Patch Tuesday — January 2024
2024-01-09 · 802 CVEs
CVEs published or modified the week of 2024-01-09, partitioned by vendor.
Microsoft (66 CVEs)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21646 | Critical | 9.8 | — | 2024-01-09 | Azure uAMQP is a general purpose C library for AMQP 1.0. |
CVE-2024-21638 | Critical | 9.1 | — | 2024-01-10 | Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. |
CVE-2024-0057 | Critical | 9.1 | — | 2024-01-09 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability |
CVE-2023-49647 | High | 8.8 | — | 2024-01-12 | Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access. |
CVE-2023-40250 | High | 8.8 | — | 2024-01-12 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893. |
CVE-2024-21318 | High | 8.8 | — | 2024-01-09 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE-2024-20674 | High | 8.8 | — | 2024-01-09 | Windows Kerberos Security Feature Bypass Vulnerability |
CVE-2024-0056 | High | 8.7 | — | 2024-01-09 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability |
CVE-2024-20652 | High | 8.1 | — | 2024-01-09 | Windows HTML Platforms Security Feature Bypass Vulnerability |
CVE-2024-20676 | High | 8.0 | — | 2024-01-09 | Azure Storage Mover Remote Code Execution Vulnerability |
CVE-2024-20654 | High | 8.0 | — | 2024-01-09 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
CVE-2024-21325 | High | 7.8 | — | 2024-01-09 | Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability |
CVE-2024-21310 | High | 7.8 | — | 2024-01-09 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
CVE-2024-21309 | High | 7.8 | — | 2024-01-09 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
CVE-2024-20698 | High | 7.8 | — | 2024-01-09 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-20686 | High | 7.8 | — | 2024-01-09 | Win32k Elevation of Privilege Vulnerability |
CVE-2024-20683 | High | 7.8 | — | 2024-01-09 | Win32k Elevation of Privilege Vulnerability |
CVE-2024-20682 | High | 7.8 | — | 2024-01-09 | Windows Cryptographic Services Remote Code Execution Vulnerability |
CVE-2024-20681 | High | 7.8 | — | 2024-01-09 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
CVE-2024-20677 | High | 7.8 | — | 2024-01-09 | A security vulnerability exists in FBX that could lead to remote code execution. |
CVE-2024-20658 | High | 7.8 | — | 2024-01-09 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability |
CVE-2024-20656 | High | 7.8 | — | 2024-01-09 | Visual Studio Elevation of Privilege Vulnerability |
CVE-2024-20653 | High | 7.8 | — | 2024-01-09 | Microsoft Common Log File System Elevation of Privilege Vulnerability |
CVE-2023-31036 | High | 7.5 | — | 2024-01-12 | NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path tra… |
CVE-2024-21312 | High | 7.5 | — | 2024-01-09 | .NET Framework Denial of Service Vulnerability |
CVE-2024-21307 | High | 7.5 | — | 2024-01-09 | Remote Desktop Client Remote Code Execution Vulnerability |
CVE-2024-20700 | High | 7.5 | — | 2024-01-09 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2024-20687 | High | 7.5 | — | 2024-01-09 | Microsoft AllJoyn API Denial of Service Vulnerability |
CVE-2024-20672 | High | 7.5 | — | 2024-01-09 | .NET Denial of Service Vulnerability |
CVE-2024-20661 | High | 7.5 | — | 2024-01-09 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
CVE-2024-20697 | High | 7.3 | — | 2024-01-09 | Windows libarchive Remote Code Execution Vulnerability |
CVE-2024-20696 | High | 7.3 | — | 2024-01-09 | Windows libarchive Remote Code Execution Vulnerability |
CVE-2024-21643 | High | 7.1 | — | 2024-01-10 | IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. |
CVE-2024-0206 | High | 7.1 | — | 2024-01-09 | A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. |
CVE-2024-20657 | High | 7.0 | — | 2024-01-09 | Windows Group Policy Elevation of Privilege Vulnerability |
CVE-2023-51751 | Medium | 6.8 | — | 2024-01-11 | ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. |
CVE-2024-21319 | Medium | 6.8 | — | 2024-01-09 | Microsoft Identity Denial of service vulnerability |
CVE-2024-20666 | Medium | 6.6 | — | 2024-01-09 | BitLocker Security Feature Bypass Vulnerability |
CVE-2024-20655 | Medium | 6.6 | — | 2024-01-09 | Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability |
CVE-2024-21320 | Medium | 6.5 | — | 2024-01-09 | Windows Themes Spoofing Vulnerability |
CVE-2024-21314 | Medium | 6.5 | — | 2024-01-09 | Microsoft Message Queuing Information Disclosure Vulnerability |
CVE-2024-20690 | Medium | 6.5 | — | 2024-01-09 | Windows Nearby Sharing Spoofing Vulnerability |
CVE-2024-20680 | Medium | 6.5 | — | 2024-01-09 | Windows Message Queuing Client (MSMQC) Information Disclosure |
CVE-2024-20664 | Medium | 6.5 | — | 2024-01-09 | Microsoft Message Queuing Information Disclosure Vulnerability |
CVE-2024-20663 | Medium | 6.5 | — | 2024-01-09 | Windows Message Queuing Client (MSMQC) Information Disclosure |
CVE-2024-20660 | Medium | 6.5 | — | 2024-01-09 | Microsoft Message Queuing Information Disclosure Vulnerability |
CVE-2024-20675 | Medium | 6.3 | — | 2024-01-11 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
CVE-2024-0310 | Medium | 6.1 | — | 2024-01-10 | A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowin… |
CVE-2024-21316 | Medium | 6.1 | — | 2024-01-09 | Windows Server Key Distribution Service Security Feature Bypass |
CVE-2024-21306 | Medium | 5.7 | — | 2024-01-09 | Microsoft Bluetooth Driver Spoofing Vulnerability |
CVE-2024-20692 | Medium | 5.7 | — | 2024-01-09 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
CVE-2024-20715 | Medium | 5.5 | — | 2024-01-10 | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20714 | Medium | 5.5 | — | 2024-01-10 | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20713 | Medium | 5.5 | — | 2024-01-10 | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20712 | Medium | 5.5 | — | 2024-01-10 | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20711 | Medium | 5.5 | — | 2024-01-10 | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-20710 | Medium | 5.5 | — | 2024-01-10 | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2024-21311 | Medium | 5.5 | — | 2024-01-09 | Windows Cryptographic Services Information Disclosure Vulnerability |
CVE-2024-20699 | Medium | 5.5 | — | 2024-01-09 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2024-20694 | Medium | 5.5 | — | 2024-01-09 | Windows CoreMessaging Information Disclosure Vulnerability |
CVE-2024-21313 | Medium | 5.3 | — | 2024-01-09 | Windows TCP/IP Information Disclosure Vulnerability |
CVE-2024-21337 | Medium | 5.2 | — | 2024-01-11 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
CVE-2024-20662 | Medium | 4.9 | — | 2024-01-09 | Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability |
CVE-2024-20691 | Medium | 4.7 | — | 2024-01-09 | Windows Themes Information Disclosure Vulnerability |
CVE-2023-51750 | Medium | 4.6 | — | 2024-01-11 | ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. |
CVE-2024-21305 | Medium | 4.4 | — | 2024-01-09 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability |
Other vendors (736 CVEs across 241 vendors)
Gtkwave · 82 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-39444 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. |
CVE-2023-39443 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. |
CVE-2023-39317 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. |
CVE-2023-39316 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. |
CVE-2023-39275 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. |
CVE-2023-39274 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. |
CVE-2023-39273 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. |
CVE-2023-39272 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. |
CVE-2023-39271 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. |
CVE-2023-39270 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. |
CVE-2023-39235 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. |
CVE-2023-39234 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. |
CVE-2023-38657 | High | 7.8 | — | 2024-01-08 | An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. |
CVE-2023-38649 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. |
CVE-2023-38648 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. |
CVE-2023-38623 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. |
CVE-2023-38622 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. |
CVE-2023-38621 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. |
CVE-2023-38620 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. |
CVE-2023-38619 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. |
CVE-2023-38618 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. |
CVE-2023-38583 | High | 7.8 | — | 2024-01-08 | A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. |
CVE-2023-37923 | High | 7.8 | — | 2024-01-08 | Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. |
CVE-2023-37922 | High | 7.8 | — | 2024-01-08 | Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. |
CVE-2023-37921 | High | 7.8 | — | 2024-01-08 | Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. |
CVE-2023-37578 | High | 7.8 | — | 2024-01-08 | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. |
CVE-2023-37577 | High | 7.8 | — | 2024-01-08 | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. |
CVE-2023-37576 | High | 7.8 | — | 2024-01-08 | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. |
CVE-2023-37575 | High | 7.8 | — | 2024-01-08 | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. |
CVE-2023-37574 | High | 7.8 | — | 2024-01-08 | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. |
CVE-2023-37573 | High | 7.8 | — | 2024-01-08 | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. |
CVE-2023-37447 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. |
CVE-2023-37446 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. |
CVE-2023-37445 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. |
CVE-2023-37444 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. |
CVE-2023-37443 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. |
CVE-2023-37442 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. |
CVE-2023-37420 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. |
CVE-2023-37419 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. |
CVE-2023-37418 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. |
CVE-2023-37417 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. |
CVE-2023-37416 | High | 7.8 | — | 2024-01-08 | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. |
CVE-2023-37282 | High | 7.8 | — | 2024-01-08 | An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115. |
CVE-2023-36916 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. |
CVE-2023-36915 | High | 7.8 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. |
CVE-2023-36864 | High | 7.8 | — | 2024-01-08 | An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. |
CVE-2023-36861 | High | 7.8 | — | 2024-01-08 | An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3.115. |
CVE-2023-35997 | High | 7.8 | — | 2024-01-08 | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. |
CVE-2023-35996 | High | 7.8 | — | 2024-01-08 | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. |
CVE-2023-35995 | High | 7.8 | — | 2024-01-08 | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. |
CVE-2023-35994 | High | 7.8 | — | 2024-01-08 | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. |
CVE-2023-35989 | High | 7.8 | — | 2024-01-08 | An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. |
CVE-2023-35970 | High | 7.8 | — | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. |
CVE-2023-35969 | High | 7.8 | — | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. |
CVE-2023-35964 | High | 7.8 | — | 2024-01-08 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. |
CVE-2023-35963 | High | 7.8 | — | 2024-01-08 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. |
CVE-2023-35962 | High | 7.8 | — | 2024-01-08 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. |
CVE-2023-35961 | High | 7.8 | — | 2024-01-08 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. |
CVE-2023-35960 | High | 7.8 | — | 2024-01-08 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. |
CVE-2023-35959 | High | 7.8 | — | 2024-01-08 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. |
CVE-2023-35958 | High | 7.8 | — | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. |
CVE-2023-35957 | High | 7.8 | — | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. |
CVE-2023-35956 | High | 7.8 | — | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. |
CVE-2023-35955 | High | 7.8 | — | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. |
CVE-2023-35704 | High | 7.8 | — | 2024-01-08 | Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. |
CVE-2023-35703 | High | 7.8 | — | 2024-01-08 | Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. |
CVE-2023-35702 | High | 7.8 | — | 2024-01-08 | Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. |
CVE-2023-35057 | High | 7.8 | — | 2024-01-08 | An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115. |
CVE-2023-35004 | High | 7.8 | — | 2024-01-08 | An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115. |
CVE-2023-34436 | High | 7.8 | — | 2024-01-08 | An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKWave 3.3.115. |
CVE-2023-34087 | High | 7.8 | — | 2024-01-08 | An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. |
CVE-2023-39414 | High | 7.0 | — | 2024-01-08 | Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. |
CVE-2023-39413 | High | 7.0 | — | 2024-01-08 | Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. |
CVE-2023-38653 | High | 7.0 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. |
CVE-2023-38652 | High | 7.0 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. |
CVE-2023-38651 | High | 7.0 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. |
CVE-2023-38650 | High | 7.0 | — | 2024-01-08 | Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. |
CVE-2023-36747 | High | 7.0 | — | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. |
CVE-2023-36746 | High | 7.0 | — | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. |
CVE-2023-35992 | High | 7.0 | — | 2024-01-08 | An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. |
CVE-2023-35128 | High | 7.0 | — | 2024-01-08 | An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. |
CVE-2023-32650 | High | 7.0 | — | 2024-01-08 | An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. |
N/a · 80 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52026 | Critical | 9.8 | — | 2024-01-12 | TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface |
CVE-2023-30016 | Critical | 9.8 | — | 2024-01-12 | SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php. |
CVE-2023-30015 | Critical | 9.8 | — | 2024-01-12 | SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php. |
CVE-2023-30014 | Critical | 9.8 | — | 2024-01-12 | SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php. |
CVE-2022-48620 | Critical | 9.8 | — | 2024-01-12 | uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. |
CVE-2023-51350 | Critical | 9.8 | — | 2024-01-11 | A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header. |
CVE-2024-23061 | Critical | 9.8 | — | 2024-01-11 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. |
CVE-2024-23060 | Critical | 9.8 | — | 2024-01-11 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. |
CVE-2024-23059 | Critical | 9.8 | — | 2024-01-11 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. |
CVE-2024-23058 | Critical | 9.8 | — | 2024-01-11 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. |
CVE-2024-23057 | Critical | 9.8 | — | 2024-01-11 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. |
CVE-2024-22942 | Critical | 9.8 | — | 2024-01-11 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. |
CVE-2023-52032 | Critical | 9.8 | — | 2024-01-11 | TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. |
CVE-2023-52031 | Critical | 9.8 | — | 2024-01-11 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. |
CVE-2023-52030 | Critical | 9.8 | — | 2024-01-11 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function. |
CVE-2023-52029 | Critical | 9.8 | — | 2024-01-11 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function. |
CVE-2023-52028 | Critical | 9.8 | — | 2024-01-11 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function. |
CVE-2023-52027 | Critical | 9.8 | — | 2024-01-11 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. |
CVE-2023-52064 | Critical | 9.8 | — | 2024-01-10 | Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. |
CVE-2023-51970 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. |
CVE-2023-51969 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo. |
CVE-2023-51968 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo. |
CVE-2023-51967 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo. |
CVE-2023-51962 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo. |
CVE-2023-51965 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. |
CVE-2023-51964 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. |
CVE-2023-51963 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. |
CVE-2023-51960 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. |
CVE-2023-51959 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. |
CVE-2023-51958 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. |
CVE-2023-51957 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. |
CVE-2023-51956 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv |
CVE-2023-51955 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. |
CVE-2023-51954 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. |
CVE-2023-51953 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. |
CVE-2023-51952 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. |
CVE-2023-51966 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. |
CVE-2023-51961 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. |
CVE-2023-51972 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. |
CVE-2023-51971 | Critical | 9.8 | — | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo. |
CVE-2020-26629 | Critical | 9.8 | — | 2024-01-10 | A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. |
CVE-2023-50585 | Critical | 9.8 | — | 2024-01-09 | Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. |
CVE-2023-49237 | Critical | 9.8 | — | 2024-01-09 | An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. |
CVE-2023-49236 | Critical | 9.8 | — | 2024-01-09 | A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. |
CVE-2023-49235 | Critical | 9.8 | — | 2024-01-09 | An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. |
CVE-2023-26999 | Critical | 9.8 | — | 2024-01-09 | An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. |
CVE-2022-46025 | Critical | 9.1 | — | 2024-01-10 | Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. |
CVE-2023-50982 | Critical | 9.0 | — | 2024-01-08 | Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. |
CVE-2023-51949 | High | 8.8 | — | 2024-01-12 | Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller |
CVE-2023-51749 | High | 8.8 | — | 2024-01-11 | ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. |
CVE-2023-51748 | High | 8.8 | — | 2024-01-11 | ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. |
CVE-2023-50159 | High | 8.8 | — | 2024-01-11 | In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. |
CVE-2023-47890 | High | 8.8 | — | 2024-01-08 | pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. |
CVE-2023-50932 | High | 8.3 | — | 2024-01-09 | An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. |
CVE-2023-50931 | High | 8.3 | — | 2024-01-09 | An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. |
CVE-2023-50930 | High | 8.3 | — | 2024-01-09 | An issue was discovered in savignano S/Notify before 4.0.2 for Jira. |
CVE-2023-48166 | High | 7.5 | — | 2024-01-12 | A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. |
CVE-2023-49427 | High | 7.5 | — | 2024-01-10 | Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. |
CVE-2023-48864 | High | 7.5 | — | 2024-01-10 | SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php. |
CVE-2023-27098 | High | 7.5 | — | 2024-01-09 | TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. |
CVE-2023-49961 | High | 7.5 | — | 2024-01-08 | WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure. |
CVE-2023-46474 | High | 7.2 | — | 2024-01-11 | File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. |
CVE-2023-50162 | High | 7.2 | — | 2024-01-09 | SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function. |
CVE-2023-51978 | Medium | 6.5 | — | 2024-01-12 | In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. |
CVE-2023-52271 | Medium | 6.5 | — | 2024-01-08 | The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time). |
CVE-2024-0304 | Medium | 6.3 | — | 2024-01-08 | A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. |
CVE-2024-0303 | Medium | 6.3 | — | 2024-01-08 | A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. |
CVE-2023-51790 | Medium | 6.1 | — | 2024-01-12 | Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. |
CVE-2023-52274 | Medium | 6.1 | — | 2024-01-11 | member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. |
CVE-2020-26628 | Medium | 6.1 | — | 2024-01-10 | A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page a… |
CVE-2023-27000 | Medium | 6.1 | — | 2024-01-09 | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s). |
CVE-2023-37644 | Medium | 5.5 | — | 2024-01-11 | SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. |
CVE-2024-22368 | Medium | 5.5 | — | 2024-01-09 | The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. |
CVE-2023-36629 | Medium | 5.5 | — | 2024-01-09 | The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read. |
CVE-2023-51806 | Medium | 5.4 | — | 2024-01-12 | File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file. |
CVE-2023-51252 | Medium | 5.4 | — | 2024-01-10 | PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). |
CVE-2023-26998 | Medium | 5.4 | — | 2024-01-09 | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. |
CVE-2020-26630 | Medium | 4.9 | — | 2024-01-10 | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab af… |
CVE-2020-26627 | Medium | 4.9 | — | 2024-01-10 | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queri… |
CVE-2024-0459 | Medium | 4.7 | — | 2024-01-12 | A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. |
Apple · 60 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40414 | Critical | 9.8 | — | 2024-01-10 | A use-after-free issue was addressed with improved memory management. |
CVE-2023-42866 | High | 8.8 | — | 2024-01-10 | The issue was addressed with improved memory handling. |
CVE-2023-42833 | High | 8.8 | — | 2024-01-10 | A correctness issue was addressed with improved checks. |
CVE-2023-41060 | High | 8.8 | — | 2024-01-10 | A type confusion issue was addressed with improved checks. |
CVE-2023-42933 | High | 7.8 | — | 2024-01-10 | This issue was addressed with improved checks. |
CVE-2023-42871 | High | 7.8 | — | 2024-01-10 | The issue was addressed with improved memory handling. |
CVE-2023-42870 | High | 7.8 | — | 2024-01-10 | A use-after-free issue was addressed with improved memory management. |
CVE-2023-42828 | High | 7.8 | — | 2024-01-10 | This issue was addressed by removing the vulnerable code. |
CVE-2023-42826 | High | 7.8 | — | 2024-01-10 | The issue was addressed with improved checks. |
CVE-2023-41974 | High | 7.8 | KEV | 2024-01-10 | A use-after-free issue was addressed with improved memory management. |
CVE-2023-41075 | High | 7.8 | — | 2024-01-10 | A type confusion issue was addressed with improved checks. |
CVE-2023-32401 | High | 7.8 | — | 2024-01-10 | A buffer overflow was addressed with improved bounds checking. |
CVE-2023-32383 | High | 7.8 | — | 2024-01-10 | This issue was addressed by forcing hardened runtime on the affected binaries at the system level. |
CVE-2023-32378 | High | 7.8 | — | 2024-01-10 | A use-after-free issue was addressed with improved memory management. |
CVE-2023-32366 | High | 7.8 | — | 2024-01-10 | An out-of-bounds write issue was addressed with improved input validation. |
CVE-2022-47965 | High | 7.8 | — | 2024-01-10 | The issue was addressed with improved memory handling. |
CVE-2022-47915 | High | 7.8 | — | 2024-01-10 | The issue was addressed with improved memory handling. |
CVE-2022-46721 | High | 7.8 | — | 2024-01-10 | The issue was addressed with improved memory handling. |
CVE-2023-42869 | High | 7.5 | — | 2024-01-10 | Multiple memory corruption issues were addressed with improved input validation. |
CVE-2023-40393 | High | 7.5 | — | 2024-01-10 | An authentication issue was addressed with improved state management. |
CVE-2023-42876 | High | 7.1 | — | 2024-01-10 | The issue was addressed with improved bounds checks. |
CVE-2023-38610 | High | 7.1 | — | 2024-01-10 | A memory corruption issue was addressed by removing the vulnerable code. |
CVE-2023-32436 | High | 7.1 | — | 2024-01-10 | The issue was addressed with improved bounds checks. |
CVE-2023-42832 | High | 7.0 | — | 2024-01-10 | A race condition was addressed with improved state handling. |
CVE-2022-48618 | High | 7.0 | KEV | 2024-01-09 | The issue was addressed with improved checks. |
CVE-2023-42865 | Medium | 6.5 | — | 2024-01-10 | An out-of-bounds read was addressed with improved input validation. |
CVE-2023-42862 | Medium | 6.5 | — | 2024-01-10 | An out-of-bounds read was addressed with improved input validation. |
CVE-2023-40385 | Medium | 6.5 | — | 2024-01-10 | This issue was addressed by removing the vulnerable code. |
CVE-2023-42929 | Medium | 5.5 | — | 2024-01-10 | The issue was addressed with improved checks. |
CVE-2023-42872 | Medium | 5.5 | — | 2024-01-10 | The issue was addressed with additional permissions checks. |
CVE-2023-42831 | Medium | 5.5 | — | 2024-01-10 | This issue was addressed by removing the vulnerable code. |
CVE-2023-42829 | Medium | 5.5 | — | 2024-01-10 | The issue was addressed with additional restrictions on the observability of app states. |
CVE-2023-41994 | Medium | 5.5 | — | 2024-01-10 | A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. |
CVE-2023-41987 | Medium | 5.5 | — | 2024-01-10 | This issue was addressed with improved checks. |
CVE-2023-41069 | Medium | 5.5 | — | 2024-01-10 | This issue was addressed by improving Face ID anti-spoofing models. |
CVE-2023-40438 | Medium | 5.5 | — | 2024-01-10 | An issue was addressed with improved handling of temporary files. |
CVE-2023-40437 | Medium | 5.5 | — | 2024-01-10 | A privacy issue was addressed with improved private data redaction for log entries. |
CVE-2023-40433 | Medium | 5.5 | — | 2024-01-10 | A logic issue was addressed with improved checks. |
CVE-2023-40430 | Medium | 5.5 | — | 2024-01-10 | A logic issue was addressed with improved checks. |
CVE-2023-40411 | Medium | 5.5 | — | 2024-01-10 | This issue was addressed with improved data protection. |
CVE-2023-38607 | Medium | 5.5 | — | 2024-01-10 | The issue was addressed with improved handling of caches. |
CVE-2023-32424 | Medium | 5.5 | — | 2024-01-10 | The issue was addressed with improved memory handling. |
CVE-2023-28185 | Medium | 5.5 | — | 2024-01-10 | An integer overflow was addressed through improved input validation. |
CVE-2022-48577 | Medium | 5.5 | — | 2024-01-10 | An access issue was addressed with improved access restrictions. |
CVE-2022-48504 | Medium | 5.5 | — | 2024-01-10 | The issue was addressed with improved handling of caches. |
CVE-2022-46710 | Medium | 5.5 | — | 2024-01-10 | A logic issue was addressed with improved checks. |
CVE-2022-42816 | Medium | 5.5 | — | 2024-01-10 | A logic issue was addressed with improved state management. |
CVE-2022-32931 | Medium | 5.5 | — | 2024-01-10 | This issue was addressed with improved data protection. |
CVE-2023-42941 | Medium | 4.8 | — | 2024-01-10 | The issue was addressed with improved checks. |
CVE-2022-32919 | Medium | 4.7 | — | 2024-01-10 | The issue was addressed with improved UI handling. |
CVE-2023-42934 | Medium | 4.2 | — | 2024-01-10 | An information disclosure issue was addressed by removing the vulnerable code. |
CVE-2023-42830 | Low | 3.3 | — | 2024-01-10 | A privacy issue was addressed with improved private data redaction for log entries. |
CVE-2023-40439 | Low | 3.3 | — | 2024-01-10 | A privacy issue was addressed with improved private data redaction for log entries. |
CVE-2023-40394 | Low | 3.3 | — | 2024-01-10 | The issue was addressed with improved validation of environment variables. |
CVE-2023-40383 | Low | 3.3 | — | 2024-01-10 | A path handling issue was addressed with improved validation. |
CVE-2023-38612 | Low | 3.3 | — | 2024-01-10 | The issue was addressed with improved checks. |
CVE-2023-28197 | Low | 3.3 | — | 2024-01-10 | An access issue was addressed with additional sandbox restrictions. |
CVE-2022-42839 | Low | 3.3 | — | 2024-01-10 | This issue was addressed with improved redaction of sensitive information. |
CVE-2024-0230 | Low | 2.4 | — | 2024-01-12 | A session management issue was addressed with improved checks. |
CVE-2023-40529 | Low | 2.4 | — | 2024-01-10 | This issue was addressed with improved redaction of sensitive information. |
Bosch · 26 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48253 | High | 8.8 | — | 2024-01-10 | The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashe… |
CVE-2023-48252 | High | 8.8 | — | 2024-01-10 | The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. |
CVE-2023-49722 | High | 8.3 | — | 2024-01-09 | Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. |
CVE-2023-48266 | High | 8.1 | — | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
CVE-2023-48265 | High | 8.1 | — | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
CVE-2023-48264 | High | 8.1 | — | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
CVE-2023-48263 | High | 8.1 | — | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
CVE-2023-48262 | High | 8.1 | — | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
CVE-2023-48251 | High | 8.1 | — | 2024-01-10 | The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. |
CVE-2023-48250 | High | 8.1 | — | 2024-01-10 | The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. |
CVE-2023-48243 | High | 8.1 | — | 2024-01-10 | The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remo… |
CVE-2023-48257 | High | 7.8 | — | 2024-01-10 | The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. |
CVE-2023-48249 | Medium | 6.5 | — | 2024-01-10 | The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possib… |
CVE-2023-48246 | Medium | 6.5 | — | 2024-01-10 | The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. |
CVE-2023-48245 | Medium | 6.5 | — | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. |
CVE-2023-48242 | Medium | 6.5 | — | 2024-01-10 | The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. |
CVE-2023-48255 | Medium | 6.3 | — | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by wa… |
CVE-2023-48258 | Medium | 5.5 | — | 2024-01-10 | The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. |
CVE-2023-48248 | Medium | 5.5 | — | 2024-01-10 | The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply… |
CVE-2023-48261 | Medium | 5.3 | — | 2024-01-10 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. |
CVE-2023-48260 | Medium | 5.3 | — | 2024-01-10 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. |
CVE-2023-48259 | Medium | 5.3 | — | 2024-01-10 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. |
CVE-2023-48256 | Medium | 5.3 | — | 2024-01-10 | The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request. |
CVE-2023-48254 | Medium | 5.3 | — | 2024-01-10 | The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. |
CVE-2023-48247 | Medium | 5.3 | — | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. |
CVE-2023-48244 | Medium | 5.3 | — | 2024-01-10 | The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. |
Juniper · 23 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21591 | Critical | 9.8 | — | 2024-01-12 | An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root pri… |
CVE-2024-21616 | High | 7.5 | — | 2024-01-12 | An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). |
CVE-2024-21614 | High | 7.5 | — | 2024-01-12 | An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Den… |
CVE-2024-21612 | High | 7.5 | — | 2024-01-12 | An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). |
CVE-2024-21611 | High | 7.5 | — | 2024-01-12 | A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). |
CVE-2024-21606 | High | 7.5 | — | 2024-01-12 | A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). |
CVE-2024-21604 | High | 7.5 | — | 2024-01-12 | An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). |
CVE-2024-21602 | High | 7.5 | — | 2024-01-12 | A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). |
CVE-2024-21595 | High | 7.5 | — | 2024-01-12 | An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). |
CVE-2024-21589 | High | 7.4 | — | 2024-01-12 | An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configurat… |
CVE-2024-21617 | Medium | 6.5 | — | 2024-01-12 | An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS). |
CVE-2024-21613 | Medium | 6.5 | — | 2024-01-12 | A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of… |
CVE-2024-21603 | Medium | 6.5 | — | 2024-01-12 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service. |
CVE-2024-21600 | Medium | 6.5 | — | 2024-01-12 | An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS). |
CVE-2024-21599 | Medium | 6.5 | — | 2024-01-12 | A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). |
CVE-2024-21587 | Medium | 6.5 | — | 2024-01-12 | An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeate… |
CVE-2023-36842 | Medium | 6.5 | — | 2024-01-12 | An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in… |
CVE-2024-21601 | Medium | 5.9 | — | 2024-01-12 | A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker… |
CVE-2024-21585 | Medium | 5.9 | — | 2024-01-12 | An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control… |
CVE-2024-21594 | Medium | 5.5 | — | 2024-01-12 | A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). |
CVE-2024-21607 | Medium | 5.3 | — | 2024-01-12 | An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. |
CVE-2024-21597 | Medium | 5.3 | — | 2024-01-12 | An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. |
CVE-2024-21596 | Medium | 5.3 | — | 2024-01-12 | A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). |
Siemens · 20 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49621 | Critical | 9.8 | — | 2024-01-09 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). |
CVE-2023-49251 | High | 8.8 | — | 2024-01-09 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). |
CVE-2023-51746 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions <… |
CVE-2023-51745 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions <… |
CVE-2023-51439 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions <… |
CVE-2023-49132 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). |
CVE-2023-49131 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). |
CVE-2023-49130 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). |
CVE-2023-49129 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). |
CVE-2023-49128 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). |
CVE-2023-49127 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). |
CVE-2023-49126 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). |
CVE-2023-49124 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). |
CVE-2023-49123 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). |
CVE-2023-49122 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). |
CVE-2023-49121 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). |
CVE-2023-44120 | High | 7.8 | — | 2024-01-09 | A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). |
CVE-2023-49252 | High | 7.5 | — | 2024-01-09 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). |
CVE-2023-42797 | Medium | 6.6 | — | 2024-01-09 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). |
CVE-2023-51744 | Low | 3.3 | — | 2024-01-09 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions <… |
Totolink · 15 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7221 | Critical | 9.8 | — | 2024-01-09 | A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. |
CVE-2023-7220 | Critical | 9.8 | — | 2024-01-09 | A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. |
CVE-2024-0299 | High | 7.3 | — | 2024-01-08 | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. |
CVE-2024-0298 | High | 7.3 | — | 2024-01-08 | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. |
CVE-2024-0297 | High | 7.3 | — | 2024-01-08 | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. |
CVE-2024-0296 | High | 7.3 | — | 2024-01-08 | A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. |
CVE-2024-0295 | High | 7.3 | — | 2024-01-08 | A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. |
CVE-2024-0294 | High | 7.3 | — | 2024-01-08 | A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. |
CVE-2023-7222 | High | 7.2 | — | 2024-01-09 | A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. |
CVE-2023-7219 | High | 7.2 | — | 2024-01-09 | A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. |
CVE-2023-7218 | High | 7.2 | — | 2024-01-08 | A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. |
CVE-2024-0293 | Medium | 6.3 | — | 2024-01-08 | A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. |
CVE-2024-0292 | Medium | 6.3 | — | 2024-01-08 | A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. |
CVE-2024-0291 | Medium | 6.3 | — | 2024-01-08 | A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. |
CVE-2023-7223 | Medium | 5.3 | — | 2024-01-09 | A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. |
Code-projects · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0474 | High | 7.3 | — | 2024-01-12 | A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. |
CVE-2024-0359 | High | 7.3 | — | 2024-01-10 | A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. |
CVE-2024-0473 | Medium | 6.3 | — | 2024-01-12 | A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. |
CVE-2024-0471 | Medium | 6.3 | — | 2024-01-12 | A vulnerability was found in code-projects Human Resource Integrated System 1.0. |
CVE-2024-0470 | Medium | 6.3 | — | 2024-01-12 | A vulnerability was found in code-projects Human Resource Integrated System 1.0. |
CVE-2024-0469 | Medium | 6.3 | — | 2024-01-12 | A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. |
CVE-2024-0468 | Medium | 6.3 | — | 2024-01-12 | A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. |
CVE-2024-0464 | Medium | 6.3 | — | 2024-01-12 | A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. |
CVE-2024-0463 | Medium | 6.3 | — | 2024-01-12 | A vulnerability was found in code-projects Online Faculty Clearance 1.0. |
CVE-2024-0462 | Medium | 6.3 | — | 2024-01-12 | A vulnerability was found in code-projects Online Faculty Clearance 1.0. |
CVE-2024-0461 | Medium | 6.3 | — | 2024-01-12 | A vulnerability was found in code-projects Online Faculty Clearance 1.0. |
CVE-2024-0466 | Medium | 5.5 | — | 2024-01-12 | A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. |
CVE-2024-0472 | Low | 3.5 | — | 2024-01-12 | A vulnerability was found in code-projects Dormitory Management System 1.0. |
CVE-2024-0465 | Low | 3.5 | — | 2024-01-12 | A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. |
Wwbn · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49599 | Critical | 9.8 | — | 2024-01-10 | An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. |
CVE-2023-47862 | Critical | 9.8 | — | 2024-01-10 | A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. |
CVE-2023-48728 | Critical | 9.6 | — | 2024-01-10 | A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. |
CVE-2023-47861 | Critical | 9.0 | — | 2024-01-10 | A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. |
CVE-2023-49589 | High | 8.8 | — | 2024-01-10 | An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. |
CVE-2023-48730 | High | 8.5 | — | 2024-01-10 | A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. |
CVE-2023-49738 | High | 7.5 | — | 2024-01-10 | An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. |
CVE-2023-49810 | High | 7.3 | — | 2024-01-10 | A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. |
CVE-2023-49864 | Medium | 6.5 | — | 2024-01-10 | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. |
CVE-2023-49863 | Medium | 6.5 | — | 2024-01-10 | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. |
CVE-2023-49862 | Medium | 6.5 | — | 2024-01-10 | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. |
CVE-2023-47171 | Medium | 6.5 | — | 2024-01-10 | An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. |
CVE-2023-50172 | Medium | 5.3 | — | 2024-01-10 | A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. |
CVE-2023-49715 | Medium | 4.3 | — | 2024-01-10 | A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. |
Hongdian · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49262 | Critical | 9.8 | — | 2024-01-12 | The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session. |
CVE-2023-49255 | Critical | 9.8 | — | 2024-01-12 | The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. |
CVE-2023-49253 | Critical | 9.8 | — | 2024-01-12 | Root user password is hardcoded into the device and cannot be changed in the user interface. |
CVE-2023-49257 | High | 8.8 | — | 2024-01-12 | An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges. |
CVE-2023-49254 | High | 8.8 | — | 2024-01-12 | Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. |
CVE-2023-49261 | High | 7.5 | — | 2024-01-12 | The "tokenKey" value used in user authorization is visible in the HTML source of the login page. |
CVE-2023-49259 | High | 7.5 | — | 2024-01-12 | The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time. |
CVE-2023-49256 | High | 7.5 | — | 2024-01-12 | It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key. |
CVE-2023-49260 | Medium | 6.1 | — | 2024-01-12 | An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. |
CVE-2023-49258 | Medium | 6.1 | — | 2024-01-12 | User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter. |
Ibm · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-31003 | High | 8.4 | — | 2024-01-11 | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. |
CVE-2023-50948 | Medium | 6.5 | — | 2024-01-08 | IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal… |
CVE-2023-45171 | Medium | 6.2 | — | 2024-01-11 | IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. |
CVE-2023-45169 | Medium | 6.2 | — | 2024-01-11 | IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. |
CVE-2023-38267 | Medium | 6.2 | — | 2024-01-11 | IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configurat… |
CVE-2023-45175 | Medium | 6.2 | — | 2024-01-11 | IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. |
CVE-2023-45173 | Medium | 6.2 | — | 2024-01-11 | IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. |
CVE-2023-31001 | Medium | 5.1 | — | 2024-01-11 | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. |
CVE-2023-47140 | Medium | 4.0 | — | 2024-01-08 | IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. |
Nvidia · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-31030 | Critical | 9.3 | — | 2024-01-12 | NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. |
CVE-2023-31029 | Critical | 9.3 | — | 2024-01-12 | NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. |
CVE-2023-31024 | Critical | 9.0 | — | 2024-01-12 | NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. |
CVE-2023-31035 | High | 7.5 | — | 2024-01-12 | NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. |
CVE-2023-31032 | High | 7.5 | — | 2024-01-12 | NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. |
CVE-2023-31033 | Medium | 6.8 | — | 2024-01-12 | NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . |
CVE-2023-31034 | Medium | 6.6 | — | 2024-01-12 | NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. |
CVE-2023-31025 | Medium | 6.5 | — | 2024-01-12 | NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. |
CVE-2023-31031 | Medium | 4.2 | — | 2024-01-12 | NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. |
Ami · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-3043 | Critical | 9.6 | — | 2024-01-09 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. |
CVE-2023-37293 | Critical | 9.6 | — | 2024-01-09 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. |
CVE-2023-37297 | High | 8.3 | — | 2024-01-09 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. |
CVE-2023-37296 | High | 8.3 | — | 2024-01-09 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. |
CVE-2023-37295 | High | 8.3 | — | 2024-01-09 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. |
CVE-2023-37294 | High | 8.3 | — | 2024-01-09 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. |
CVE-2023-34333 | High | 7.8 | — | 2024-01-09 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. |
CVE-2023-34332 | High | 7.8 | — | 2024-01-09 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. |
Csdeshang · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0415 | Medium | 6.3 | — | 2024-01-11 | A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. |
CVE-2024-0417 | Medium | 5.4 | — | 2024-01-11 | A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. |
CVE-2024-0416 | Medium | 5.4 | — | 2024-01-11 | A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. |
CVE-2024-0414 | Medium | 5.3 | — | 2024-01-11 | A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. |
CVE-2024-0413 | Medium | 5.3 | — | 2024-01-11 | A vulnerability was found in DeShang DSKMS up to 3.1.2. |
CVE-2024-0412 | Medium | 5.3 | — | 2024-01-11 | A vulnerability was found in DeShang DSShop up to 3.1.0. |
CVE-2024-0411 | Medium | 5.3 | — | 2024-01-11 | A vulnerability was found in DeShang DSMall up to 6.1.0. |
CVE-2024-0358 | Medium | 5.3 | — | 2024-01-10 | A vulnerability was found in DeShang DSO2O up to 4.1.0. |
Canonical · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2021-3600 | High | 7.8 | — | 2024-01-08 | It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. |
CVE-2022-3328 | High | 7.8 | — | 2024-01-08 | Race condition in snap-confine's must_mkdir_and_open_with_perms() |
CVE-2022-2602 | Medium | 5.3 | — | 2024-01-08 | io_uring UAF, Unix SCM garbage collection |
CVE-2022-2588 | Medium | 5.3 | — | 2024-01-08 | It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. |
CVE-2022-2586 | Medium | 5.3 | KEV | 2024-01-08 | It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. |
CVE-2022-2585 | Medium | 5.3 | — | 2024-01-08 | It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. |
CVE-2023-1032 | Medium | 4.7 | — | 2024-01-08 | The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. |
Mediawiki · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-23179 | Medium | 6.1 | — | 2024-01-12 | An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. |
CVE-2024-23177 | Medium | 6.1 | — | 2024-01-12 | An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. |
CVE-2024-23173 | Medium | 6.1 | — | 2024-01-12 | An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. |
CVE-2024-23178 | Medium | 5.4 | — | 2024-01-12 | An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. |
CVE-2024-23174 | Medium | 5.4 | — | 2024-01-12 | An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. |
CVE-2024-23172 | Medium | 5.4 | — | 2024-01-12 | An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. |
CVE-2024-23171 | Medium | 5.4 | — | 2024-01-12 | An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. |
Sap · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21737 | High | 8.4 | — | 2024-01-09 | In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. |
CVE-2024-22125 | High | 7.4 | — | 2024-01-09 | Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confid… |
CVE-2024-21735 | High | 7.3 | — | 2024-01-09 | SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. |
CVE-2024-21736 | Medium | 6.4 | — | 2024-01-09 | SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. |
CVE-2024-22124 | Medium | 4.1 | — | 2024-01-09 | Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WE… |
CVE-2024-21738 | Medium | 4.1 | — | 2024-01-09 | SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality o… |
CVE-2024-21734 | Low | 3.7 | — | 2024-01-09 | SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the applica… |
Codeastro · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0345 | Medium | 4.3 | — | 2024-01-09 | A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. |
CVE-2024-0343 | Medium | 4.3 | — | 2024-01-09 | A vulnerability classified as problematic was found in CodeAstro Simple House Rental System 5.6. |
CVE-2024-0424 | Low | 3.5 | — | 2024-01-11 | A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. |
CVE-2024-0423 | Low | 3.5 | — | 2024-01-11 | A vulnerability was found in CodeAstro Online Food Ordering System 1.0. |
CVE-2024-0422 | Low | 3.5 | — | 2024-01-11 | A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. |
CVE-2024-0346 | Low | 3.5 | — | 2024-01-09 | A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. |
Freeimage_project · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47994 | High | 8.8 | — | 2024-01-09 | An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code. |
CVE-2023-47992 | High | 8.8 | — | 2024-01-09 | An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code. |
CVE-2023-47997 | Medium | 6.5 | — | 2024-01-10 | An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service. |
CVE-2023-47996 | Medium | 6.5 | — | 2024-01-09 | An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service. |
CVE-2023-47995 | Medium | 6.5 | — | 2024-01-09 | Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service. |
CVE-2023-47993 | Medium | 6.5 | — | 2024-01-09 | A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service. |
Open-xchange · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-29048 | High | 8.8 | — | 2024-01-08 | A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. |
CVE-2023-29051 | High | 8.1 | — | 2024-01-08 | User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. |
CVE-2023-29050 | High | 7.6 | — | 2024-01-08 | The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. |
CVE-2023-41710 | Medium | 5.4 | — | 2024-01-08 | User-defined script code could be stored for a upsell related shop URL. |
CVE-2023-29052 | Medium | 5.4 | — | 2024-01-08 | Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. |
CVE-2023-29049 | Medium | 5.4 | — | 2024-01-08 | The "upsell" widget at the portal page could be abused to inject arbitrary script code. |
Phpgurukul · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0364 | Medium | 5.5 | — | 2024-01-10 | A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. |
CVE-2024-0363 | Medium | 5.5 | — | 2024-01-10 | A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. |
CVE-2024-0362 | Medium | 5.5 | — | 2024-01-10 | A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. |
CVE-2024-0361 | Medium | 5.5 | — | 2024-01-10 | A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. |
CVE-2024-0360 | Medium | 5.5 | — | 2024-01-10 | A vulnerability was found in PHPGurukul Hospital Management System 1.0. |
CVE-2024-0355 | Medium | 5.5 | — | 2024-01-10 | A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. |
Engineers_online_portal_project · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0348 | Medium | 4.3 | — | 2024-01-09 | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. |
CVE-2024-0349 | Low | 3.7 | — | 2024-01-09 | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. |
CVE-2024-0347 | Low | 3.7 | — | 2024-01-09 | A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. |
CVE-2024-0351 | Low | 3.1 | — | 2024-01-09 | A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. |
CVE-2024-0350 | Low | 3.1 | — | 2024-01-09 | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. |
Fedoraproject · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41056 | High | 8.1 | — | 2024-01-10 | Redis is an in-memory database that persists on disk. |
CVE-2023-5455 | Medium | 6.5 | — | 2024-01-10 | A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. |
CVE-2024-23301 | Medium | 5.5 | — | 2024-01-12 | Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. |
CVE-2024-0443 | Medium | 5.5 | — | 2024-01-12 | A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. |
CVE-2024-0333 | Medium | 5.3 | — | 2024-01-10 | Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. |
Fortinet · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-44250 | High | 8.8 | — | 2024-01-10 | An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated… |
CVE-2023-46712 | High | 7.2 | — | 2024-01-10 | A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. |
CVE-2023-37932 | Medium | 6.5 | — | 2024-01-10 | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via se… |
CVE-2023-48783 | Medium | 5.4 | — | 2024-01-10 | An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user wit… |
CVE-2023-37934 | Medium | 4.3 | — | 2024-01-10 | An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high freque… |
Gitlab · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7028 | Critical | 10.0 | KEV | 2024-01-12 | An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which… |
CVE-2023-4812 | High | 7.6 | — | 2024-01-12 | An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. |
CVE-2023-5356 | High | 7.3 | — | 2024-01-12 | Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integr… |
CVE-2023-6955 | Medium | 6.6 | — | 2024-01-12 | A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. |
CVE-2023-2030 | Low | 3.5 | — | 2024-01-12 | An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits. |
Hozard · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50123 | High | 8.1 | — | 2024-01-11 | The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. |
CVE-2023-50126 | Medium | 6.5 | — | 2024-01-11 | Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm… |
CVE-2023-50127 | Medium | 5.9 | — | 2024-01-11 | Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. |
CVE-2023-50125 | Medium | 5.9 | — | 2024-01-11 | A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state. |
CVE-2023-50128 | Medium | 5.3 | — | 2024-01-11 | The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed… |
Kashipara · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0307 | High | 7.3 | — | 2024-01-08 | A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. |
CVE-2024-0306 | High | 7.3 | — | 2024-01-08 | A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. |
CVE-2024-0290 | Medium | 6.3 | — | 2024-01-08 | A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. |
CVE-2024-0289 | Medium | 6.3 | — | 2024-01-08 | A vulnerability classified as critical was found in Kashipara Food Management System 1.0. |
CVE-2024-0288 | Medium | 6.3 | — | 2024-01-08 | A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. |
Debian · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6040 | High | 7.8 | — | 2024-01-12 | An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tab… |
CVE-2023-51782 | High | 7.0 | — | 2024-01-11 | An issue was discovered in the Linux kernel before 6.6.8. |
CVE-2023-51781 | High | 7.0 | — | 2024-01-11 | An issue was discovered in the Linux kernel before 6.6.8. |
CVE-2023-51780 | High | 7.0 | — | 2024-01-11 | An issue was discovered in the Linux kernel before 6.6.8. |
Discourse · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48297 | High | 8.6 | — | 2024-01-12 | Discourse is a platform for community discussion. |
CVE-2024-21655 | Medium | 4.3 | — | 2024-01-12 | Discourse is a platform for community discussion. |
CVE-2023-49098 | Low | 3.5 | — | 2024-01-12 | Discourse-reactions is a plugin that allows user to add their reactions to the post. |
CVE-2023-49099 | Low | 3.1 | — | 2024-01-12 | Discourse is a platform for community discussion. |
Dlink · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51987 | Critical | 9.8 | — | 2024-01-11 | D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. |
CVE-2023-51984 | Critical | 9.8 | — | 2024-01-11 | D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. |
CVE-2023-51123 | Critical | 9.8 | — | 2024-01-10 | An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. |
CVE-2023-41603 | Medium | 5.3 | — | 2024-01-10 | D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. |
Jfinalcms_project · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22494 | Medium | 5.4 | — | 2024-01-12 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. |
CVE-2024-22493 | Medium | 5.4 | — | 2024-01-12 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. |
CVE-2024-22492 | Medium | 5.4 | — | 2024-01-12 | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. |
CVE-2023-50136 | Medium | 5.4 | — | 2024-01-09 | Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table. |
Ptc · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-29445 | High | 7.8 | — | 2024-01-10 | An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. |
CVE-2023-29444 | Medium | 6.3 | — | 2024-01-10 | An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. |
CVE-2023-29447 | Medium | 5.7 | — | 2024-01-10 | An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. |
CVE-2023-29446 | Medium | 4.7 | — | 2024-01-10 | An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. |
0xjacky · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22197 | High | 7.7 | — | 2024-01-11 | Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. |
CVE-2024-22198 | High | 7.1 | — | 2024-01-11 | Nginx-UI is a web interface to manage Nginx configurations. |
CVE-2024-22196 | High | 7.0 | — | 2024-01-11 | Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. |
Ashanjay · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6244 | Medium | 6.5 | — | 2024-01-11 | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). |
CVE-2023-6242 | Medium | 6.5 | — | 2024-01-11 | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). |
CVE-2023-6158 | Medium | 6.5 | — | 2024-01-10 | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up t… |
Checkmk · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6740 | High | 8.8 | — | 2024-01-12 | Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges |
CVE-2023-6735 | High | 8.8 | — | 2024-01-12 | Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges |
CVE-2023-31211 | High | 8.8 | — | 2024-01-12 | Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials |
Flycms_project · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52074 | High | 8.8 | — | 2024-01-08 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. |
CVE-2023-52073 | High | 8.8 | — | 2024-01-08 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. |
CVE-2023-52072 | High | 8.8 | — | 2024-01-08 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. |
G5plus · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6140 | High | 8.8 | — | 2024-01-08 | The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code e… |
CVE-2023-6139 | Medium | 6.5 | — | 2024-01-08 | The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks. |
CVE-2023-6141 | Medium | 5.4 | — | 2024-01-08 | The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks. |
Givewp · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-4248 | Medium | 5.4 | — | 2024-01-11 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. |
CVE-2023-4247 | Medium | 5.4 | — | 2024-01-11 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. |
CVE-2023-4246 | Medium | 4.3 | — | 2024-01-11 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. |
Gpac · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0321 | Critical | 9.8 | — | 2024-01-08 | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. |
CVE-2024-0322 | Critical | 9.1 | — | 2024-01-08 | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. |
CVE-2023-50120 | Medium | 5.5 | — | 2024-01-10 | MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. |
Inis_project · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0342 | Medium | 6.3 | — | 2024-01-09 | A vulnerability classified as critical has been found in Inis up to 2.0.1. |
CVE-2024-0308 | Medium | 6.3 | — | 2024-01-08 | A vulnerability was found in Inis up to 2.0.1. |
CVE-2024-0341 | Low | 3.5 | — | 2024-01-09 | A vulnerability was found in Inis up to 2.0.1. |
Ivanti · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21887 | Critical | 9.1 | KEV | 2024-01-12 | A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the a… |
CVE-2023-39336 | High | 8.8 | — | 2024-01-09 | An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authenticat… |
CVE-2023-46805 | High | 8.2 | KEV | 2024-01-12 | An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. |
Pimcore · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21667 | Medium | 6.5 | — | 2024-01-11 | pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. |
CVE-2024-21666 | Medium | 6.5 | — | 2024-01-11 | The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. |
CVE-2024-21665 | Medium | 4.3 | — | 2024-01-11 | ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. |
Qualys · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6149 | Medium | 5.7 | — | 2024-01-09 | Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. |
CVE-2023-6148 | Medium | 5.7 | — | 2024-01-09 | Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. |
CVE-2023-6147 | Medium | 5.7 | — | 2024-01-09 | Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. |
Svnlabs · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52202 | Critical | 9.1 | — | 2024-01-08 | Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0. |
CVE-2023-52205 | Critical | 9.1 | — | 2024-01-08 | Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0. |
CVE-2023-52207 | Critical | 9.1 | — | 2024-01-08 | Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0. |
Thimpress · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6567 | Critical | 9.8 | — | 2024-01-11 | The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient pre… |
CVE-2023-6634 | High | 8.1 | — | 2024-01-11 | The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. |
CVE-2023-6223 | Medium | 4.3 | — | 2024-01-11 | The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlle… |
Tianocore · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-36765 | High | 7.0 | — | 2024-01-09 | EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. |
CVE-2022-36764 | High | 7.0 | — | 2024-01-09 | EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. |
CVE-2022-36763 | High | 7.0 | — | 2024-01-09 | EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. |
Tp-link · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21833 | High | 8.8 | — | 2024-01-11 | Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. |
CVE-2024-21773 | High | 8.8 | — | 2024-01-11 | Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in par… |
CVE-2024-21821 | High | 8.0 | — | 2024-01-11 | Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. |
Xwiki · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21650 | Critical | 10.0 | — | 2024-01-08 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. |
CVE-2024-21648 | High | 8.0 | — | 2024-01-09 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. |
CVE-2024-21651 | High | 7.5 | — | 2024-01-09 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. |
Backupbliss · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6266 | High | 7.5 | — | 2024-01-11 | The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. |
CVE-2023-6750 | High | 7.5 | — | 2024-01-08 | The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path. |
Carazo · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6583 | Medium | 6.6 | — | 2024-01-11 | The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. |
CVE-2023-6624 | Medium | 4.9 | — | 2024-01-11 | The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escapi… |
Carmelogarcia · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0460 | Medium | 6.3 | — | 2024-01-12 | A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. |
CVE-2024-0467 | Low | 3.5 | — | 2024-01-12 | A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. |
Fhs-opensource · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0302 | Medium | 6.3 | — | 2024-01-08 | A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. |
CVE-2024-0301 | Medium | 6.3 | — | 2024-01-08 | A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. |
Flient · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50124 | Medium | 6.8 | — | 2024-01-11 | Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. |
CVE-2023-50129 | Medium | 6.5 | — | 2024-01-11 | Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter. |
Flir · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51126 | Critical | 9.8 | — | 2024-01-10 | Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. |
CVE-2023-51127 | High | 7.5 | — | 2024-01-10 | FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. |
Foru · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0426 | Medium | 6.3 | — | 2024-01-11 | A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. |
CVE-2024-0425 | Medium | 5.3 | — | 2024-01-11 | A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. |
Gl-inet · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50919 | Critical | 9.8 | — | 2024-01-12 | An issue was discovered on GL.iNet devices before version 4.5.0. |
CVE-2023-50920 | Medium | 5.5 | — | 2024-01-12 | An issue was discovered on GL.iNet devices before version 4.5.0. |
Go-git · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49569 | Critical | 9.8 | — | 2024-01-12 | A path traversal vulnerability was discovered in go-git versions prior to v5.11. |
CVE-2023-49568 | High | 7.5 | — | 2024-01-12 | A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. |
Joynext · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28898 | Medium | 5.3 | — | 2024-01-12 | The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. |
CVE-2023-28897 | Medium | 4.0 | — | 2024-01-12 | The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. |
Korenix · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5347 | Critical | 9.8 | — | 2024-01-09 | An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmwa… |
CVE-2023-5376 | High | 8.6 | — | 2024-01-09 | An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01. |
Linux · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-48619 | Medium | 5.5 | — | 2024-01-12 | An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. |
CVE-2024-0340 | Medium | 4.4 | — | 2024-01-09 | A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg()… |
Manageengine · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-47211 | Critical | 9.1 | — | 2024-01-08 | A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. |
CVE-2024-0252 | High | 8.8 | — | 2024-01-11 | ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. |
Melapress · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6520 | Medium | 4.3 | — | 2024-01-11 | The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. |
CVE-2023-6506 | Medium | 4.3 | — | 2024-01-11 | The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user con… |
Microchip · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51438 | Critical | 10.0 | — | 2024-01-09 | A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All… |
CVE-2024-22216 | Critical | 10.0 | — | 2024-01-08 | In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information di… |
Omron · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-45794 | High | 8.6 | — | 2024-01-10 | An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card. |
CVE-2022-45793 | Medium | 5.5 | — | 2024-01-10 | Sysmac Studio installs executables in a directory with poor permissions. |
Pyload · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21644 | High | 7.5 | — | 2024-01-08 | pyLoad is the free and open-source Download Manager written in pure Python. |
CVE-2024-21645 | Medium | 5.3 | — | 2024-01-08 | pyLoad is the free and open-source Download Manager written in pure Python. |
Qkmc-rk · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-4959 | Low | 3.5 | — | 2024-01-11 | A vulnerability classified as problematic was found in qkmc-rk redbbs 1.0. |
CVE-2022-4958 | Low | 3.5 | — | 2024-01-11 | A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. |
Roxnor · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6788 | Medium | 5.4 | — | 2024-01-09 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. |
CVE-2023-6582 | Medium | 5.3 | — | 2024-01-11 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. |
Splunk · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22165 | Medium | 6.5 | — | 2024-01-09 | In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). |
CVE-2024-22164 | Medium | 4.3 | — | 2024-01-09 | In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. |
Strategy11 · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6830 | Medium | 6.5 | — | 2024-01-09 | The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. |
CVE-2023-6842 | Medium | 4.4 | — | 2024-01-09 | The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versi… |
Themeisle · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6781 | Medium | 6.4 | — | 2024-01-11 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user su… |
CVE-2023-7019 | Medium | 4.3 | — | 2024-01-11 | The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and in… |
10web · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6924 | Medium | 4.4 | — | 2024-01-11 | The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. |
3dflipbook · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6776 | Medium | 6.4 | — | 2024-01-11 | The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Function’ field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. |
Aarboard · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-48909 | High | 8.8 | — | 2024-01-12 | An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function. |
Acritum · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2010-10011 | Medium | 4.3 | — | 2024-01-12 | A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. |
Advancedcustomfields · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-40696 | Low | 3.7 | — | 2024-01-08 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2. |
Aertherwide · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50671 | High | 7.8 | — | 2024-01-11 | In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address. |
Alobaidi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-4962 | Medium | 6.4 | — | 2024-01-11 | The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. |
Amd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-20573 | Low | 3.2 | — | 2024-01-11 | A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information. |
Anton Bond · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52218 | Critical | 10.0 | — | 2024-01-08 | Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8. |
Apache · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49619 | Low | 3.1 | — | 2024-01-10 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. |
Apolloconfig · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-4962 | Medium | 4.3 | — | 2024-01-12 | A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. |
Appwrite · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50974 | Medium | 5.5 | — | 2024-01-09 | In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. |
Aresit · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6699 | Critical | 9.1 | — | 2024-01-11 | The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. |
Arm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5091 | Medium | 5.5 | — | 2024-01-08 | Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. |
Automattic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52222 | Medium | 4.3 | — | 2024-01-08 | Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. |
Avimegladon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5448 | High | 8.8 | — | 2024-01-11 | The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. |
Awesomemotive · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2018-25095 | Critical | 9.8 | — | 2024-01-08 | The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. |
Ays-pro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22027 | Medium | 6.5 | — | 2024-01-12 | Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services. |
Barassistant · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49471 | High | 8.8 | — | 2024-01-10 | Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execut… |
Blueastral · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52206 | High | 7.7 | — | 2024-01-08 | Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25. |
Bowo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6383 | High | 7.5 | — | 2024-01-08 | The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data |
Bpsoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0429 | High | 7.3 | — | 2024-01-11 | A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown. |
Brian D. Goad · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52201 | High | 7.6 | — | 2024-01-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brian D. |
Buffalo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51073 | High | 8.1 | — | 2024-01-11 | An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. |
Byzoro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0300 | Medium | 6.3 | — | 2024-01-08 | A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101. |
Cassianetworks · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-31446 | Critical | 9.8 | — | 2024-01-10 | In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. |
Centralsquare · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-40362 | Medium | 4.3 | — | 2024-01-12 | An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. |
Cformsii_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52203 | Medium | 5.9 | — | 2024-01-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5. |
Chanzhaoyu · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7215 | Low | 3.5 | — | 2024-01-08 | A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. |
Chromiumembedded · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21639 | Medium | 5.3 | — | 2024-01-12 | CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. |
Cisco · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-31488 | Critical | 9.8 | — | 2024-01-10 | Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fa… |
Clerk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22206 | Critical | 9.0 | — | 2024-01-12 | Clerk helps developers build user management. |
Cloud Foundry · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-34061 | High | 7.5 | — | 2024-01-12 | Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. |
Cloudfavorites · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-4960 | Low | 3.5 | — | 2024-01-12 | A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. |
Codecabin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6627 | Medium | 6.1 | — | 2024-01-08 | The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site. |
Codepeople · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6446 | Medium | 4.4 | — | 2024-01-11 | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. |
Coderd-repos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0357 | Medium | 5.5 | — | 2024-01-10 | A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. |
Codexonics · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6505 | High | 7.5 | — | 2024-01-08 | The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files. |
Collect.chat · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5691 | Medium | 4.4 | — | 2024-01-11 | The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. |
Constant Contact · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52208 | Medium | 5.3 | — | 2024-01-08 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2. |
Cool Plugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52142 | High | 7.6 | — | 2024-01-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3… |
Cozmoslabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6504 | Medium | 4.3 | — | 2024-01-11 | The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler functio… |
Cusrev · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6979 | High | 8.8 | — | 2024-01-11 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. |
Cyber-domain-ontology · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22194 | Low | 2.2 | — | 2024-01-11 | cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. |
Daan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6637 | Medium | 6.5 | — | 2024-01-11 | The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. |
Dataiku · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51717 | Critical | 9.8 | — | 2024-01-09 | Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. |
Demon1a · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21663 | Critical | 9.9 | — | 2024-01-09 | Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. |
Easycorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49394 | Medium | 6.1 | — | 2024-01-10 | Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. |
Easysocialfeed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6883 | Medium | 4.3 | — | 2024-01-11 | The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. |
Easyxdm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-27739 | Medium | 6.1 | — | 2024-01-08 | easyXDM 2.5 allows XSS via the xdm_e parameter. |
Elan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0454 | Medium | 6.0 | — | 2024-01-12 | ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. |
Elitecms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-40361 | Medium | 6.1 | — | 2024-01-11 | Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint. |
Enviragallery · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6742 | Medium | 4.3 | — | 2024-01-11 | The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and i… |
Evernote · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50643 | Critical | 9.8 | — | 2024-01-09 | An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. |
Ewels · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52196 | High | 7.1 | — | 2024-01-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12. |
Extendthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6988 | Medium | 6.4 | — | 2024-01-11 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output… |
Fastify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51701 | Medium | 5.3 | — | 2024-01-08 | fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. |
Fernandobriano · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6994 | Medium | 6.4 | — | 2024-01-11 | The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user… |
Fifu · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6561 | Medium | 6.4 | — | 2024-01-11 | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. |
Follettlearning · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-38827 | Medium | 6.1 | — | 2024-01-09 | Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do. |
Fonttools · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-45139 | High | 7.5 | — | 2024-01-10 | fontTools is a library for manipulating fonts, written in Python. |
Freeamigos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6496 | Medium | 5.3 | — | 2024-01-11 | The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the card_famne_export_settings function. |
Fuyanglipengjun · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-4961 | Medium | 5.5 | — | 2024-01-12 | A vulnerability was found in Weitong Mall 1.0.0. |
Gecka · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52219 | Critical | 9.9 | — | 2024-01-08 | Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1. |
Gentoo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2016-20021 | Critical | 9.8 | — | 2024-01-12 | In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. |
Get-simple · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51246 | Medium | 5.4 | — | 2024-01-08 | A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. |
Gitpython-developers · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22190 | High | 7.8 | — | 2024-01-11 | GitPython is a python library used to interact with Git repositories. |
Goauthentik · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21637 | High | 7.6 | — | 2024-01-11 | Authentik is an open-source Identity Provider. |
Gofiber · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22199 | Critical | 9.3 | — | 2024-01-11 | This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. |
Gradle · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49238 | Critical | 9.8 | — | 2024-01-09 | In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. |
Guangzhou Yingke Electronic Technology · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0305 | Medium | 5.3 | — | 2024-01-08 | A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. |
Gutengeek · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6638 | Medium | 6.5 | — | 2024-01-11 | The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. |
Hamidrezasepehr · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5911 | Medium | 4.8 | — | 2024-01-08 | The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when t… |
Hostinger · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6751 | High | 7.3 | — | 2024-01-11 | The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. |
Httpdx_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0419 | Medium | 5.3 | — | 2024-01-11 | A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. |
Hyperledger · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21669 | Critical | 9.9 | — | 2024-01-11 | Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. |
I13websolution · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6555 | Medium | 6.1 | — | 2024-01-08 | The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such a… |
Impactpixel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52197 | Medium | 5.9 | — | 2024-01-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0. |
Inc2734 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6316 | Critical | 9.8 | — | 2024-01-11 | The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. |
Infoblox · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-28975 | Medium | 5.4 | — | 2024-01-09 | A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field. |
Inpsyde · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5504 | High | 8.7 | — | 2024-01-11 | The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. |
Isharer And Upredsun · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0418 | Medium | 5.3 | — | 2024-01-11 | A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. |
Jannisthuemmig · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7070 | Medium | 6.4 | — | 2024-01-11 | The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input san… |
Javik · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52204 | High | 8.5 | — | 2024-01-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3. |
Jetbrains · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22370 | Medium | 4.6 | — | 2024-01-09 | In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible |
Jordy Meow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51508 | Medium | 5.3 | — | 2024-01-08 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8. |
Juzaweb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-46906 | Medium | 4.9 | — | 2024-01-09 | juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. |
Kofax · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5118 | Medium | 5.4 | — | 2024-01-11 | The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized a… |
Kutethemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5235 | High | 8.8 | — | 2024-01-08 | The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register'… |
Kyocera · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-50916 | High | 7.2 | — | 2024-01-10 | Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. |
Laybuy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21745 | Medium | 6.5 | — | 2024-01-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Stored XSS.This issue affects Laybuy Payment Extension for WooCommerce: from n/a t… |
Leechesnutt · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6878 | High | 8.8 | — | 2024-01-11 | The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. |
Lestrrat-go · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21664 | Medium | 4.3 | — | 2024-01-09 | jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. |
Lif-platforms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49801 | Medium | 4.2 | — | 2024-01-12 | Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. |
Likeshop · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0352 | High | 7.3 | — | 2024-01-09 | A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. |
Limitloginattempts · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6934 | Medium | 6.4 | — | 2024-01-11 | The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on u… |
Litespeedtech · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-4372 | Medium | 6.4 | — | 2024-01-11 | The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. |
Live555 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-37117 | Critical | 9.8 | — | 2024-01-12 | A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP. |
Magazine3 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6782 | Medium | 6.4 | — | 2024-01-11 | The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escapi… |
Mandelo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0356 | Medium | 4.3 | — | 2024-01-10 | A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. |
Mapster · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21744 | Medium | 6.5 | — | 2024-01-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapster Technology Inc. |
Mate-desktop · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51698 | Critical | 9.6 | — | 2024-01-12 | Atril is a simple multi-page document viewer. |
Matroska · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52339 | Medium | 6.5 | — | 2024-01-12 | In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. |
Maxfoundry · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6594 | Medium | 4.4 | — | 2024-01-09 | The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. |
Meetyoucrop · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7226 | Medium | 6.3 | — | 2024-01-11 | A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. |
Metagauss · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-36352 | Medium | 6.3 | — | 2024-01-08 | Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3. |
Michiel Van Eerd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52198 | Medium | 6.5 | — | 2024-01-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125. |
Mongodb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-0437 | Medium | 5.3 | — | 2024-01-12 | When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. |
Motopress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6042 | High | 7.5 | — | 2024-01-08 | Any unauthenticated user may send e-mail from the site with any title or content to the admin |
Mrousavy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21668 | Medium | 4.4 | — | 2024-01-09 | react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. |
Myrecorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6369 | Medium | 5.4 | — | 2024-01-11 | The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. |
Naziinfotech · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5957 | High | 7.2 | — | 2024-01-08 | The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RC… |
Netapp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21982 | Medium | 4.8 | — | 2024-01-12 | ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an adm… |
Ninja Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51406 | Medium | 5.3 | — | 2024-01-08 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7. |
Openssl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6129 | Medium | 6.5 | — | 2024-01-09 | Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. |
Openvpn · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7224 | High | 7.8 | — | 2024-01-08 | OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable |
Oxygen Builder · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6938 | Medium | 6.4 | — | 2024-01-11 | The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. |
Pallets · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-22195 | Medium | 5.4 | — | 2024-01-11 | Jinja is an extensible templating engine. |
Pickplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6645 | Medium | 6.4 | — | 2024-01-11 | The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escapin… |
Piotnet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6220 | High | 8.1 | — | 2024-01-11 | The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.28. |
Pluginus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6556 | Medium | 5.4 | — | 2024-01-11 | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output… |
Premio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7048 | Low | 3.1 | — | 2024-01-11 | The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. |
Prestashow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6921 | Critical | 9.8 | — | 2024-01-08 | Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. |
Proofpoint · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-5770 | Medium | 5.3 | — | 2024-01-09 | Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. |
Puma · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21647 | Medium | 5.9 | — | 2024-01-08 | Puma is a web server for Ruby/Rack applications built for parallelism. |
Qemu · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6683 | Medium | 6.5 | — | 2024-01-12 | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. |
Quic-go · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-49295 | Medium | 6.4 | — | 2024-01-10 | quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. |
Red Hat · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6476 | Medium | 6.5 | — | 2024-01-09 | A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. |
Repute Infosystems · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52200 | Critical | 9.6 | — | 2024-01-08 | Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership… |
Reputeinfosystems · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6828 | High | 7.2 | — | 2024-01-11 | The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all versions up to, and including, 1.5.8 due… |
Rextheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6529 | Medium | 6.1 | — | 2024-01-08 | The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vu… |
Rocklobster · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6630 | Medium | 4.3 | — | 2024-01-11 | The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing… |
Rubygems · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21654 | Medium | 4.8 | — | 2024-01-12 | Rubygems.org is the Ruby community's gem hosting service. |
Rymera · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-34344 | Medium | 5.4 | — | 2024-01-08 | Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Pri… |
Saadiqbal · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6875 | Critical | 9.8 | — | 2024-01-11 | The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app RE… |
Schneider Electric · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7032 | High | 7.8 | — | 2024-01-09 | A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. |
Shortpixel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6737 | Medium | 4.7 | — | 2024-01-11 | The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. |
Simple-membership-plugin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6882 | Medium | 6.1 | — | 2024-01-11 | The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. |
Softaculous · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6598 | Medium | 4.3 | — | 2024-01-11 | The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedyca… |
Sourcecodester · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0389 | Medium | 6.3 | — | 2024-01-10 | A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance System 1.0. |
Soxft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0344 | Medium | 5.5 | — | 2024-01-09 | A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. |
Strangerstudios · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6855 | Medium | 5.3 | — | 2024-01-11 | The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability… |
Studiowombat · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51408 | Medium | 5.3 | — | 2024-01-08 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing… |
Subnet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6631 | High | 7.8 | — | 2024-01-08 | PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. |
Synopsys · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0226 | Medium | 4.8 | — | 2024-01-09 | Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload. |
Tagbox · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52225 | Critical | 10.0 | — | 2024-01-08 | Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3… |
Tasmoadmin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6552 | Medium | 6.1 | — | 2024-01-08 | Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability. |
Tecnick · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6554 | Medium | 6.5 | — | 2024-01-11 | When access to the "admin" folder is not protected by some external authorization mechanisms e.g. |
Thehappymonster · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6632 | Medium | 6.1 | — | 2024-01-11 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for Elementor Pro) due to insufficient input sa… |
Themepunch · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6528 | High | 8.8 | — | 2024-01-08 | The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution. |
Themeum · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6161 | Medium | 6.1 | — | 2024-01-08 | The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin |
Theresehansen · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6845 | High | 8.8 | — | 2024-01-08 | The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks |
Trellix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0213 | High | 8.2 | — | 2024-01-09 | A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which run… |
Ukrsolution · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52215 | Critical | 9.3 | — | 2024-01-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management – just scan barcode to manage products and orders. |
Unknown · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6532 | High | 8.8 | — | 2024-01-08 | The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
Unknown-o · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-0354 | Medium | 5.3 | — | 2024-01-10 | A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. |
Videowhisper · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52213 | High | 7.1 | — | 2024-01-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJ… |
Vowelweb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6684 | Medium | 6.4 | — | 2024-01-11 | The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width'… |
Wazuh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-42463 | High | 7.4 | — | 2024-01-12 | Wazuh is a free and open source platform used for threat prevention, detection, and response. |
Wclovers · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-4960 | Medium | 6.4 | — | 2024-01-11 | The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attribut… |
Weavertheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6990 | Medium | 5.4 | — | 2024-01-11 | The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta (page-head… |
Webtoffee · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6558 | High | 7.2 | — | 2024-01-11 | The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. |
Wedevs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-21747 | High | 7.6 | — | 2024-01-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete… |
Wp Swings · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52190 | High | 7.5 | — | 2024-01-08 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. |
Wpchill · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-45354 | Medium | 5.3 | — | 2024-01-08 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. |
Wpdeveloper · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-7071 | Medium | 6.4 | — | 2024-01-11 | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient in… |
Wpmu Dev · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-51490 | Medium | 5.3 | — | 2024-01-08 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a… |
Wpsoul · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-6636 | High | 7.2 | — | 2024-01-11 | The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. |
Yevhen Kotelnytskyi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-52216 | Medium | 4.3 | — | 2024-01-08 | Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3. |
Zte · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-41781 | Medium | 5.7 | — | 2024-01-10 | There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. |
Škoda · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28899 | Medium | 4.7 | — | 2024-01-12 | By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. |