9MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7616A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-35713Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through 10.1.1.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-27820The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-37898XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the page is moved into the recycle bin and can be restored from there by an admin. As the user is recorded as deleter, the user would in theory also be able to view the deleted content, but this is not directly possible as rights of the previous version are transferred to the new page and thus the user still doesn't have view right on the page. It therefore doesn't seem to be possible to exploit this to gain any rights. This has been patched in XWiki 14.10.21, 15.5.5 and 15.10.6 by cancelling save operations by users when a new document shall be saved despite the document's existing already.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2024-48997SQL Server Native Client Remote Code Execution VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-37999A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-28762IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-21459Information disclosure while handling beacon or probe response frame in STA.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-21279Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sourcing accessible data as well as unauthorized access to critical data or complete access to all Oracle Sourcing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2024-31842An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-0086NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-1026A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-252293 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-11447The Community by PeepSo – Download from PeepSo.com plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filter’ parameter in all versions up to, and including, 6.4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-26600In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Ethernet gadget triggering a wakeup for example: configfs-gadget.g1 gadget.0: ECM Suspend configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup ... Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute ... PC is at 0x0 LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc] ... musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core] usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether] eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4 sch_direct_xmit from __dev_queue_xmit+0x334/0xd88 __dev_queue_xmit from arp_solicit+0xf0/0x268 arp_solicit from neigh_probe+0x54/0x7c neigh_probe from __neigh_event_send+0x22c/0x47c __neigh_event_send from neigh_resolve_output+0x14c/0x1c0 neigh_resolve_output from ip_finish_output2+0x1c8/0x628 ip_finish_output2 from ip_send_skb+0x40/0xd8 ip_send_skb from udp_send_skb+0x124/0x340 udp_send_skb from udp_sendmsg+0x780/0x984 udp_sendmsg from __sys_sendto+0xd8/0x158 __sys_sendto from ret_fast_syscall+0x0/0x58 Let's fix the issue by checking for send_srp() and set_vbus() before calling them. For USB peripheral only cases these both could be NULL.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-10928A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-50026In the Linux kernel, the following vulnerability has been resolved: scsi: wd33c93: Don't use stale scsi_pointer value A regression was introduced with commit dbb2da557a6a ("scsi: wd33c93: Move the SCSI pointer to private command data") which results in an oops in wd33c93_intr(). That commit added the scsi_pointer variable and initialized it from hostdata->connected. However, during selection, hostdata->connected is not yet valid. Fix this by getting the current scsi_pointer from hostdata->selecting.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-50201In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix encoder->possible_clones Include the encoder itself in its possible_clones bitmask. In the past nothing validated that drivers were populating possible_clones correctly, but that changed in commit 74d2aacbe840 ("drm: Validate encoder->possible_clones"). Looks like radeon never got the memo and is still not following the rules 100% correctly. This results in some warnings during driver initialization: Bogus possible_clones: [ENCODER:46:TV-46] possible_clones=0x4 (full encoder mask=0x7) WARNING: CPU: 0 PID: 170 at drivers/gpu/drm/drm_mode_config.c:615 drm_mode_config_validate+0x113/0x39c ... (cherry picked from commit 3b6e7d40649c0d75572039aff9d0911864c689db)CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-9484An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-23647Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the code_challenge parameter to the authorization request and adds the code_verifier parameter to the token request. Prior to 2023.8.7 and 2023.10.7, a downgrade scenario is possible: if the attacker removes the code_challenge parameter from the authorization request, authentik will not do the PKCE check. Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. Versions 2023.8.7 and 2023.10.7 fix the issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-21759An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2024-24332TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-4071A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261797 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-44165A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-49954In the Linux kernel, the following vulnerability has been resolved: static_call: Replace pointless WARN_ON() in static_call_module_notify() static_call_module_notify() triggers a WARN_ON(), when memory allocation fails in __static_call_add_module(). That's not really justified, because the failure case must be correctly handled by the well known call chain and the error code is passed through to the initiating userspace application. A memory allocation fail is not a fatal problem, but the WARN_ON() takes the machine out when panic_on_warn is set. Replace it with a pr_warn().CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-37216Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-42951Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the mit_pptpusrpw parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-7004Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2024-51495LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwrite_ip" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is visited, potentially compromising the accounts of other users. This vulnerability is fixed in 24.10.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-21190Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2024-9552A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been rated as critical. Affected by this issue is the function formSetWanNonLogin of the file /goform/formSetWanNonLogin. The manipulation of the argument webpage leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-10189The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-21248Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L).CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L5.31.13.7MEDIUM2024-12-08T08:00ZLOCALHIGHLOWNONECHANGEDLOWLOWLOW
CVE-2024-10158A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function session_start. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-23652BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.13.95.2CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHHIGH
CVE-2024-49866In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ``` ODEBUG: init active (active state 0) object: ffff888237c2e108 object type: hrtimer hint: timerlat_irq+0x0/0x220 WARNING: CPU: 0 PID: 426 at lib/debugobjects.c:518 debug_print_object+0x7d/0xb0 Modules linked in: CPU: 0 UID: 0 PID: 426 Comm: timerlat/1 Not tainted 6.11.0-rc7+ #45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:debug_print_object+0x7d/0xb0 ... Call Trace: <TASK> ? __warn+0x7c/0x110 ? debug_print_object+0x7d/0xb0 ? report_bug+0xf1/0x1d0 ? prb_read_valid+0x17/0x20 ? handle_bug+0x3f/0x70 ? exc_invalid_op+0x13/0x60 ? asm_exc_invalid_op+0x16/0x20 ? debug_print_object+0x7d/0xb0 ? debug_print_object+0x7d/0xb0 ? __pfx_timerlat_irq+0x10/0x10 __debug_object_init+0x110/0x150 hrtimer_init+0x1d/0x60 timerlat_main+0xab/0x2d0 ? __pfx_timerlat_main+0x10/0x10 kthread+0xb7/0xe0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x40 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ``` After tracing the scheduling event, it was discovered that the migration of the "timerlat/1" thread was performed during thread creation. Further analysis confirmed that it is because the CPU online processing for osnoise is implemented through workers, which is asynchronous with the offline processing. When the worker was scheduled to create a thread, the CPU may has already been removed from the cpu_online_mask during the offline process, resulting in the inability to select the right CPU: T1 | T2 [CPUHP_ONLINE] | cpu_device_down() osnoise_hotplug_workfn() | | cpus_write_lock() | takedown_cpu(1) | cpus_write_unlock() [CPUHP_OFFLINE] | cpus_read_lock() | start_kthread(1) | cpus_read_unlock() | To fix this, skip online processing if the CPU is already offline.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H4.71.03.6MEDIUM2024-12-08T08:00ZLOCALHIGHLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-6859The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-23622A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-6791A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versions.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-7831** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_get_cooliris of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument path leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-22923SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-1355A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.12.36.0CRITICAL2024-12-08T08:00ZNETWORKLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2024-36979In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path (br forward delay timer). Fix the rcu usage and also make sure we are not accessing freed memory by making br_mst_vlan_set_state use rcu read lock. [1] WARNING: suspicious RCU usage 6.9.0-rc6-syzkaller #0 Not tainted ----------------------------- net/bridge/br_private.h:1599 suspicious rcu_dereference_protected() usage! ... stack backtrace: CPU: 1 PID: 8017 Comm: syz-executor.1 Not tainted 6.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712 nbp_vlan_group net/bridge/br_private.h:1599 [inline] br_mst_set_state+0x1ea/0x650 net/bridge/br_mst.c:105 br_set_state+0x28a/0x7b0 net/bridge/br_stp.c:47 br_forward_delay_timer_expired+0x176/0x440 net/bridge/br_stp_timer.c:88 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1793 expire_timers kernel/time/timer.c:1844 [inline] __run_timers kernel/time/timer.c:2418 [inline] __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2429 run_timer_base kernel/time/timer.c:2438 [inline] run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2448 __do_softirq+0x2c6/0x980 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758 Code: 2b 00 74 08 4c 89 f7 e8 ba d1 84 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 RSP: 0018:ffffc90013657100 EFLAGS: 00000206 RAX: 0000000000000001 RBX: 1ffff920026cae2c RCX: 0000000000000001 RDX: dffffc0000000000 RSI: ffffffff8bcaca00 RDI: ffffffff8c1eaa60 RBP: ffffc90013657260 R08: ffffffff92efe507 R09: 1ffffffff25dfca0 R10: dffffc0000000000 R11: fffffbfff25dfca1 R12: 1ffff920026cae28 R13: dffffc0000000000 R14: ffffc90013657160 R15: 0000000000000246CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-25566An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacksCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-0473A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-47608Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-43496Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-0133NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N3.41.61.4LOW2024-12-08T08:00ZNETWORKHIGHNONEREQUIREDCHANGEDNONELOWNONE
CVE-2024-11463The DeBounce Email Validator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from', 'to', and 'key' parameters in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-43759Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2024-43534Windows Graphics Component Information Disclosure VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2024-0841A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7008Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-38570In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Commit fb6791d100d1b started exploiting this behavior to speed up filesystem unmount: gfs2 would simply free glocks it didn't want to unlock and then release the lockspace. This didn't take the bast callbacks for asynchronous lock contention notifications into account, which remain active until until a lock is unlocked or its lockspace is released. To prevent those callbacks from accessing deallocated objects, put the glocks that should not be unlocked on the sd_dead_glocks list, release the lockspace, and only then free those glocks. As an additional measure, ignore unexpected ast and bast callbacks if the receiving glock is dead.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-43463Microsoft Office Visio Remote Code Execution VulnerabilityCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-22417Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 in `requests.py`. The returned contents of the URL are then passed to and reflected back to the user in the `send_file` function on line 484, together with the user-controlled `src_type`, which allows the attacker to control the HTTP response content type leading to a cross-site scripting vulnerability. An attacker could craft a special URL to point to a malicious website and send the link to a victim. The fact that the link would contain a trusted domain (e.g. from one of public Whoogle instances) could be used to trick the user into clicking the link. The malicious website could, for example, be a copy of a real website, meant to steal a person’s credentials to the website, or trick that person in another way. Version 0.8.4 contains a patch for this issue.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-0573A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-34481drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-53067In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Start the RTC update work later The RTC update work involves runtime resuming the UFS controller. Hence, only start the RTC update work after runtime power management in the UFS driver has been fully initialized. This patch fixes the following kernel crash: Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP Workqueue: events ufshcd_rtc_work Call trace: _raw_spin_lock_irqsave+0x34/0x8c (P) pm_runtime_get_if_active+0x24/0x9c (L) pm_runtime_get_if_active+0x24/0x9c ufshcd_rtc_work+0x138/0x1b4 process_one_work+0x148/0x288 worker_thread+0x2cc/0x3d4 kthread+0x110/0x114 ret_from_fork+0x10/0x20CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-21649The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7871SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-6649A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function save_users of the file Users.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271057 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2024-43380fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-0421The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2024-38562In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used, request->n_channels must be set. Additionally, address calculations for memory after the "channels" array need to be calculated from the allocation base ("request") rather than via the first "out of bounds" index of "channels", otherwise run-time bounds checking will throw a warning.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-31835Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-9918A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-37958Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Meks Meks Smart Author Widget allows Stored XSS.This issue affects Meks Smart Author Widget: from n/a through 1.1.4.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-49951In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed If mgmt_index_removed is called while there are commands queued on cmd_sync it could lead to crashes like the bellow trace: 0x0000053D: __list_del_entry_valid_or_report+0x98/0xdc 0x0000053D: mgmt_pending_remove+0x18/0x58 [bluetooth] 0x0000053E: mgmt_remove_adv_monitor_complete+0x80/0x108 [bluetooth] 0x0000053E: hci_cmd_sync_work+0xbc/0x164 [bluetooth] So while handling mgmt_index_removed this attempts to dequeue commands passed as user_data to cmd_sync.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-8869A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-38314IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-45271An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-33973SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/report/attendance_print.php' parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-10422A vulnerability, which was classified as critical, has been found in SourceCodester Attendance and Payroll System 1.0. This issue affects some unknown processing of the file /admin/overtime_add.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-22860Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-8916The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-38546In the Linux kernel, the following vulnerability has been resolved: drm: vc4: Fix possible null pointer dereference In vc4_hdmi_audio_init() of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-0422A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /new_item of the component New Item Creation Page. The manipulation of the argument new_item leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250441 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-9090A vulnerability was found in SourceCodester Modern Loan Management System 1.0. It has been classified as critical. Affected is an unknown function of the file search_member.php. The manipulation of the argument searchMember leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-24559Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2024-23325Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-46593Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-27799This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2024-29509Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-10468Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H5.31.63.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2024-46261cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-47699In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() Patch series "nilfs2: fix potential issues with empty b-tree nodes". This series addresses three potential issues with empty b-tree nodes that can occur with corrupted filesystem images, including one recently discovered by syzbot. This patch (of 3): If a b-tree is broken on the device, and the b-tree height is greater than 2 (the level of the root node is greater than 1) even if the number of child nodes of the b-tree root is 0, a NULL pointer dereference occurs in nilfs_btree_prepare_insert(), which is called from nilfs_btree_insert(). This is because, when the number of child nodes of the b-tree root is 0, nilfs_btree_do_lookup() does not set the block buffer head in any of path[x].bp_bh, leaving it as the initial value of NULL, but if the level of the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(), which accesses the buffer memory of path[x].bp_bh, is called. Fix this issue by adding a check to nilfs_btree_root_broken(), which performs sanity checks when reading the root node from the device, to detect this inconsistency. Thanks to Lizhi Xu for trying to solve the bug and clarifying the cause early on.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-46699In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable preemption while updating GPU stats We forgot to disable preemption around the write_seqcount_begin/end() pair while updating GPU stats: [ ] WARNING: CPU: 2 PID: 12 at include/linux/seqlock.h:221 __seqprop_assert.isra.0+0x128/0x150 [v3d] [ ] Workqueue: v3d_bin drm_sched_run_job_work [gpu_sched] <...snip...> [ ] Call trace: [ ] __seqprop_assert.isra.0+0x128/0x150 [v3d] [ ] v3d_job_start_stats.isra.0+0x90/0x218 [v3d] [ ] v3d_bin_job_run+0x23c/0x388 [v3d] [ ] drm_sched_run_job_work+0x520/0x6d0 [gpu_sched] [ ] process_one_work+0x62c/0xb48 [ ] worker_thread+0x468/0x5b0 [ ] kthread+0x1c4/0x1e0 [ ] ret_from_fork+0x10/0x20 Fix it.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-50208In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non MR resources when num_pages > 256K. There will be a single PDE page address (contiguous pages in the case of > PAGE_SIZE), but, current logic assumes multiple pages, leading to invalid memory access after 256K PBL entries in the PDE.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-10669The Countdown Timer block – Display the event&#039;s date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2024-47751In the Linux kernel, the following vulnerability has been resolved: PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Within kirin_pcie_parse_port(), the pcie->num_slots is compared to pcie->gpio_id_reset size (MAX_PCI_SLOTS) which is correct and would lead to an overflow. Thus, fix condition to pcie->num_slots + 1 >= MAX_PCI_SLOTS and move pcie->num_slots increment below the if-statement to avoid out-of-bounds array access. Found by Linux Verification Center (linuxtesting.org) with SVACE. [kwilczynski: commit log]CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-2350The Clever Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CAFE Icon, CAFE Team Member, and CAFE Slider widgets in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-6763Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2024-43823In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() If IORESOURCE_MEM is not provided in Device Tree due to any error, resource_list_first_type() will return NULL and pci_parse_request_of_pci_ranges() will just emit a warning. This will cause a NULL pointer dereference. Fix this bug by adding NULL return check. Found by Linux Verification Center (linuxtesting.org) with SVACE.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-45429Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script may be executed on the web browser of the logged-in user with the same privilege as the attacker's.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-36992In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-47128The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2024-8519The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-22229 Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2024-6438A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-270166 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-5942The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to clone and read private posts.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2024-49769Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-0684A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-42354Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1 and 6.5.8.13, the processing of the Criteria did not considered ManyToMany associations and so they were not considered properly and the protections didn't get used. This issue cannot be reproduced with the default entities by Shopware, but can be triggered with extensions. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-7049In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N5.42.82.5MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWNONE
CVE-2024-50833A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-28115FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-42085In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock When config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system to enter suspend status with below command: echo mem > /sys/power/state There will be a deadlock issue occurring. Detailed invoking path as below: dwc3_suspend_common() spin_lock_irqsave(&dwc->lock, flags); <-- 1st dwc3_gadget_suspend(dwc); dwc3_gadget_soft_disconnect(dwc); spin_lock_irqsave(&dwc->lock, flags); <-- 2nd This issue is exposed by commit c7ebd8149ee5 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend") that removes the code of checking whether dwc->gadget_driver is NULL or not. It causes the following code is executed and deadlock occurs when trying to get the spinlock. In fact, the root cause is the commit 5265397f9442("usb: dwc3: Remove DWC3 locking during gadget suspend/resume") that forgot to remove the lock of otg mode. So, remove the redundant lock of otg mode during gadget suspend/resume.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-51739Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. Users unable to upgrade may overload the dictionary entry `"UI:ResetPwd-Error-WrongLogin"` through an extension and replace it with a generic message.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2024-10881The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N6.43.12.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDLOWLOWNONE
CVE-2024-7599The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-0288A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. This affects an unknown part of the file rawstock_used_damaged_submit.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249849 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-50161In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining info_cnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, it doesn't check the remaining info_cnt. The following splat will be reported when the value of ret * nelems is greater than BTF_FIELDS_MAX: ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in ../kernel/bpf/btf.c:3951:49 index 11 is out of range for type 'btf_field_info [11]' CPU: 6 UID: 0 PID: 411 Comm: test_progs ...... 6.11.0-rc4+ #1 Tainted: [O]=OOT_MODULE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ... Call Trace: <TASK> dump_stack_lvl+0x57/0x70 dump_stack+0x10/0x20 ubsan_epilogue+0x9/0x40 __ubsan_handle_out_of_bounds+0x6f/0x80 ? kallsyms_lookup_name+0x48/0xb0 btf_parse_fields+0x992/0xce0 map_create+0x591/0x770 __sys_bpf+0x229/0x2410 __x64_sys_bpf+0x1f/0x30 x64_sys_call+0x199/0x9f0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7fea56f2cc5d ...... </TASK> ---[ end trace ]--- Fix it by checking the remaining info_cnt in btf_repeat_fields() before repeating the btf fields.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-11528IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24602.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-39425Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.01.05.9HIGH2024-12-08T08:00ZLOCALHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-45467A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-41940A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.12.36.0CRITICAL2024-12-08T08:00ZNETWORKLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2024-48996SQL Server Native Client Remote Code Execution VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-47594SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-23172An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-9567A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. This issue affects the function formAdvFirewall of the file /goform/formAdvFirewall. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-37480Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions apollo13-framework-extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.3.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-23467The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-24507Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-51378getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-43975Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-45372MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2024-23223A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data.CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.22.53.6MEDIUM2024-12-08T08:00ZLOCALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-0646An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-23112An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2024-41957Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L5.31.83.4MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDLOWLOWLOW
CVE-2024-23261A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another user.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-45765Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-5958Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection.This issue affects Panel: before v2.3.24.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-49693Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.6.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-22051CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-41730In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7283A vulnerability, which was classified as critical, has been found in SourceCodester Lot Reservation Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273152.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-8841PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24432.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2024-50312A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2024-10621The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N6.43.12.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDLOWLOWNONE
CVE-2024-25318Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-50488Authentication Bypass Using an Alternate Path or Channel vulnerability in Priyabrata Sarkar Token Login allows Authentication Bypass.This issue affects Token Login: from n/a through 1.0.3.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-20415A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-34753Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2024-0664The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-8075A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-42566School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.phpCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-42572School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-42030Access permission verification vulnerability in the content sharing pop-up module Impact: Successful exploitation of this vulnerability may affect service confidentiality.CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.22.53.6MEDIUM2024-12-08T08:00ZLOCALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-1167 When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-0812Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-42906TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-25360A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2024-30466Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-9681When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. (The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. If `example.com` for example stops supporting HTTPS at its expiry time, curl might then fail to access `http://example.com` until the (wrongly set) timeout expires. This bug can also expire the parent's entry *earlier*, thus making curl inadvertently switch back to insecure HTTP earlier than otherwise intended.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L6.52.24.2MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDNONEHIGHLOW
CVE-2024-40770A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2024-22593FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_saveCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-11370The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-37352There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the vulnerable page. The scope is unchanged, there is no loss of confidentiality. Impact to system integrity is high, impact to system availability is none.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N3.41.70000000000000021.4LOW2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDNONELOWNONE
CVE-2024-38057Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-46762In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and privcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd created and added to the irqfds_list by privcmd_irqfd_assign() may get removed by another thread executing privcmd_irqfd_deassign(), while the former is still using it after dropping the locks. This can lead to a situation where an already freed kirqfd instance may be accessed and cause kernel oops. Use SRCU locking to prevent the same, as is done for the KVM implementation for irqfds.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-40952In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb. This introduces the following NULL pointer dereference in ocfs2_journal_dirty() since b_assoc_map is still not initialized. This can be easily reproduced by running xfstests generic/186, which simulate no more credits. [ 134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000 ... [ 134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2] ... [ 134.365071] Call Trace: [ 134.365312] <TASK> [ 134.365524] ? __die_body+0x1e/0x60 [ 134.365868] ? page_fault_oops+0x13d/0x4f0 [ 134.366265] ? __pfx_bit_wait_io+0x10/0x10 [ 134.366659] ? schedule+0x27/0xb0 [ 134.366981] ? exc_page_fault+0x6a/0x140 [ 134.367356] ? asm_exc_page_fault+0x26/0x30 [ 134.367762] ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2] [ 134.368305] ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2] [ 134.368837] ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2] [ 134.369454] ocfs2_grow_tree+0x688/0x8a0 [ocfs2] [ 134.369927] ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2] [ 134.370521] ocfs2_split_extent+0x314/0x4d0 [ocfs2] [ 134.371019] ocfs2_change_extent_flag+0x174/0x410 [ocfs2] [ 134.371566] ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2] [ 134.372117] ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2] [ 134.372994] ? inode_update_timestamps+0x4a/0x120 [ 134.373692] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.374545] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.375393] ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2] [ 134.376197] ocfs2_remap_file_range+0x1de/0x390 [ocfs2] [ 134.376971] ? security_file_permission+0x29/0x50 [ 134.377644] vfs_clone_file_range+0xfe/0x320 [ 134.378268] ioctl_file_clone+0x45/0xa0 [ 134.378853] do_vfs_ioctl+0x457/0x990 [ 134.379422] __x64_sys_ioctl+0x6e/0xd0 [ 134.379987] do_syscall_64+0x5d/0x170 [ 134.380550] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 134.381231] RIP: 0033:0x7fa4926397cb [ 134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48 [ 134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb [ 134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003 [ 134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000 [ 134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000 [ 134.389207] </TASK> Fix it by only aborting transaction and journal in ocfs2_journal_dirty() now, and leave ocfs2_abort() later when detecting an aborted handle, e.g. start next transaction. Also log the handle details in this case.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-10726The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-47654This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints, which could lead to the OTP bombing on the targeted system.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-22209Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-48993SQL Server Native Client Remote Code Execution VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-40934In the Linux kernel, the following vulnerability has been resolved: HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Fix a memory leak on logi_dj_recv_send_report() error path.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-11521IrfanView DJVU File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DJVU files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24578.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-23243A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2024-7159A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-6225The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-45011In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that the driver may attempt to access exist and are of the correct type. All XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at address 1. This is verified in xillyusb_setup_base_eps(). On top of that, a XillyUSB device may have additional Bulk OUT endpoints. The information about these endpoints' addresses is deduced from a data structure (the IDT) that the driver fetches from the device while probing it. These endpoints are checked in setup_channels(). A XillyUSB device never has more than one IN endpoint, as all data towards the host is multiplexed in this single Bulk IN endpoint. This is why setup_channels() only checks OUT endpoints.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-5976A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. Affected is the function log_employee of the file /classes/Master.php?f=log_employee. The manipulation of the argument employee_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268422 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-0005A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-4474The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attackCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2024-22148Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-7272A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c2 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c2 is able to address this issue. It is recommended to upgrade the affected component.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-10507A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-50530Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.7.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-42985Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-38091Microsoft WS-Discovery Denial of Service VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-6750The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2024-8194Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-8544The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-45230An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-47739In the Linux kernel, the following vulnerability has been resolved: padata: use integer wrap around to prevent deadlock on seq_nr overflow When submitting more than 2^32 padata objects to padata_do_serial, the current sorting implementation incorrectly sorts padata objects with overflowed seq_nr, causing them to be placed before existing objects in the reorder list. This leads to a deadlock in the serialization process as padata_find_next cannot match padata->seq_nr and pd->processed because the padata instance with overflowed seq_nr will be selected next. To fix this, we use an unsigned integer wrap around to correctly sort padata objects in scenarios with integer overflow.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-9670The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-22415jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-22548FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-7016Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smarttek Informatics Smart Doctor allows Stored XSS.This issue affects Smart Doctor: through 21.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-47050Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-49049Visual Studio Code Remote Extension Elevation of Privilege VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2024-4359The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the render_svg function. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-3163The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attackCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2024-34635Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2024-21265Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Site Hierarchy Flows). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Site Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Site Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2024-21903An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and laterCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L4.71.23.4MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDLOWLOWLOW
CVE-2024-43862In the Linux kernel, the following vulnerability has been resolved: net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex The carrier_lock spinlock protects the carrier detection. While it is held, framer_get_status() is called which in turn takes a mutex. This is not correct and can lead to a deadlock. A run with PROVE_LOCKING enabled detected the issue: [ BUG: Invalid wait context ] ... c204ddbc (&framer->mutex){+.+.}-{3:3}, at: framer_get_status+0x40/0x78 other info that might help us debug this: context-{4:4} 2 locks held by ifconfig/146: #0: c0926a38 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x12c/0x664 #1: c2006a40 (&qmc_hdlc->carrier_lock){....}-{2:2}, at: qmc_hdlc_framer_set_carrier+0x30/0x98 Avoid the spinlock usage and convert carrier_lock to a mutex.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-36474An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-44130This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15. An app with root privileges may be able to access private information.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N4.40.83.6MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHNONENONE
CVE-2024-43840In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG When BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls __bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them the struct bpf_tramp_image *im pointer as an argument in R0. The trampoline generation code uses emit_addr_mov_i64() to emit instructions for moving the bpf_tramp_image address into R0, but emit_addr_mov_i64() assumes the address to be in the vmalloc() space and uses only 48 bits. Because bpf_tramp_image is allocated using kzalloc(), its address can use more than 48-bits, in this case the trampoline will pass an invalid address to __bpf_tramp_enter/exit() causing a kernel crash. Fix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64() as it can work with addresses that are greater than 48-bits.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-22705An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-1818A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /uploads/ of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254606 is the identifier assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-0531A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-23972Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23185CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H6.80.95.9MEDIUM2024-12-08T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7360A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring Management System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273339.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-35696Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Reflected XSS.This issue affects WP Docs: from n/a through 2.1.3.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-41132ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-44779A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2024-26050Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-4708mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-41121Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are overwritten. This issue has been addressed in release version 2.7.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-44184A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-43902In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checker before passing variables Checks null pointer before passing variables to functions. This fixes 3 NULL_RETURNS issues reported by Coverity.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-7364A vulnerability has been found in SourceCodester Tracking Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_records.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273343.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-6442In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-36775A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-44796A cross-site scripting (XSS) vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-41144Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate synced posts, when shared channels are enabled,  which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channelsCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L7.12.84.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONEHIGHLOW
CVE-2024-41846Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-8512The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. This is due to the plugin passing user supplied input to eval(). This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.12.36.0CRITICAL2024-12-08T08:00ZNETWORKLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2024-52300macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.02.36.0CRITICAL2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2024-49977In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix zero-division error when disabling tc cbs The commit b8c43360f6e4 ("net: stmmac: No need to calculate speed divider when offload is disabled") allows the "port_transmit_rate_kbps" to be set to a value of 0, which is then passed to the "div_s64" function when tc-cbs is disabled. This leads to a zero-division error. When tc-cbs is disabled, the idleslope, sendslope, and credit values the credit values are not required to be configured. Therefore, adding a return statement after setting the txQ mode to DCB when tc-cbs is disabled would prevent a zero-division error.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-50079In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work When the sqpoll is exiting and cancels pending work items, it may need to run task_work. If this happens from within io_uring_cancel_generic(), then it may be under waiting for the io_uring_task waitqueue. This results in the below splat from the scheduler, as the ring mutex may be attempted grabbed while in a TASK_INTERRUPTIBLE state. Ensure that the task state is set appropriately for that, just like what is done for the other cases in io_run_task_work(). do not call blocking ops when !TASK_RUNNING; state=1 set at [<0000000029387fd2>] prepare_to_wait+0x88/0x2fc WARNING: CPU: 6 PID: 59939 at kernel/sched/core.c:8561 __might_sleep+0xf4/0x140 Modules linked in: CPU: 6 UID: 0 PID: 59939 Comm: iou-sqp-59938 Not tainted 6.12.0-rc3-00113-g8d020023b155 #7456 Hardware name: linux,dummy-virt (DT) pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) pc : __might_sleep+0xf4/0x140 lr : __might_sleep+0xf4/0x140 sp : ffff80008c5e7830 x29: ffff80008c5e7830 x28: ffff0000d93088c0 x27: ffff60001c2d7230 x26: dfff800000000000 x25: ffff0000e16b9180 x24: ffff80008c5e7a50 x23: 1ffff000118bcf4a x22: ffff0000e16b9180 x21: ffff0000e16b9180 x20: 000000000000011b x19: ffff80008310fac0 x18: 1ffff000118bcd90 x17: 30303c5b20746120 x16: 74657320313d6574 x15: 0720072007200720 x14: 0720072007200720 x13: 0720072007200720 x12: ffff600036c64f0b x11: 1fffe00036c64f0a x10: ffff600036c64f0a x9 : dfff800000000000 x8 : 00009fffc939b0f6 x7 : ffff0001b6327853 x6 : 0000000000000001 x5 : ffff0001b6327850 x4 : ffff600036c64f0b x3 : ffff8000803c35bc x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000e16b9180 Call trace: __might_sleep+0xf4/0x140 mutex_lock+0x84/0x124 io_handle_tw_list+0xf4/0x260 tctx_task_work_run+0x94/0x340 io_run_task_work+0x1ec/0x3c0 io_uring_cancel_generic+0x364/0x524 io_sq_thread+0x820/0x124c ret_from_fork+0x10/0x20CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-44194This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-11455The Include Mastodon Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'include-mastodon-feed' shortcode in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N6.43.12.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDLOWLOWNONE
CVE-2024-10588The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2024-45265A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-23218A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.92.23.6MEDIUM2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-25639Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0.CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-08T08:00ZNETWORKHIGHNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-42376SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-41565JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index in JEI for Minecraft, which allows in-game item duplication.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2024-0813Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-35997In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that. More importantly, this flag can cause a lock-up: if the flag is set in i2c_hid_xfer() and an interrupt happens, the interrupt handler (i2c_hid_irq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop. Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up. Delete this unnecessary flag.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-34593Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-9827A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-31979Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2024-0507An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-45112Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-34684On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read or modify the remote server files.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N6.00.85.2MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONEUNCHANGEDHIGHHIGHNONE
CVE-2024-20437A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-42412Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-48253Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-30098Windows Cryptographic Services Security Feature Bypass VulnerabilityCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H7.51.65.9HIGH2024-12-08T08:00ZNETWORKHIGHLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-22380Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2024-37347There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is unchanged, there is no loss of confidentiality. Impact to system integrity is high, impact to system availability is none.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N3.41.70000000000000021.4LOW2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDNONELOWNONE
CVE-2024-51520Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-40902In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer. Fix this all up by properly restricting the size of the debug hex dump in the kernel log.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-35697Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThimPress Eduma allows Reflected XSS.This issue affects Eduma: from n/a through 5.4.7.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-50579In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possibleCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-49632Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Coral Web Design CWD 3D Image Gallery allows Reflected XSS.This issue affects CWD 3D Image Gallery: from n/a through 1.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-5452A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `deepdiff.Delta` objects to modify application state based on frontend actions. However, it is possible to bypass the intended restrictions on modifying dunder attributes, allowing an attacker to construct a serialized delta that passes the deserializer whitelist and contains dunder attributes. When processed, this can be exploited to access other modules, classes, and instances, leading to arbitrary attribute write and total RCE on any self-hosted pytorch-lightning application in its default configuration, as the delta endpoint is enabled by default.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-42481Skyport Daemon (skyportd) is the daemon for the Skyport Panel. By making thousands of folders & files (easy due to skyport's lack of rate limiting on createFolder. createFile), skyportd in a lot of cases will cause 100% CPU usage and an OOM, probably crashing the system. This is fixed in 0.2.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-8850The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-43177IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-9325A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-32668An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H8.21.56.0HIGH2024-12-08T08:00ZLOCALLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2024-4576The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2024-34646Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-47496A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition. This issue only affects MX Series devices with Line cards MPC1-MPC9. This issue affects: Junos OS on MX Series: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-5330The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdance_css_file_paths_cache parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-42861An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization functionCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-49858In the Linux kernel, the following vulnerability has been resolved: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption The TPM event log table is a Linux specific construct, where the data produced by the GetEventLog() boot service is cached in memory, and passed on to the OS using an EFI configuration table. The use of EFI_LOADER_DATA here results in the region being left unreserved in the E820 memory map constructed by the EFI stub, and this is the memory description that is passed on to the incoming kernel by kexec, which is therefore unaware that the region should be reserved. Even though the utility of the TPM2 event log after a kexec is questionable, any corruption might send the parsing code off into the weeds and crash the kernel. So let's use EFI_ACPI_RECLAIM_MEMORY instead, which is always treated as reserved by the E820 conversion logic.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-7907A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-22770Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-49987In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) When netfilter has no entry to display, qsort is called with qsort(NULL, 0, ...). This results in undefined behavior, as UBSan reports: net.c:827:2: runtime error: null pointer passed as argument 1, which is declared to never be null Although the C standard does not explicitly state whether calling qsort with a NULL pointer when the size is 0 constitutes undefined behavior, Section 7.1.4 of the C standard (Use of library functions) mentions: "Each of the following statements applies unless explicitly stated otherwise in the detailed descriptions that follow: If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined." To avoid this, add an early return when nf_link_info is NULL to prevent calling qsort with a NULL pointer.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-38127Windows Hyper-V Elevation of Privilege VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-28947Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H8.21.56.0HIGH2024-12-08T08:00ZLOCALLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2024-7376A vulnerability, which was classified as critical, was found in SourceCodester Simple Realtime Quiz System 1.0. Affected is an unknown function of the file /print_quiz_records.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273360.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-49325Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-10419A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bloodrequest.php. The manipulation of the argument msg leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-50252In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver. Changing the remote address of an ip6gre net device never worked properly, but since cited commit the following reproducer [1] would result in a warning [2] and a memory leak [3]. The problem is that the new remote address is never added by the driver to its hash table (and therefore the device) and the old address is never removed from it. Fix by programming the new address when the configuration of the ip6gre net device changes and removing the old one. If the address did not change, then the above would result in increasing the reference count of the address and then decreasing it. [1] # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit # ip link set dev bla type ip6gre remote 2001:db8:3::1 # ip link del dev bla # devlink dev reload pci/0000:01:00.0 [2] WARNING: CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0 Modules linked in: CPU: 0 UID: 0 PID: 1682 Comm: ip Not tainted 6.12.0-rc3-custom-g86b5b55bc835 #151 Hardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023 RIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0 [...] Call Trace: <TASK> mlxsw_sp_router_netdevice_event+0x55f/0x1240 notifier_call_chain+0x5a/0xd0 call_netdevice_notifiers_info+0x39/0x90 unregister_netdevice_many_notify+0x63e/0x9d0 rtnl_dellink+0x16b/0x3a0 rtnetlink_rcv_msg+0x142/0x3f0 netlink_rcv_skb+0x50/0x100 netlink_unicast+0x242/0x390 netlink_sendmsg+0x1de/0x420 ____sys_sendmsg+0x2bd/0x320 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xd0 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f [3] unreferenced object 0xffff898081f597a0 (size 32): comm "ip", pid 1626, jiffies 4294719324 hex dump (first 32 bytes): 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ............... 21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia............. backtrace (crc fd9be911): [<00000000df89c55d>] __kmalloc_cache_noprof+0x1da/0x260 [<00000000ff2a1ddb>] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340 [<000000009ddd445d>] mlxsw_sp_router_netdevice_event+0x47b/0x1240 [<00000000743e7757>] notifier_call_chain+0x5a/0xd0 [<000000007c7b9e13>] call_netdevice_notifiers_info+0x39/0x90 [<000000002509645d>] register_netdevice+0x5f7/0x7a0 [<00000000c2e7d2a9>] ip6gre_newlink_common.isra.0+0x65/0x130 [<0000000087cd6d8d>] ip6gre_newlink+0x72/0x120 [<000000004df7c7cc>] rtnl_newlink+0x471/0xa20 [<0000000057ed632a>] rtnetlink_rcv_msg+0x142/0x3f0 [<0000000032e0d5b5>] netlink_rcv_skb+0x50/0x100 [<00000000908bca63>] netlink_unicast+0x242/0x390 [<00000000cdbe1c87>] netlink_sendmsg+0x1de/0x420 [<0000000011db153e>] ____sys_sendmsg+0x2bd/0x320 [<000000003b6d53eb>] ___sys_sendmsg+0x9a/0xe0 [<00000000cae27c62>] __sys_sendmsg+0x7a/0xd0CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-7495A vulnerability, which was classified as critical, was found in itsourcecode Laravel Accounting System 1.0. This affects an unknown part of the file app/Http/Controllers/HomeController.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273621 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-44207This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDLOWNONENONE
CVE-2024-21246Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-47700In the Linux kernel, the following vulnerability has been resolved: ext4: check stripe size compatibility on remount as well We disable stripe size in __ext4_fill_super if it is not a multiple of the cluster ratio however this check is missed when trying to remount. This can leave us with cases where stripe < cluster_ratio after remount:set making EXT4_B2C(sbi->s_stripe) become 0 that can cause some unforeseen bugs like divide by 0. Fix that by adding the check in remount path as well.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-23715In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-22130Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation. CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-5686The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-6202HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-39776Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-28872The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected. This issue affects Stork versions 0.15.0 through 1.15.0.CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H8.12.25.9HIGH2024-12-08T08:00ZNETWORKHIGHNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-2813A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-9083A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file /Admin/add-admin.php. The manipulation of the argument txtfullname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-42054Cervantes through 0.5-alpha accepts insecure file uploads.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-25728ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-32856Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N6.01.54.0MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONECHANGEDHIGHNONENONE
CVE-2024-38019Microsoft Windows Performance Data Helper Library Remote Code Execution VulnerabilityCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-47595An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2024-0736A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251559.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-10805A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions a confusing product name to be affected. Other parameters might be affected as well.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-4080A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-11387The Easy Liveblogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elb_liveblog' shortcode in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N6.43.12.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDLOWLOWNONE
CVE-2024-6523A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified as problematic. Affected is an unknown function of the component system-group-add Handler. The manipulation of the argument user with the input <script>alert('XSS')</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-270366 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-9805A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/campsdetails.php. The manipulation of the argument hospital/address/city/contact leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "hospital".CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-49032Microsoft Office Graphics Remote Code Execution VulnerabilityCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-43314Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-45124Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2024-44154A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted file may lead to unexpected app termination.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2024-48251Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-51513Vulnerability of processes not being fully terminated in the VPN module Impact: Successful exploitation of this vulnerability will affect power consumption.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-0758MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-23981Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-08T08:00ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2024-41039In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmware data buffer contained enough bytes for the sums of the size of the structs wmfw_header + wmfw_adsp1_sizes + wmfw_footer But wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and Halo Core the equivalent struct is wmfw_adsp2_sizes, which is 4 bytes longer. So the length check didn't guarantee that there are enough bytes in the firmware buffer for a header with wmfw_adsp2_sizes. This patch splits the length check into three separate parts. Each of the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked separately before they are used.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-47877Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4 will require to implement the new methods that have been added.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2024-25710Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2024-22637Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /form_builder/preview.php?form_id=2.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-9818A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-9379SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-39475In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Handle err return when savagefb_check_var failed The commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock equals zero") checks the value of pixclock to avoid divide-by-zero error. However the function savagefb_probe doesn't handle the error return of savagefb_check_var. When pixclock is 0, it will cause divide-by-zero error.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-45117Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L7.62.34.7HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONECHANGEDHIGHNONELOW
CVE-2024-42949Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-7321A vulnerability classified as problematic was found in itsourcecode Online Blood Bank Management System 1.0. This vulnerability affects unknown code of the file signup.php of the component User Registration Handler. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273232.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-52615A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2024-4477The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site ScriptingCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-24691Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7295In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.22.53.6MEDIUM2024-12-08T08:00ZLOCALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-40960In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f] CPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline] RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758 Code: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19 RSP: 0018:ffffc900034af070 EFLAGS: 00010203 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000 RDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c RBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a R13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000 FS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784 nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496 __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825 find_rr_leaf net/ipv6/route.c:853 [inline] rt6_select net/ipv6/route.c:897 [inline] fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195 ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231 pol_lookup_func include/net/ip6_fib.h:616 [inline] fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121 ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline] ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651 ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147 ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250 rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898 inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_write_iter+0x4b8/0x5c0 net/socket.c:1160 new_sync_write fs/read_write.c:497 [inline] vfs_write+0x6b6/0x1140 fs/read_write.c:590 ksys_write+0x1f8/0x260 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7fCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-22855A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-6135BT:Classic: Multiple missing buf length checksCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-9794A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-8793The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-29472OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-8106The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-41968A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L5.42.82.5MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWLOW
CVE-2024-5840Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2024-37410Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beaver Addons PowerPack Lite for Beaver Builder allows Path Traversal.This issue affects PowerPack Lite for Beaver Builder: from n/a through 1.3.0.3.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-2092The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-38183An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-8714The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.20. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-2816A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONENONEHIGH
CVE-2024-10746A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown part of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-22567File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-5947Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679.CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-50080In the Linux kernel, the following vulnerability has been resolved: ublk: don't allow user copy for unprivileged device UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow user copy for unprivileged device.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-10672The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with editor-level access and above, to delete limited files on the server.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N2.71.21.4LOW2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONELOWNONE
CVE-2024-44959In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization enabled for 'struct inode' we need to avoid overlapping any of the RCU-used / initialized-only-once members, e.g. i_lru or i_sb_list to not corrupt related list traversals when making use of the rcu_head. For an unlucky structure layout of 'struct inode' we may end up with the following splat when running the ftrace selftests: [<...>] list_del corruption, ffff888103ee2cb0->next (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object]) [<...>] ------------[ cut here ]------------ [<...>] kernel BUG at lib/list_debug.c:54! [<...>] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [<...>] CPU: 3 PID: 2550 Comm: mount Tainted: G N 6.8.12-grsec+ #122 ed2f536ca6 [<...>] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 [<...>] RIP: 0010:[<ffffffff84656018>] __list_del_entry_valid_or_report+0x138/0x3e0 [<...>] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff <0f> 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f [<...>] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283 [<...>] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000 [<...>] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001 [<...>] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25 [<...>] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d [<...>] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000 [<...>] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object] [<...>] RDX: __list_del_entry_valid_or_report+0x108/0x3e0 [<...>] RSI: __func__.47+0x4340/0x4400 [<...>] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object] [<...>] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550] [<...>] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550] [<...>] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550] [<...>] R14: tracefs_inode_cache+0x78/0x4e0 [slab object] [<...>] FS: 00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000 [<...>] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [<...>] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0 [<...>] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [<...>] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [<...>] ASID: 0003 [<...>] Stack: [<...>] ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0 [<...>] ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f [<...>] 0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392 [<...>] Call Trace: [<...>] <TASK> [<...>] [<ffffffff818a2315>] ? lock_release+0x175/0x380 fffffe80416afaf0 [<...>] [<ffffffff8248b392>] list_lru_del+0x152/0x740 fffffe80416afb48 [<...>] [<ffffffff8248ba93>] list_lru_del_obj+0x113/0x280 fffffe80416afb88 [<...>] [<ffffffff8940fd19>] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90 [<...>] [<ffffffff8295b244>] iput_final+0x1c4/0x9a0 fffffe80416afbb8 [<...>] [<ffffffff8293a52b>] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8 [<...>] [<ffffffff8293fefc>] __dentry_kill+0x23c/0xf00 fffffe80416afc40 [<...>] [<ffffffff8953a85f>] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48 [<...>] [<ffffffff82949ce5>] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70 [<...>] [<ffffffff82949b71>] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78 [<...>] [<ffffffff82949da8>] shrink_dentry_list+0x288/0x760 fffffe80416afc80 [<...>] [<ffffffff8294ae75>] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8 [<...>] [<ffffffff8953a7c3>] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0 [<...>] [<ffffffff8294ad20>] ? do_one_tre ---truncated---CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-36243in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-25062An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-11675A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-35729Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-8041A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub importer.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-41361RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.phpCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-43628Windows Telephony Service Remote Code Execution VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-4220Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2024-6164The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-22296Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-39010chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-50003In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix system hang while resume with TBT monitor [Why] Connected with a Thunderbolt monitor and do the suspend and the system may hang while resume. The TBT monitor HPD will be triggered during the resume procedure and call the drm_client_modeset_probe() while struct drm_connector connector->dev->master is NULL. It will mess up the pipe topology after resume. [How] Skip the TBT monitor HPD during the resume procedure because we currently will probe the connectors after resume by default. (cherry picked from commit 453f86a269)CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-3114An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-9007A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the argument date1 leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named 94bf9ab7ad. It is recommended to apply a patch to fix this issue.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-11854The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N6.43.12.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDLOWLOWNONE
CVE-2024-42136In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat: [ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 366.027518] Call Trace: [ 366.027523] <TASK> [ 366.027533] dump_stack_lvl+0x93/0xd0 [ 366.027899] handle_overflow+0x171/0x1b0 [ 366.038787] ata1.00: invalid multi_count 32 ignored [ 366.043924] cdrom_ioctl+0x2c3f/0x2d10 [ 366.063932] ? __pm_runtime_resume+0xe6/0x130 [ 366.071923] sr_block_ioctl+0x15d/0x1d0 [ 366.074624] ? __pfx_sr_block_ioctl+0x10/0x10 [ 366.077642] blkdev_ioctl+0x419/0x500 [ 366.080231] ? __pfx_blkdev_ioctl+0x10/0x10 ... Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's rearrange the check to not perform any arithmetic, thus not tripping the sanitizer.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-45788This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-8230A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-44549Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7129The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as adminsCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-47487There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-52043Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation (user enumeration).This issue affects all released HumHub versions: through 1.16.2.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2024-46559Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-51661Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-38287The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-21458Information disclosure while handling SA query action frame.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-43563Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-51517Vulnerability of improper memory access in the phone service module Impact: Successful exploitation of this vulnerability may affect availability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-0641A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-8872The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-22233In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-46980Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve content injection) in a mail client. Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-7443** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-273528. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-21753A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requestsCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H6.01.24.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDLOWLOWHIGH
CVE-2024-37150An issue in `.npmrc` support in Deno 1.44.0 was discovered where Deno would send `.npmrc` credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different domain. All users relying on .npmrc are potentially affected by this vulnerability if their private registry references tarball URLs at a different domain. This includes usage of deno install subcommand, auto-install for npm: specifiers and LSP usage. It is recommended to upgrade to Deno 1.44.1 and if your private registry ever serves tarballs at a different domain to rotate your registry credentials.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2024-11506IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22169.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-26899In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between bd_link_disk_holder and partition scan 'open_mutex' of gendisk is used to protect open/close block devices. But in bd_link_disk_holder(), it is used to protect the creation of symlink between holding disk and slave bdev, which introduces some issues. When bd_link_disk_holder() is called, the driver is usually in the process of initialization/modification and may suspend submitting io. At this time, any io hold 'open_mutex', such as scanning partitions, can cause deadlocks. For example, in raid: T1 T2 bdev_open_by_dev lock open_mutex [1] ... efi_partition ... md_submit_bio md_ioctl mddev_syspend -> suspend all io md_add_new_disk bind_rdev_to_array bd_link_disk_holder try lock open_mutex [2] md_handle_request -> wait mddev_resume T1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume mddev, but T2 waits for open_mutex held by T1. Deadlock occurs. Fix it by introducing a local mutex 'blk_holder_mutex' to replace 'open_mutex'.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-49391Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H7.31.35.9HIGH2024-12-08T08:00ZLOCALLOWLOWREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-39610Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-39228GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-34606Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2024-5133In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure of password recovery tokens in API responses. Specifically, when a user initiates the password reset process, the recovery token is included in the response of the `GET /v1/users/me/org` endpoint, which lists all users in a team. This allows any authenticated user to capture the recovery token of another user and subsequently change that user's password without consent, effectively taking over the account. The issue lies in the inclusion of the `recovery_token` attribute in the users object returned by the API.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2024-1177The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubsCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONELOWNONE
CVE-2024-44062Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-24041A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-11119The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N6.43.12.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDLOWLOWNONE
CVE-2024-10017The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N6.43.12.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDLOWLOWNONE
CVE-2024-8630Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-3158Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-11048A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-10424A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/project_selection/remove_project.php of the component Project Selection Page. The manipulation of the argument no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-40738A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-5630The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-46821In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang)CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-3150In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint `/workspace/:slug/thread/:threadSlug/update`. Specifically, the application fails to validate or check user input before passing it to the `workspace_thread` Prisma model for execution. This oversight allows attackers to craft a Prisma relation query operation that manipulates the `users` model to change a user's role to admin. Successful exploitation grants attackers the highest level of user privileges, enabling them to see and perform all actions within the system.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-3454An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.52.11.4LOW2024-12-08T08:00ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2024-7122The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-6052Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elementsCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-23838TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-22550An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-23725Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-10080The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-34788An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive informationCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-39910decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to <svg onload=alert('XSS')> if they know how to craft these requests themselves. This issue has been addressed in release version 0.27.7. All users are advised to upgrade. Users unable to upgrade should review the user accounts that have access to the admin panel (i.e. general Administrators, and participatory space's Administrators) and remove access to them if they don't need it. Disable the "Enable rich text editor for participants" setting in the admin dashboardCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-38879A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-4011An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2024-44954In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warning triggered by syzkaller below (so put as reported-by here). This patch protects the midibuf call of the former code path with a spinlock for avoiding the possible races.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H4.71.03.6MEDIUM2024-12-08T08:00ZLOCALHIGHLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-8601This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-35705Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font Awesome: from n/a through 1.4.4.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-50260In the Linux kernel, the following vulnerability has been resolved: sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() The following race condition could trigger a NULL pointer dereference: sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&sockmap_mutex); ... sockmap_link->map = NULL; mutex_unlock(&sockmap_mutex); mutex_lock(&sockmap_mutex); ... sock_map_prog_link_lookup(sockmap_link->map); mutex_unlock(&sockmap_mutex); <continue> Fix it by adding a NULL pointer check. In this specific case, it makes no sense to update a link which is being released.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H4.71.03.6MEDIUM2024-12-08T08:00ZLOCALHIGHLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-0756The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-7000Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-41088In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfd_start_xmit() function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running application. Error messages: [ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16 [ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3). ... and repeat forever. The issue can be triggered when multiple devices share the same SPI interface. And there is concurrent access to the bus. The problem occurs because tx_ring->head increments even if mcp251xfd_start_xmit() fails. Consequently, the driver skips one TX package while still expecting a response in mcp251xfd_handle_tefif_one(). Resolve the issue by starting a workqueue to write the tx obj synchronously if err = -EBUSY. In case of another error, decrement tx_ring->head, remove skb from the echo stack, and drop the message. [mkl: use more imperative wording in patch description]CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-38177Windows App Installer Spoofing VulnerabilityCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-3638The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Marquee Text Widget, Testimonials Widget, and Testimonial Slider widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-39406Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N6.82.34.0MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONECHANGEDHIGHNONENONE
CVE-2024-41690This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext default credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N4.60.93.6MEDIUM2024-12-08T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-34618Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N3.31.81.4LOW2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2024-38385In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the descriptor can be freed between mt_find() and the dereference: CPU0 CPU1 desc = mt_find() delayed_free_desc(desc) irq_desc_get_irq(desc) The use-after-free is reported by KASAN: Call trace: irq_get_next_irq+0x58/0x84 show_stat+0x638/0x824 seq_read_iter+0x158/0x4ec proc_reg_read_iter+0x94/0x12c vfs_read+0x1e0/0x2c8 Freed by task 4471: slab_free_freelist_hook+0x174/0x1e0 __kmem_cache_free+0xa4/0x1dc kfree+0x64/0x128 irq_kobj_release+0x28/0x3c kobject_put+0xcc/0x1e0 delayed_free_desc+0x14/0x2c rcu_do_batch+0x214/0x720 Guard the access with a RCU read lock section.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-37889MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-38438D-Link - CWE-294: Authentication Bypass by Capture-replayCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-10045The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the process_actions function. This makes it possible for unauthenticated attackers to delete transients via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2024-34622Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-46726In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure index calculation will not overflow [WHY & HOW] Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will never overflow and exceess array size. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-46307A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONEHIGHNONE
CVE-2024-42009A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N9.32.85.8CRITICAL2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHNONE
CVE-2024-8592A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-7687The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDNONELOWNONE
CVE-2024-20731Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-7535Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-41358phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-7248Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update mechanism. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19055.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-0093NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-50008In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Replace one-element array with a flexible-array member in `struct host_cmd_ds_802_11_scan_ext`. With this, fix the following warning: elo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------ elo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2239 (size 1) elo 16 17:51:58 surfacebook kernel: WARNING: CPU: 0 PID: 498 at drivers/net/wireless/marvell/mwifiex/scan.c:2239 mwifiex_cmd_802_11_scan_ext+0x83/0x90 [mwifiex]CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-21278Vulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Business Suite (component: Award Processes). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Contract Lifecycle Management for Public Sector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Contract Lifecycle Management for Public Sector accessible data as well as unauthorized access to critical data or complete access to all Oracle Contract Lifecycle Management for Public Sector accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2024-39202D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7923An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-28831Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-11192The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N6.43.12.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDLOWLOWNONE
CVE-2024-9784A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-38813The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-52431Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-6267A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.php of the component System Info Page. The manipulation of the argument System Name/System Short Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269479.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-22416pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-0299A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-40867A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H9.62.86.0CRITICAL2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHHIGHHIGH
CVE-2024-6302Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2024-51526Permission control vulnerability in the hidebug module Impact: Successful exploitation of this vulnerability may affect service confidentiality.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-11551IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24749.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-38279The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N4.60.93.6MEDIUM2024-12-08T08:00ZPHYSICALLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-10139A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add_new_supplier.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-42782A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-37263Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons enteraddons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.6.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-49019Active Directory Certificate Services Elevation of Privilege VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-45176An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to insufficient user input validation.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-47161In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST APICVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-22194cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N2.81.31.4LOW2024-12-08T08:00ZLOCALLOWLOWREQUIREDUNCHANGEDLOWNONENONE
CVE-2024-5629An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONEHIGH
CVE-2024-10092The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to revoke existing API keys and generate new ones.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONELOWNONE
CVE-2024-37038CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-39807Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDLOWNONENONE
CVE-2024-7334A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-46807In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Check tbo resource pointer Validate tbo resource pointer, skip if NULLCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-11231The ???? ????? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mnp_purchase shortcode in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N6.43.12.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDLOWLOWNONE
CVE-2024-24556urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-41070In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Al reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group(). It looks up `stt` from tablefd, but then continues to use it after doing fdput() on the returned fd. After the fdput() the tablefd is free to be closed by another thread. The close calls kvm_spapr_tce_release() and then release_spapr_tce_table() (via call_rcu()) which frees `stt`. Although there are calls to rcu_read_lock() in kvm_spapr_tce_attach_iommu_group() they are not sufficient to prevent the UAF, because `stt` is used outside the locked regions. With an artifcial delay after the fdput() and a userspace program which triggers the race, KASAN detects the UAF: BUG: KASAN: slab-use-after-free in kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm] Read of size 4 at addr c000200027552c30 by task kvm-vfio/2505 CPU: 54 PID: 2505 Comm: kvm-vfio Not tainted 6.10.0-rc3-next-20240612-dirty #1 Hardware name: 8335-GTH POWER9 0x4e1202 opal:skiboot-v6.5.3-35-g1851b2a06 PowerNV Call Trace: dump_stack_lvl+0xb4/0x108 (unreliable) print_report+0x2b4/0x6ec kasan_report+0x118/0x2b0 __asan_load4+0xb8/0xd0 kvm_spapr_tce_attach_iommu_group+0x298/0x720 [kvm] kvm_vfio_set_attr+0x524/0xac0 [kvm] kvm_device_ioctl+0x144/0x240 [kvm] sys_ioctl+0x62c/0x1810 system_call_exception+0x190/0x440 system_call_vectored_common+0x15c/0x2ec ... Freed by task 0: ... kfree+0xec/0x3e0 release_spapr_tce_table+0xd4/0x11c [kvm] rcu_core+0x568/0x16a0 handle_softirqs+0x23c/0x920 do_softirq_own_stack+0x6c/0x90 do_softirq_own_stack+0x58/0x90 __irq_exit_rcu+0x218/0x2d0 irq_exit+0x30/0x80 arch_local_irq_restore+0x128/0x230 arch_local_irq_enable+0x1c/0x30 cpuidle_enter_state+0x134/0x5cc cpuidle_enter+0x6c/0xb0 call_cpuidle+0x7c/0x100 do_idle+0x394/0x410 cpu_startup_entry+0x60/0x70 start_secondary+0x3fc/0x410 start_secondary_prolog+0x10/0x14 Fix it by delaying the fdput() until `stt` is no longer in use, which is effectively the entire function. To keep the patch minimal add a call to fdput() at each of the existing return paths. Future work can convert the function to goto or __cleanup style cleanup. With the fix in place the test case no longer triggers the UAF.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-6760A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHNONENONE
CVE-2024-0597The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-8291Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.  A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N  Thanks,  Alexey Solovyev for reporting.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-7172A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this vulnerability is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272593 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-50165In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve param->string when parsing mount options In bpf_parse_param(), keep the value of param->string intact so it can be freed later. Otherwise, the kmalloc area pointed to by param->string will be leaked as shown below: unreferenced object 0xffff888118c46d20 (size 8): comm "new_name", pid 12109, jiffies 4295580214 hex dump (first 8 bytes): 61 6e 79 00 38 c9 5c 7e any.8.\~ backtrace (crc e1b7f876): [<00000000c6848ac7>] kmemleak_alloc+0x4b/0x80 [<00000000de9f7d00>] __kmalloc_node_track_caller_noprof+0x36e/0x4a0 [<000000003e29b886>] memdup_user+0x32/0xa0 [<0000000007248326>] strndup_user+0x46/0x60 [<0000000035b3dd29>] __x64_sys_fsconfig+0x368/0x3d0 [<0000000018657927>] x64_sys_call+0xff/0x9f0 [<00000000c0cabc95>] do_syscall_64+0x3b/0xc0 [<000000002f331597>] entry_SYSCALL_64_after_hwframe+0x4b/0x53CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-9341A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N8.22.84.7HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHLOWNONE
CVE-2024-49614Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-41736Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N4.32.81.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWNONENONE
CVE-2024-8964The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N6.43.12.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDLOWLOWNONE
CVE-2024-21737In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.12.36.0CRITICAL2024-12-08T08:00ZNETWORKLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2024-32484An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N8.22.84.7HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDHIGHLOWNONE
CVE-2024-5536The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipress_link shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-49859In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check atomic_file in f2fs ioctl interfaces Some f2fs ioctl interfaces like f2fs_ioc_set_pin_file(), f2fs_move_file_range(), and f2fs_defragment_range() missed to check atomic_write status, which may cause potential race issue, fix it.CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H4.71.03.6MEDIUM2024-12-08T08:00ZLOCALHIGHLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-23895A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-11790Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24449.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-39468In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such deadlock.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-46779In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Free pvr_vm_gpuva after unlink This caused a measurable memory leak. Although the individual allocations are small, the leaks occurs in a high-usage codepath (remapping or unmapping device memory) so they add up quickly.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-7858The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L6.32.83.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDLOWLOWLOW
CVE-2024-51408AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-50442Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H7.21.25.9HIGH2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-36502Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-43976Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-8946A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2994354634. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-46814In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid array index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Coverity.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-47683In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link [why] Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4 Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022 RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper] Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224 RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? plist_add+0xbe/0x100 ? exc_page_fault+0x7c/0x180 ? asm_exc_page_fault+0x26/0x30 ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] drm_atomic_check_only+0x5c5/0xa40 drm_mode_atomic_ioctl+0x76e/0xbc0 [how] dsc recompute should be skipped if no mode change detected on the new request. If detected, keep checking whether the stream is already on current state or not.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-30081Windows NTLM Spoofing VulnerabilityCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHNONE
CVE-2024-8164A vulnerability, which was classified as critical, has been found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function rename of the file /Admin/Http/Controllers/FileManagerController.php. The manipulation of the argument new_name leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7224A vulnerability was found in SourceCodester Lot Reservation Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /lot_details.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272804.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-11557IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24807.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-21751Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-27128A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and laterCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-35723Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-31181Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::GroupStats::unpack. This issue affects libfluid: 0.1.0.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-38237Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-21902An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and laterCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N8.12.85.2HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHNONE
CVE-2024-6170The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-10538The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-6185A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function get_ip_addr_details of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-42109In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally flush pending work before notifier syzbot reports: KASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831 KASAN: slab-uaf in nft_commit_release net/netfilter/nf_tables_api.c:9530 KASAN: slab-uaf int nf_tables_trans_destroy_work+0x152b/0x1750 net/netfilter/nf_tables_api.c:9597 Read of size 2 at addr ffff88802b0051c4 by task kworker/1:1/45 [..] Workqueue: events nf_tables_trans_destroy_work Call Trace: nft_ctx_update include/net/netfilter/nf_tables.h:1831 [inline] nft_commit_release net/netfilter/nf_tables_api.c:9530 [inline] nf_tables_trans_destroy_work+0x152b/0x1750 net/netfilter/nf_tables_api.c:9597 Problem is that the notifier does a conditional flush, but its possible that the table-to-be-removed is still referenced by transactions being processed by the worker, so we need to flush unconditionally. We could make the flush_work depend on whether we found a table to delete in nf-next to avoid the flush for most cases. AFAICS this problem is only exposed in nf-next, with commit e169285f8c56 ("netfilter: nf_tables: do not store nft_ctx in transaction objects"), with this commit applied there is an unconditional fetch of table->family which is whats triggering the above splat.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-39283Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-6015A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument month_of leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268723.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-38588In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem().CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-6955A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file sort2.php. The manipulation of the argument qualification leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272076.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-21624nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2024-34644Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHNONENONE
CVE-2024-30160A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-49961In the Linux kernel, the following vulnerability has been resolved: media: i2c: ar0521: Use cansleep version of gpiod_set_value() If we use GPIO reset from I2C port expander, we must use *_cansleep() variant of GPIO functions. This was not done in ar0521_power_on()/ar0521_power_off() functions. Let's fix that. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 11 at drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x74/0x7c Modules linked in: CPU: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.10.0 #53 Hardware name: Diasom DS-RK3568-SOM-EVB (DT) Workqueue: events_unbound deferred_probe_work_func pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : gpiod_set_value+0x74/0x7c lr : ar0521_power_on+0xcc/0x290 sp : ffffff8001d7ab70 x29: ffffff8001d7ab70 x28: ffffff80027dcc90 x27: ffffff8003c82000 x26: ffffff8003ca9250 x25: ffffffc080a39c60 x24: ffffff8003ca9088 x23: ffffff8002402720 x22: ffffff8003ca9080 x21: ffffff8003ca9088 x20: 0000000000000000 x19: ffffff8001eb2a00 x18: ffffff80efeeac80 x17: 756d2d6332692f30 x16: 0000000000000000 x15: 0000000000000000 x14: ffffff8001d91d40 x13: 0000000000000016 x12: ffffffc080e98930 x11: ffffff8001eb2880 x10: 0000000000000890 x9 : ffffff8001d7a9f0 x8 : ffffff8001d92570 x7 : ffffff80efeeac80 x6 : 000000003fc6e780 x5 : ffffff8001d91c80 x4 : 0000000000000002 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000001 Call trace: gpiod_set_value+0x74/0x7c ar0521_power_on+0xcc/0x290 ...CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-7463A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-47522Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. One may disable ja4 as a workaround.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-47508An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ... The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.3 versions before 21.3R3-EVO; * 21.4 versions before 22.1R2-EVO, * 22.1 versions before 22.1R1-S1-EVO, 22.1R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.52.83.6MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-38812The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7618The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N4.81.70000000000000022.7MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHREQUIREDCHANGEDLOWLOWNONE
CVE-2024-0959A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-8858The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-46424TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-8717The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdf_source' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-46598Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-37569An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-35652Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.1.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-9515A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. This affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-0426A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cms_template.php. The manipulation of the argument t_name/t_path leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250445 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-1031A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252304.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-7293In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-33545Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-49001SQL Server Native Client Remote Code Execution VulnerabilityCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-23220The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDNONEHIGHNONE
CVE-2024-38188Azure Network Watcher VM Agent Elevation of Privilege VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H7.11.85.2HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHHIGH
CVE-2024-23049An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7331A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7834A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-34545Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access.CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.72.13.6MEDIUM2024-12-08T08:00ZADJACENT_NETWORKLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-43801Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious SVG file. When viewed by an admin outside of the Jellyfin Web UI (e.g. via "view image" in a browser), this malicious SVG file could interact with the browser's LocalStorage and retrieve an AccessToken, which in turn can be used in an API call to elevate the target user to a Jellyfin administrator. The actual attack vector is unlikely to be exploited, as it requires specific actions by the administrator to view the SVG image outside of Jellyfin's WebUI, i.e. it is not a passive attack. The underlying exploit mechanism is solved by PR #12490, which forces attached images (including the potential malicious SVG) to be treated as attachments and thus downloaded by browsers, rather than viewed. This prevents exploitation of the LocalStorage of the browser. This PR has been merged and the relevant code changes are included in release version 10.9.10. All users are advised to upgrade.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-7733A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-31199A “CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')” allows malicious users to permanently inject arbitrary Javascript code.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-10885The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N6.43.12.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWNONECHANGEDLOWLOWNONE
CVE-2024-37635TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfgCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-37954Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in marcelotorres Simple Responsive Slider allows Reflected XSS.This issue affects Simple Responsive Slider: from n/a through 0.2.2.5.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-9477Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024. NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-49902In the Linux kernel, the following vulnerability has been resolved: jfs: check if leafidx greater than num leaves per dmap tree syzbot report a out of bounds in dbSplit, it because dmt_leafidx greater than num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf. Shaggy: Modified sanity check to apply to control pages as well as leaf pages.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-20286A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.&nbsp; Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H8.82.06.0HIGH2024-12-08T08:00ZLOCALLOWLOWNONECHANGEDHIGHHIGHHIGH
CVE-2024-25019IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L5.52.13.4MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDUNCHANGEDLOWLOWLOW
CVE-2024-40544PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-3800Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in requested file names.  Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-21273Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N6.01.54.0MEDIUM2024-12-08T08:00ZLOCALLOWHIGHNONECHANGEDHIGHNONENONE
CVE-2024-46419TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-46773In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator pbn_div before used [WHAT & HOW] A denominator cannot be 0, and is checked before used. This fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONENONEHIGH
CVE-2024-46557Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.53.93.6HIGH2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONEHIGH
CVE-2024-0738A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-47048Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps.CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N5.42.32.7MEDIUM2024-12-08T08:00ZNETWORKLOWLOWREQUIREDCHANGEDLOWLOWNONE
CVE-2024-10461In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-45264A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-0712A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-7782The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H6.51.25.2MEDIUM2024-12-08T08:00ZNETWORKLOWHIGHNONEUNCHANGEDNONEHIGHHIGH
CVE-2024-7502A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-27320An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it.CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWNONEREQUIREDUNCHANGEDHIGHHIGHHIGH
CVE-2024-38185Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.81.85.9HIGH2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-42399Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L5.33.91.4MEDIUM2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDNONENONELOW
CVE-2024-45348Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-10613A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/system/SystemEncryptPolicyService.java. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-38474Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.83.95.9CRITICAL2024-12-08T08:00ZNETWORKLOWNONENONEUNCHANGEDHIGHHIGHHIGH
CVE-2024-40837A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDHIGHNONENONE
CVE-2024-20805Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N5.51.83.6MEDIUM2024-12-08T08:00ZLOCALLOWLOWNONEUNCHANGEDNONEHIGHNONE
CVE-2024-11456The Run Contests, Raffles, and Giveaways with ContestsWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.12.82.7MEDIUM2024-12-08T08:00ZNETWORKLOWNONEREQUIREDCHANGEDLOWLOWNONE
CVE-2024-46902A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability.CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.12.36.0CRITICAL2024-12-08T08:00ZNETWORKLOWHIGHNONECHANGEDHIGHHIGHHIGH
CVE-2024-49574Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H8.82.85.9HIGH2024-12-08T08:00ZNETWORKLOWLOWNONEUNCHANGEDHIGHHIGHHIGH