Latest vulnerabilities [Monday, January 08, 2024 + weekend]

Latest vulnerabilities [Monday, January 08, 2024 + weekend]
{{titre}}

Last update performed on 01/08/2024 at 11:57:06 PM

(17) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : patchstack.com

Vulnerability ID : CVE-2022-46839

First published on : 05-01-2024 11:15:09
Last modified on : 05-01-2024 11:54:11

Description :
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.

CVE ID : CVE-2022-46839
Source : audit@patchstack.com
CVSS Score : 10.0

References :
https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-7-1-arbitrary-file-upload-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-52218

First published on : 08-01-2024 18:15:51
Last modified on : 08-01-2024 19:05:05

Description :
Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8.

CVE ID : CVE-2023-52218
Source : audit@patchstack.com
CVSS Score : 10.0

References :
https://patchstack.com/database/vulnerability/woo-tranzila-gateway/wordpress-woocommerce-tranzila-gateway-plugin-1-0-8-unauthenticated-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-52225

First published on : 08-01-2024 18:15:52
Last modified on : 08-01-2024 19:05:05

Description :
Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1.

CVE ID : CVE-2023-52225
Source : audit@patchstack.com
CVSS Score : 10.0

References :
https://patchstack.com/database/vulnerability/taggbox-widget/wordpress-tagbox-widget-plugin-3-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-52219

First published on : 08-01-2024 18:15:52
Last modified on : 08-01-2024 19:05:05

Description :
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1.

CVE ID : CVE-2023-52219
Source : audit@patchstack.com
CVSS Score : 9.9

References :
https://patchstack.com/database/vulnerability/gecka-terms-thumbnails/wordpress-gecka-terms-thumbnails-plugin-1-1-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-52200

First published on : 08-01-2024 20:15:44
Last modified on : 08-01-2024 20:15:44

Description :
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a.

CVE ID : CVE-2023-52200
Source : audit@patchstack.com
CVSS Score : 9.6

References :
https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352
Vulnerability : CWE-502


Vulnerability ID : CVE-2023-52215

First published on : 08-01-2024 18:15:51
Last modified on : 08-01-2024 19:05:05

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce.This issue affects Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce: from n/a through 1.5.1.

CVE ID : CVE-2023-52215
Source : audit@patchstack.com
CVSS Score : 9.3

References :
https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-1-unauthenticated-sql-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-52207

First published on : 08-01-2024 19:15:09
Last modified on : 08-01-2024 19:30:10

Description :
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0.

CVE ID : CVE-2023-52207
Source : audit@patchstack.com
CVSS Score : 9.1

References :
https://patchstack.com/database/vulnerability/html5-mp3-player-with-playlist/wordpress-html5-mp3-player-plugin-3-0-0-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-52205

First published on : 08-01-2024 20:15:45
Last modified on : 08-01-2024 20:15:45

Description :
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0.

CVE ID : CVE-2023-52205
Source : audit@patchstack.com
CVSS Score : 9.1

References :
https://patchstack.com/database/vulnerability/html5-soundcloud-player-with-playlist/wordpress-html5-soundcloud-player-plugin-2-8-0-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-52202

First published on : 08-01-2024 21:15:10
Last modified on : 08-01-2024 21:15:10

Description :
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0.

CVE ID : CVE-2023-52202
Source : audit@patchstack.com
CVSS Score : 9.1

References :
https://patchstack.com/database/vulnerability/html5-mp3-player-with-mp3-folder-feedburner-playlist/wordpress-html5-mp3-player-with-folder-feedburner-plugin-2-8-0-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Source : github.com

Vulnerability ID : CVE-2024-21650

First published on : 08-01-2024 16:15:46
Last modified on : 08-01-2024 19:05:05

Description :
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1.

CVE ID : CVE-2024-21650
Source : security-advisories@github.com
CVSS Score : 10.0

References :
https://github.com/xwiki/xwiki-platform/commit/b290bfd573c6f7db6cc15a88dd4111d9fcad0d31 | source : security-advisories@github.com
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rj7p-xjv7-7229 | source : security-advisories@github.com
https://jira.xwiki.org/browse/XWIKI-21173 | source : security-advisories@github.com

Vulnerability : CWE-95


Source : vuldb.com

Vulnerability ID : CVE-2024-0287

First published on : 07-01-2024 23:15:43
Last modified on : 08-01-2024 17:51:58

Description :
A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249848.

CVE ID : CVE-2024-0287
Source : cna@vuldb.com
CVSS Score : 9.8

References :
https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability5.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249848 | source : cna@vuldb.com
https://vuldb.com/?id.249848 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:1.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2024-0288

First published on : 08-01-2024 00:15:43
Last modified on : 08-01-2024 17:52:18

Description :
A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. This affects an unknown part of the file rawstock_used_damaged_submit.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249849 was assigned to this vulnerability.

CVE ID : CVE-2024-0288
Source : cna@vuldb.com
CVSS Score : 9.8

References :
https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability12.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249849 | source : cna@vuldb.com
https://vuldb.com/?id.249849 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:1.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2024-0289

First published on : 08-01-2024 00:15:44
Last modified on : 08-01-2024 17:52:33

Description :
A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulnerability affects unknown code of the file stock_entry_submit.php. The manipulation of the argument itemype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249850 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0289
Source : cna@vuldb.com
CVSS Score : 9.8

References :
https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability14.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249850 | source : cna@vuldb.com
https://vuldb.com/?id.249850 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:1.0:*:*:*:*:*:*:*


Vulnerability ID : CVE-2024-0290

First published on : 08-01-2024 01:15:10
Last modified on : 08-01-2024 17:52:47

Description :
A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851.

CVE ID : CVE-2024-0290
Source : cna@vuldb.com
CVSS Score : 9.8

References :
https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability15.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249851 | source : cna@vuldb.com
https://vuldb.com/?id.249851 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:1.0:*:*:*:*:*:*:*


Source : cert.pl

Vulnerability ID : CVE-2023-6921

First published on : 08-01-2024 12:15:46
Last modified on : 08-01-2024 15:27:36

Description :
Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.

CVE ID : CVE-2023-6921
Source : cvd@cert.pl
CVSS Score : 9.8

References :
https://cert.pl/en/posts/2024/01/CVE-2023-6921/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-6921/ | source : cvd@cert.pl
https://prestashow.pl/pl/moduly-prestashop/28-prestashop-google-integrator-ga4-gtm-ads-remarketing.html | source : cvd@cert.pl

Vulnerability : CWE-89


Source : cisco.com

Vulnerability ID : CVE-2023-47211

First published on : 08-01-2024 15:15:25
Last modified on : 08-01-2024 18:15:51

Description :
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

CVE ID : CVE-2023-47211
Source : talos-cna@cisco.com
CVSS Score : 9.1

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851 | source : talos-cna@cisco.com
https://www.manageengine.com/itom/advisory/cve-2023-47211.html | source : talos-cna@cisco.com

Vulnerability : CWE-22


Source : mitre.org

Vulnerability ID : CVE-2023-50982

First published on : 08-01-2024 20:15:44
Last modified on : 08-01-2024 20:15:44

Description :
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9.

CVE ID : CVE-2023-50982
Source : cve@mitre.org
CVSS Score : 9.0

References :
https://gitlab.studip.de/studip/studip/-/tags | source : cve@mitre.org
https://rehmeinfosec.de/labor/cve-2023-50982 | source : cve@mitre.org
https://sourceforge.net/projects/studip/files/Stud.IP/5.4/ | source : cve@mitre.org


(122) HIGH VULNERABILITIES [7.0, 8.9]

Source : patchstack.com

Vulnerability ID : CVE-2023-52150

First published on : 05-01-2024 08:15:43
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5.

CVE ID : CVE-2023-52150
Source : audit@patchstack.com
CVSS Score : 8.8

References :
https://patchstack.com/database/vulnerability/dynamic-content-for-elementor/wordpress-dynamic-content-for-elementor-plugin-2-12-5-cross-site-request-forgery-csrf-leading-to-arbitrary-wordpress-options-change-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52204

First published on : 08-01-2024 20:15:45
Last modified on : 08-01-2024 20:15:45

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3.

CVE ID : CVE-2023-52204
Source : audit@patchstack.com
CVSS Score : 8.5

References :
https://patchstack.com/database/vulnerability/randomize/wordpress-randomize-plugin-1-4-3-contributor-sql-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-52206

First published on : 08-01-2024 20:15:45
Last modified on : 08-01-2024 20:15:45

Description :
Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25.

CVE ID : CVE-2023-52206
Source : audit@patchstack.com
CVSS Score : 7.7

References :
https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-25-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2024-21747

First published on : 08-01-2024 17:15:08
Last modified on : 08-01-2024 19:05:05

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting: from n/a through 1.12.8.

CVE ID : CVE-2024-21747
Source : audit@patchstack.com
CVSS Score : 7.6

References :
https://patchstack.com/database/vulnerability/erp/wordpress-wp-erp-plugin-1-12-8-sql-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-52142

First published on : 08-01-2024 21:15:09
Last modified on : 08-01-2024 21:15:09

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1.

CVE ID : CVE-2023-52142
Source : audit@patchstack.com
CVSS Score : 7.6

References :
https://patchstack.com/database/vulnerability/template-events-calendar/wordpress-events-shortcodes-for-the-events-calendar-plugin-2-3-1-sql-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-52201

First published on : 08-01-2024 21:15:10
Last modified on : 08-01-2024 21:15:10

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brian D. Goad pTypeConverter.This issue affects pTypeConverter: from n/a through 0.2.8.1.

CVE ID : CVE-2023-52201
Source : audit@patchstack.com
CVSS Score : 7.6

References :
https://patchstack.com/database/vulnerability/ptypeconverter/wordpress-ptypeconverter-plugin-0-2-8-1-subscriber-sql-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-51502

First published on : 05-01-2024 08:15:42
Last modified on : 05-01-2024 11:54:11

Description :
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.

CVE ID : CVE-2023-51502
Source : audit@patchstack.com
CVSS Score : 7.5

References :
https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-gateway-plugin-7-6-1-unauthenticated-insecure-direct-object-references-idor-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-52143

First published on : 05-01-2024 11:15:10
Last modified on : 05-01-2024 11:54:11

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37.

CVE ID : CVE-2023-52143
Source : audit@patchstack.com
CVSS Score : 7.5

References :
https://patchstack.com/database/vulnerability/wp-stripe-checkout/wordpress-wp-stripe-checkout-plugin-1-2-2-37-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-52190

First published on : 08-01-2024 19:15:08
Last modified on : 08-01-2024 19:30:10

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2.

CVE ID : CVE-2023-52190
Source : audit@patchstack.com
CVSS Score : 7.5

References :
https://patchstack.com/database/vulnerability/coupon-referral-program/wordpress-coupon-referral-program-plugin-1-7-2-unauthenticated-sensitive-data-pii-coupon-data-exposure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-52213

First published on : 08-01-2024 20:15:45
Last modified on : 08-01-2024 20:15:45

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1.

CVE ID : CVE-2023-52213
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/rate-star-review/wordpress-rate-star-review-plugin-1-5-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-52196

First published on : 08-01-2024 21:15:09
Last modified on : 08-01-2024 21:15:09

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12.

CVE ID : CVE-2023-52196
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/cpt-bootstrap-carousel/wordpress-cpt-bootstrap-carousel-plugin-1-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-41288

First published on : 05-01-2024 17:15:09
Last modified on : 05-01-2024 18:23:40

Description :
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later

CVE ID : CVE-2023-41288
Source : security@qnapsecurity.com.tw
CVSS Score : 8.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-55 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-39296

First published on : 05-01-2024 17:15:09
Last modified on : 05-01-2024 18:23:40

Description :
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later

CVE ID : CVE-2023-39296
Source : security@qnapsecurity.com.tw
CVSS Score : 7.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-64 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-1321


Vulnerability ID : CVE-2023-47560

First published on : 05-01-2024 17:15:11
Last modified on : 05-01-2024 18:23:40

Description :
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later

CVE ID : CVE-2023-47560
Source : security@qnapsecurity.com.tw
CVSS Score : 7.4

References :
https://www.qnap.com/en/security-advisory/qsa-23-23 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-77
Vulnerability : CWE-78


Source : open-xchange.com

Vulnerability ID : CVE-2023-29048

First published on : 08-01-2024 09:15:19
Last modified on : 08-01-2024 12:02:30

Description :
A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known.

CVE ID : CVE-2023-29048
Source : security@open-xchange.com
CVSS Score : 8.8

References :
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0005.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf | source : security@open-xchange.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-29051

First published on : 08-01-2024 09:15:20
Last modified on : 08-01-2024 12:02:30

Description :
User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known.

CVE ID : CVE-2023-29051
Source : security@open-xchange.com
CVSS Score : 8.1

References :
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0006.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf | source : security@open-xchange.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-29050

First published on : 08-01-2024 09:15:20
Last modified on : 08-01-2024 12:02:30

Description :
The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known.

CVE ID : CVE-2023-29050
Source : security@open-xchange.com
CVSS Score : 7.6

References :
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0005.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf | source : security@open-xchange.com

Vulnerability : CWE-90


Source : us.ibm.com

Vulnerability ID : CVE-2023-47145

First published on : 07-01-2024 19:15:08
Last modified on : 08-01-2024 12:02:30

Description :
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

CVE ID : CVE-2023-47145
Source : psirt@us.ibm.com
CVSS Score : 8.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/270402 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105500 | source : psirt@us.ibm.com


Source : vuldb.com

Vulnerability ID : CVE-2023-7208

First published on : 07-01-2024 07:15:07
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7208
Source : cna@vuldb.com
CVSS Score : 8.0

References :
https://github.com/unpWn4bL3/iot-security/blob/main/13.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249742 | source : cna@vuldb.com
https://vuldb.com/?id.249742 | source : cna@vuldb.com

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-7209

First published on : 07-01-2024 09:15:08
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in Uniway Router up to 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boaform/device_reset.cgi of the component Device Reset Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249758 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7209
Source : cna@vuldb.com
CVSS Score : 7.5

References :
https://drive.google.com/file/d/1XDZA4ibiYNcxTwq60vYCr03_6M_cvJ_2/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249758 | source : cna@vuldb.com
https://vuldb.com/?id.249758 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0247

First published on : 05-01-2024 19:15:08
Last modified on : 05-01-2024 22:12:18

Description :
A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0247
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://drive.google.com/file/d/13xhOZ3Zg-XoviVC744PPDorTxYbLUgbv/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249778 | source : cna@vuldb.com
https://vuldb.com/?id.249778 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0264

First published on : 07-01-2024 05:15:09
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820.

CVE ID : CVE-2024-0264
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/ | source : cna@vuldb.com
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py | source : cna@vuldb.com
https://vuldb.com/?ctiid.249820 | source : cna@vuldb.com
https://vuldb.com/?id.249820 | source : cna@vuldb.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2024-0267

First published on : 07-01-2024 06:15:47
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249823.

CVE ID : CVE-2024-0267
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%201.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249823 | source : cna@vuldb.com
https://vuldb.com/?id.249823 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0268

First published on : 07-01-2024 08:15:07
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824.

CVE ID : CVE-2024-0268
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%202.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249824 | source : cna@vuldb.com
https://vuldb.com/?id.249824 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7210

First published on : 07-01-2024 10:15:08
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability.

CVE ID : CVE-2023-7210
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://note.zhaoj.in/share/eRbUygGMiJcp | source : cna@vuldb.com
https://vuldb.com/?ctiid.249765 | source : cna@vuldb.com
https://vuldb.com/?id.249765 | source : cna@vuldb.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2024-0294

First published on : 08-01-2024 03:15:14
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0294
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUssd/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249860 | source : cna@vuldb.com
https://vuldb.com/?id.249860 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-0295

First published on : 08-01-2024 04:15:08
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0295
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249861 | source : cna@vuldb.com
https://vuldb.com/?id.249861 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-0296

First published on : 08-01-2024 04:15:08
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0296
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/NTPSyncWithHost/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249862 | source : cna@vuldb.com
https://vuldb.com/?id.249862 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-0297

First published on : 08-01-2024 05:15:09
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0297
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/UploadFirmwareFile/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249863 | source : cna@vuldb.com
https://vuldb.com/?id.249863 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-0298

First published on : 08-01-2024 05:15:09
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0298
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setDiagnosisCfg/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249864 | source : cna@vuldb.com
https://vuldb.com/?id.249864 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-0299

First published on : 08-01-2024 06:15:44
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0299
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setTracerouteCfg/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249865 | source : cna@vuldb.com
https://vuldb.com/?id.249865 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-0306

First published on : 08-01-2024 09:15:21
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_login_process.php. The manipulation of the argument admin_password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249873 was assigned to this vulnerability.

CVE ID : CVE-2024-0306
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%201.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249873 | source : cna@vuldb.com
https://vuldb.com/?id.249873 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0307

First published on : 08-01-2024 10:15:11
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0307
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/VistaAX/vulnerablility/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%202.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249874 | source : cna@vuldb.com
https://vuldb.com/?id.249874 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7218

First published on : 08-01-2024 21:15:10
Last modified on : 08-01-2024 21:15:10

Description :
A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7218
Source : cna@vuldb.com
CVSS Score : 7.2

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/4/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249852 | source : cna@vuldb.com
https://vuldb.com/?id.249852 | source : cna@vuldb.com

Vulnerability : CWE-121


Source : cisco.com

Vulnerability ID : CVE-2023-34087

First published on : 08-01-2024 15:15:08
Last modified on : 08-01-2024 18:15:45

Description :
An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially crafted .evcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-34087
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1803 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-34436

First published on : 08-01-2024 15:15:08
Last modified on : 08-01-2024 18:15:45

Description :
An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-34436
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1819 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-35004

First published on : 08-01-2024 15:15:09
Last modified on : 08-01-2024 18:15:45

Description :
An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-35004
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1816 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-35057

First published on : 08-01-2024 15:15:09
Last modified on : 08-01-2024 18:15:45

Description :
An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-35057
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1821 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-35702

First published on : 08-01-2024 15:15:09
Last modified on : 08-01-2024 18:15:45

Description :
Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32 function.

CVE ID : CVE-2023-35702
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1783 | source : talos-cna@cisco.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-35703

First published on : 08-01-2024 15:15:09
Last modified on : 08-01-2024 18:15:45

Description :
Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint64 function.

CVE ID : CVE-2023-35703
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1783 | source : talos-cna@cisco.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-35704

First published on : 08-01-2024 15:15:10
Last modified on : 08-01-2024 18:15:45

Description :
Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32WithSkip function.

CVE ID : CVE-2023-35704
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1783 | source : talos-cna@cisco.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-35955

First published on : 08-01-2024 15:15:10
Last modified on : 08-01-2024 18:15:46

Description :
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `LZ4_decompress_safe_partial`.

CVE ID : CVE-2023-35955
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1785 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-35956

First published on : 08-01-2024 15:15:10
Last modified on : 08-01-2024 18:15:46

Description :
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `fastlz_decompress`.

CVE ID : CVE-2023-35956
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1785 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-35957

First published on : 08-01-2024 15:15:10
Last modified on : 08-01-2024 18:15:46

Description :
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `uncompress`.

CVE ID : CVE-2023-35957
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1785 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-35958

First published on : 08-01-2024 15:15:11
Last modified on : 08-01-2024 18:15:46

Description :
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the copy function `fstFread`.

CVE ID : CVE-2023-35958
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1785 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-35959

First published on : 08-01-2024 15:15:11
Last modified on : 08-01-2024 18:15:46

Description :
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns `.ghw` decompression.

CVE ID : CVE-2023-35959
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-35960

First published on : 08-01-2024 15:15:11
Last modified on : 08-01-2024 18:15:46

Description :
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy decompression in `vcd_main`.

CVE ID : CVE-2023-35960
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-35961

First published on : 08-01-2024 15:15:11
Last modified on : 08-01-2024 18:15:46

Description :
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in `vcd_recorder_main`.

CVE ID : CVE-2023-35961
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-35962

First published on : 08-01-2024 15:15:11
Last modified on : 08-01-2024 18:15:46

Description :
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2vzt` utility.

CVE ID : CVE-2023-35962
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-35963

First published on : 08-01-2024 15:15:12
Last modified on : 08-01-2024 18:15:46

Description :
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt2` utility.

CVE ID : CVE-2023-35963
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-35964

First published on : 08-01-2024 15:15:12
Last modified on : 08-01-2024 18:15:46

Description :
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt` utility.

CVE ID : CVE-2023-35964
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-35969

First published on : 08-01-2024 15:15:12
Last modified on : 08-01-2024 18:15:46

Description :
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of `FST_BL_VCDATA` and `FST_BL_VCDATA_DYN_ALIAS` section types.

CVE ID : CVE-2023-35969
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1789 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-35970

First published on : 08-01-2024 15:15:12
Last modified on : 08-01-2024 18:15:46

Description :
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of the `FST_BL_VCDATA_DYN_ALIAS2` section type.

CVE ID : CVE-2023-35970
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1789 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-35989

First published on : 08-01-2024 15:15:12
Last modified on : 08-01-2024 18:15:47

Description :
An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-35989
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1822 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-35994

First published on : 08-01-2024 15:15:13
Last modified on : 08-01-2024 18:15:47

Description :
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta initialization part.

CVE ID : CVE-2023-35994
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1791 | source : talos-cna@cisco.com

Vulnerability : CWE-129


Vulnerability ID : CVE-2023-35995

First published on : 08-01-2024 15:15:13
Last modified on : 08-01-2024 18:15:47

Description :
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 1.

CVE ID : CVE-2023-35995
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1791 | source : talos-cna@cisco.com

Vulnerability : CWE-129


Vulnerability ID : CVE-2023-35996

First published on : 08-01-2024 15:15:13
Last modified on : 08-01-2024 18:15:47

Description :
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 0.

CVE ID : CVE-2023-35996
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1791 | source : talos-cna@cisco.com

Vulnerability : CWE-129


Vulnerability ID : CVE-2023-35997

First published on : 08-01-2024 15:15:13
Last modified on : 08-01-2024 18:15:47

Description :
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 2 or more.

CVE ID : CVE-2023-35997
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1791 | source : talos-cna@cisco.com

Vulnerability : CWE-129


Vulnerability ID : CVE-2023-36861

First published on : 08-01-2024 15:15:14
Last modified on : 08-01-2024 18:15:47

Description :
An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-36861
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1811 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-36864

First published on : 08-01-2024 15:15:14
Last modified on : 08-01-2024 18:15:47

Description :
An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-36864
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1797 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-36915

First published on : 08-01-2024 15:15:14
Last modified on : 08-01-2024 18:15:47

Description :
Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table` array.

CVE ID : CVE-2023-36915
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-36916

First published on : 08-01-2024 15:15:14
Last modified on : 08-01-2024 18:15:47

Description :
Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table_lengths` array.

CVE ID : CVE-2023-36916
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-37282

First published on : 08-01-2024 15:15:15
Last modified on : 08-01-2024 18:15:47

Description :
An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-37282
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1810 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-37416

First published on : 08-01-2024 15:15:15
Last modified on : 08-01-2024 18:15:48

Description :
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's legacy VCD parsing code.

CVE ID : CVE-2023-37416
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804 | source : talos-cna@cisco.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-37417

First published on : 08-01-2024 15:15:15
Last modified on : 08-01-2024 18:15:48

Description :
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's interactive VCD parsing code.

CVE ID : CVE-2023-37417
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804 | source : talos-cna@cisco.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-37418

First published on : 08-01-2024 15:15:15
Last modified on : 08-01-2024 18:15:48

Description :
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utility.

CVE ID : CVE-2023-37418
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804 | source : talos-cna@cisco.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-37419

First published on : 08-01-2024 15:15:15
Last modified on : 08-01-2024 18:15:48

Description :
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility.

CVE ID : CVE-2023-37419
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804 | source : talos-cna@cisco.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-37420

First published on : 08-01-2024 15:15:16
Last modified on : 08-01-2024 18:15:48

Description :
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility.

CVE ID : CVE-2023-37420
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804 | source : talos-cna@cisco.com

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-37442

First published on : 08-01-2024 15:15:16
Last modified on : 08-01-2024 18:15:48

Description :
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's default VCD parsing code.

CVE ID : CVE-2023-37442
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-37443

First published on : 08-01-2024 15:15:16
Last modified on : 08-01-2024 18:15:48

Description :
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's legacy VCD parsing code.

CVE ID : CVE-2023-37443
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-37444

First published on : 08-01-2024 15:15:16
Last modified on : 08-01-2024 18:15:48

Description :
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's interactive VCD parsing code.

CVE ID : CVE-2023-37444
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-37445

First published on : 08-01-2024 15:15:16
Last modified on : 08-01-2024 18:15:48

Description :
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utility.

CVE ID : CVE-2023-37445
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-37446

First published on : 08-01-2024 15:15:17
Last modified on : 08-01-2024 18:15:48

Description :
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility.

CVE ID : CVE-2023-37446
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-37447

First published on : 08-01-2024 15:15:17
Last modified on : 08-01-2024 18:15:48

Description :
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility.

CVE ID : CVE-2023-37447
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-37573

First published on : 08-01-2024 15:15:17
Last modified on : 08-01-2024 18:15:48

Description :
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's recoder (default) VCD parsing code.

CVE ID : CVE-2023-37573
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 | source : talos-cna@cisco.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-37574

First published on : 08-01-2024 15:15:17
Last modified on : 08-01-2024 18:15:48

Description :
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's legacy VCD parsing code.

CVE ID : CVE-2023-37574
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 | source : talos-cna@cisco.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-37575

First published on : 08-01-2024 15:15:17
Last modified on : 08-01-2024 18:15:48

Description :
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's interactive VCD parsing code.

CVE ID : CVE-2023-37575
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 | source : talos-cna@cisco.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-37576

First published on : 08-01-2024 15:15:18
Last modified on : 08-01-2024 18:15:49

Description :
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2vzt conversion utility.

CVE ID : CVE-2023-37576
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 | source : talos-cna@cisco.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-37577

First published on : 08-01-2024 15:15:18
Last modified on : 08-01-2024 18:15:49

Description :
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt2 conversion utility.

CVE ID : CVE-2023-37577
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 | source : talos-cna@cisco.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-37578

First published on : 08-01-2024 15:15:18
Last modified on : 08-01-2024 18:15:49

Description :
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt conversion utility.

CVE ID : CVE-2023-37578
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 | source : talos-cna@cisco.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-37921

First published on : 08-01-2024 15:15:18
Last modified on : 08-01-2024 18:15:49

Description :
Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2vzt conversion utility.

CVE ID : CVE-2023-37921
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807 | source : talos-cna@cisco.com

Vulnerability : CWE-118


Vulnerability ID : CVE-2023-37922

First published on : 08-01-2024 15:15:18
Last modified on : 08-01-2024 18:15:49

Description :
Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt2 conversion utility.

CVE ID : CVE-2023-37922
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807 | source : talos-cna@cisco.com

Vulnerability : CWE-118


Vulnerability ID : CVE-2023-37923

First published on : 08-01-2024 15:15:18
Last modified on : 08-01-2024 18:15:49

Description :
Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility.

CVE ID : CVE-2023-37923
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807 | source : talos-cna@cisco.com

Vulnerability : CWE-118


Vulnerability ID : CVE-2023-38583

First published on : 08-01-2024 15:15:19
Last modified on : 08-01-2024 18:15:49

Description :
A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-38583
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1827 | source : talos-cna@cisco.com

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-38618

First published on : 08-01-2024 15:15:19
Last modified on : 08-01-2024 18:15:49

Description :
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array.

CVE ID : CVE-2023-38618
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-38619

First published on : 08-01-2024 15:15:19
Last modified on : 08-01-2024 18:15:49

Description :
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array.

CVE ID : CVE-2023-38619
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-38620

First published on : 08-01-2024 15:15:19
Last modified on : 08-01-2024 18:15:49

Description :
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array.

CVE ID : CVE-2023-38620
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-38621

First published on : 08-01-2024 15:15:20
Last modified on : 08-01-2024 18:15:49

Description :
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array.

CVE ID : CVE-2023-38621
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-38622

First published on : 08-01-2024 15:15:20
Last modified on : 08-01-2024 18:15:49

Description :
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array.

CVE ID : CVE-2023-38622
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-38623

First published on : 08-01-2024 15:15:20
Last modified on : 08-01-2024 18:15:49

Description :
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `vindex_offset` array.

CVE ID : CVE-2023-38623
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-38648

First published on : 08-01-2024 15:15:20
Last modified on : 08-01-2024 18:15:50

Description :
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop.

CVE ID : CVE-2023-38648
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1813 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-38649

First published on : 08-01-2024 15:15:21
Last modified on : 08-01-2024 18:15:50

Description :
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop.

CVE ID : CVE-2023-38649
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1813 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-38657

First published on : 08-01-2024 15:15:22
Last modified on : 08-01-2024 18:15:50

Description :
An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-38657
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1823 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-39234

First published on : 08-01-2024 15:15:22
Last modified on : 08-01-2024 18:15:50

Description :
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when looping over `lt->numrealfacs`.

CVE ID : CVE-2023-39234
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1817 | source : talos-cna@cisco.com

Vulnerability : CWE-129


Vulnerability ID : CVE-2023-39235

First published on : 08-01-2024 15:15:22
Last modified on : 08-01-2024 18:15:50

Description :
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when looping over `lt->num_time_ticks`.

CVE ID : CVE-2023-39235
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1817 | source : talos-cna@cisco.com

Vulnerability : CWE-129


Vulnerability ID : CVE-2023-39270

First published on : 08-01-2024 15:15:22
Last modified on : 08-01-2024 18:15:50

Description :
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array.

CVE ID : CVE-2023-39270
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-39271

First published on : 08-01-2024 15:15:23
Last modified on : 08-01-2024 18:15:50

Description :
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array.

CVE ID : CVE-2023-39271
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-39272

First published on : 08-01-2024 15:15:23
Last modified on : 08-01-2024 18:15:50

Description :
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array.

CVE ID : CVE-2023-39272
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-39273

First published on : 08-01-2024 15:15:23
Last modified on : 08-01-2024 18:15:50

Description :
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array.

CVE ID : CVE-2023-39273
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-39274

First published on : 08-01-2024 15:15:23
Last modified on : 08-01-2024 18:15:50

Description :
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array.

CVE ID : CVE-2023-39274
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-39275

First published on : 08-01-2024 15:15:23
Last modified on : 08-01-2024 18:15:51

Description :
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `value` array.

CVE ID : CVE-2023-39275
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-39316

First published on : 08-01-2024 15:15:24
Last modified on : 08-01-2024 18:15:51

Description :
Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_pointers` array.

CVE ID : CVE-2023-39316
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1820 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-39317

First published on : 08-01-2024 15:15:24
Last modified on : 08-01-2024 18:15:51

Description :
Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_lens` array.

CVE ID : CVE-2023-39317
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1820 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-39443

First published on : 08-01-2024 15:15:24
Last modified on : 08-01-2024 18:15:51

Description :
Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop.

CVE ID : CVE-2023-39443
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1826 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-39444

First published on : 08-01-2024 15:15:25
Last modified on : 08-01-2024 18:15:51

Description :
Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop.

CVE ID : CVE-2023-39444
Source : talos-cna@cisco.com
CVSS Score : 7.8

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1826 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-32650

First published on : 08-01-2024 15:15:08
Last modified on : 08-01-2024 18:15:45

Description :
An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-32650
Source : talos-cna@cisco.com
CVSS Score : 7.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1777 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-35128

First published on : 08-01-2024 15:15:09
Last modified on : 08-01-2024 18:15:45

Description :
An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-35128
Source : talos-cna@cisco.com
CVSS Score : 7.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1792 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-35992

First published on : 08-01-2024 15:15:12
Last modified on : 08-01-2024 18:15:47

Description :
An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.

CVE ID : CVE-2023-35992
Source : talos-cna@cisco.com
CVSS Score : 7.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1790 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-36746

First published on : 08-01-2024 15:15:13
Last modified on : 08-01-2024 18:15:47

Description :
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when parsing the time table.

CVE ID : CVE-2023-36746
Source : talos-cna@cisco.com
CVSS Score : 7.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1793 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-36747

First published on : 08-01-2024 15:15:14
Last modified on : 08-01-2024 18:15:47

Description :
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when `beg_time` does not match the start of the time table.

CVE ID : CVE-2023-36747
Source : talos-cna@cisco.com
CVSS Score : 7.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1793 | source : talos-cna@cisco.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2023-38650

First published on : 08-01-2024 15:15:21
Last modified on : 08-01-2024 18:15:50

Description :
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero.

CVE ID : CVE-2023-38650
Source : talos-cna@cisco.com
CVSS Score : 7.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1814 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-38651

First published on : 08-01-2024 15:15:21
Last modified on : 08-01-2024 18:15:50

Description :
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero.

CVE ID : CVE-2023-38651
Source : talos-cna@cisco.com
CVSS Score : 7.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1814 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-38652

First published on : 08-01-2024 15:15:21
Last modified on : 08-01-2024 18:15:50

Description :
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero.

CVE ID : CVE-2023-38652
Source : talos-cna@cisco.com
CVSS Score : 7.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1815 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-38653

First published on : 08-01-2024 15:15:22
Last modified on : 08-01-2024 18:15:50

Description :
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero.

CVE ID : CVE-2023-38653
Source : talos-cna@cisco.com
CVSS Score : 7.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1815 | source : talos-cna@cisco.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-39413

First published on : 08-01-2024 15:15:24
Last modified on : 08-01-2024 18:15:51

Description :
Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the left shift operation.

CVE ID : CVE-2023-39413
Source : talos-cna@cisco.com
CVSS Score : 7.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1824 | source : talos-cna@cisco.com

Vulnerability : CWE-191


Vulnerability ID : CVE-2023-39414

First published on : 08-01-2024 15:15:24
Last modified on : 08-01-2024 18:15:51

Description :
Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the right shift operation.

CVE ID : CVE-2023-39414
Source : talos-cna@cisco.com
CVSS Score : 7.0

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1824 | source : talos-cna@cisco.com

Vulnerability : CWE-191


Source : ubuntu.com

Vulnerability ID : CVE-2022-3328

First published on : 08-01-2024 18:15:45
Last modified on : 08-01-2024 19:05:05

Description :
Race condition in snap-confine's must_mkdir_and_open_with_perms()

CVE ID : CVE-2022-3328
Source : security@ubuntu.com
CVSS Score : 7.8

References :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5753-1 | source : security@ubuntu.com


Vulnerability ID : CVE-2021-3600

First published on : 08-01-2024 19:15:08
Last modified on : 08-01-2024 19:30:10

Description :
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

CVE ID : CVE-2021-3600
Source : security@ubuntu.com
CVSS Score : 7.8

References :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 | source : security@ubuntu.com
https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5003-1 | source : security@ubuntu.com


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-6631

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 20:15:46

Description :
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.

CVE ID : CVE-2023-6631
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://subnet.com/contact/ | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-01 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-428


Source : github.com

Vulnerability ID : CVE-2024-21641

First published on : 05-01-2024 21:15:43
Last modified on : 05-01-2024 22:12:18

Description :
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe.

CVE ID : CVE-2024-21641
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a | source : security-advisories@github.com
https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176 | source : security-advisories@github.com
https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr | source : security-advisories@github.com

Vulnerability : CWE-601


Vulnerability ID : CVE-2024-21642

First published on : 05-01-2024 22:15:43
Last modified on : 08-01-2024 12:02:30

Description :
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users.

CVE ID : CVE-2024-21642
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/man-group/dtale/commit/954f6be1a06ff8629ead2c85c6e3f8e2196b3df2 | source : security-advisories@github.com
https://github.com/man-group/dtale/security/advisories/GHSA-7hfx-h3j3-rwq4 | source : security-advisories@github.com
https://github.com/man-group/dtale?tab=readme-ov-file#load-data--sample-datasets | source : security-advisories@github.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2024-21644

First published on : 08-01-2024 14:15:47
Last modified on : 08-01-2024 15:27:36

Description :
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.

CVE ID : CVE-2024-21644
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40 | source : security-advisories@github.com
https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv | source : security-advisories@github.com

Vulnerability : CWE-284


(99) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-39294

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:40

Description :
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later

CVE ID : CVE-2023-39294
Source : security@qnapsecurity.com.tw
CVSS Score : 6.6

References :
https://www.qnap.com/en/security-advisory/qsa-23-54 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-41289

First published on : 05-01-2024 17:15:09
Last modified on : 05-01-2024 18:23:40

Description :
An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later

CVE ID : CVE-2023-41289
Source : security@qnapsecurity.com.tw
CVSS Score : 6.3

References :
https://www.qnap.com/en/security-advisory/qsa-23-34 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-47559

First published on : 05-01-2024 17:15:11
Last modified on : 05-01-2024 18:23:40

Description :
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later

CVE ID : CVE-2023-47559
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-23 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41287

First published on : 05-01-2024 17:15:09
Last modified on : 05-01-2024 18:23:40

Description :
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later

CVE ID : CVE-2023-41287
Source : security@qnapsecurity.com.tw
CVSS Score : 4.3

References :
https://www.qnap.com/en/security-advisory/qsa-23-55 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-89


Source : patchstack.com

Vulnerability ID : CVE-2023-52178

First published on : 05-01-2024 08:15:43
Last modified on : 05-01-2024 11:54:11

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS.This issue affects WP Affiliate Disclosure: from n/a through 1.2.7.

CVE ID : CVE-2023-52178
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/wp-affiliate-disclosure/wordpress-wp-affiliate-disclosure-plugin-1-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-52124

First published on : 05-01-2024 12:15:09
Last modified on : 05-01-2024 18:23:44

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0.

CVE ID : CVE-2023-52124
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/wp-expand-tabs-free/wordpress-wp-tabs-responsive-tabs-plugin-for-wordpress-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-52125

First published on : 05-01-2024 12:15:10
Last modified on : 05-01-2024 18:23:44

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8.

CVE ID : CVE-2023-52125
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/iframe/wordpress-iframe-plugin-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-21744

First published on : 08-01-2024 17:15:07
Last modified on : 08-01-2024 19:05:05

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapster Technology Inc. Mapster WP Maps allows Stored XSS.This issue affects Mapster WP Maps: from n/a through 1.2.38.

CVE ID : CVE-2024-21744
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/mapster-wp-maps/wordpress-mapster-wp-maps-plugin-1-2-38-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-21745

First published on : 08-01-2024 17:15:07
Last modified on : 08-01-2024 19:05:05

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Stored XSS.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9.

CVE ID : CVE-2024-21745
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/laybuy-gateway-for-woocommerce/wordpress-laybuy-payment-extension-for-woocommerce-plugin-5-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-52198

First published on : 08-01-2024 21:15:10
Last modified on : 08-01-2024 21:15:10

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125.

CVE ID : CVE-2023-52198
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/private-google-calendars/wordpress-private-google-calendars-plugin-20231125-contributor-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-52129

First published on : 05-01-2024 09:15:09
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.

CVE ID : CVE-2023-52129
Source : audit@patchstack.com
CVSS Score : 6.3

References :
https://patchstack.com/database/vulnerability/teachpress/wordpress-teachpress-plugin-9-0-4-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2022-36352

First published on : 08-01-2024 22:15:44
Last modified on : 08-01-2024 22:15:44

Description :
Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3.

CVE ID : CVE-2022-36352
Source : audit@patchstack.com
CVSS Score : 6.3

References :
https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-0-3-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-52203

First published on : 08-01-2024 20:15:45
Last modified on : 08-01-2024 20:15:45

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5.

CVE ID : CVE-2023-52203
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/cforms2/wordpress-cformsii-plugin-15-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-52197

First published on : 08-01-2024 21:15:10
Last modified on : 08-01-2024 21:15:10

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0.

CVE ID : CVE-2023-52197
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/ads-invalid-click-protection/wordpress-ads-invalid-click-protection-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-52149

First published on : 05-01-2024 09:15:10
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0.

CVE ID : CVE-2023-52149
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/floating-button/wordpress-floating-button-plugin-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51673

First published on : 05-01-2024 10:15:12
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17.

CVE ID : CVE-2023-51673
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/stylish-price-list/wordpress-stylish-price-list-plugin-7-0-17-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52120

First published on : 05-01-2024 10:15:13
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2.

CVE ID : CVE-2023-52120
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/nex-forms-express-wp-form-builder/wordpress-nex-forms-plugin-8-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52121

First published on : 05-01-2024 10:15:13
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2.

CVE ID : CVE-2023-52121
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2022-34344

First published on : 08-01-2024 22:15:44
Last modified on : 08-01-2024 22:15:44

Description :
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5.

CVE ID : CVE-2022-34344
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/woocommerce-wholesale-prices/wordpress-wholesale-suite-plugin-2-1-5-auth-plugin-settings-change-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-52146

First published on : 05-01-2024 11:15:10
Last modified on : 05-01-2024 11:54:11

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.

CVE ID : CVE-2023-52146
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-33-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-52148

First published on : 05-01-2024 11:15:11
Last modified on : 05-01-2024 11:54:15

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30.

CVE ID : CVE-2023-52148
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/affiliates-manager/wordpress-affiliates-manager-plugin-2-9-30-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-52151

First published on : 05-01-2024 11:15:11
Last modified on : 05-01-2024 11:54:15

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin.This issue affects Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin: from n/a through 5.1.0.2.

CVE ID : CVE-2023-52151
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/uncanny-automator/wordpress-uncanny-automator-plugin-5-1-0-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-52126

First published on : 05-01-2024 12:15:11
Last modified on : 05-01-2024 18:23:44

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3.

CVE ID : CVE-2023-52126
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/send-users-email/wordpress-send-users-email-plugin-1-4-3-sensitive-data-exposure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-52208

First published on : 08-01-2024 19:15:09
Last modified on : 08-01-2024 19:30:06

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2.

CVE ID : CVE-2023-52208
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/constant-contact-forms/wordpress-constant-contact-forms-plugin-2-4-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2022-45354

First published on : 08-01-2024 21:15:08
Last modified on : 08-01-2024 21:15:08

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.

CVE ID : CVE-2022-45354
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-7-60-sensitive-data-exposure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-51406

First published on : 08-01-2024 21:15:08
Last modified on : 08-01-2024 21:15:08

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7.

CVE ID : CVE-2023-51406
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/fastdup/wordpress-fastdup-plugin-2-1-7-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-51408

First published on : 08-01-2024 21:15:09
Last modified on : 08-01-2024 21:15:09

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3.

CVE ID : CVE-2023-51408
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/wp-optin-wheel/wordpress-wp-optin-wheel-plugin-1-4-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-51490

First published on : 08-01-2024 21:15:09
Last modified on : 08-01-2024 21:15:09

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.

CVE ID : CVE-2023-51490
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-security-plugin-4-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-51508

First published on : 08-01-2024 21:15:09
Last modified on : 08-01-2024 21:15:09

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8.

CVE ID : CVE-2023-51508
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/database-cleaner/wordpress-database-cleaner-plugin-0-9-8-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-52184

First published on : 05-01-2024 08:15:43
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6.

CVE ID : CVE-2023-52184
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-2-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52123

First published on : 05-01-2024 09:15:08
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.

CVE ID : CVE-2023-52123
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/strong-testimonials/wordpress-strong-testimonials-plugin-3-1-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52127

First published on : 05-01-2024 09:15:09
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1.

CVE ID : CVE-2023-52127
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/woo-product-bundle/wordpress-wpc-product-bundles-for-woocommerce-plugin-7-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52128

First published on : 05-01-2024 09:15:09
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0.

CVE ID : CVE-2023-52128
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/white-label/wordpress-white-label-plugin-2-9-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52130

First published on : 05-01-2024 09:15:09
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31.

CVE ID : CVE-2023-52130
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/affiliates-manager/wordpress-affiliates-manager-plugin-2-9-31-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52136

First published on : 05-01-2024 09:15:09
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2.

CVE ID : CVE-2023-52136
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/custom-twitter-feeds/wordpress-custom-twitter-feeds-tweets-widget-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52145

First published on : 05-01-2024 09:15:10
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21.

CVE ID : CVE-2023-52145
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/republish-old-posts/wordpress-republish-old-posts-plugin-1-21-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51535

First published on : 05-01-2024 10:15:10
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.

CVE ID : CVE-2023-51535
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-anti-spam-firewall-by-cleantalk-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51538

First published on : 05-01-2024 10:15:11
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.5.

CVE ID : CVE-2023-51538
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51539

First published on : 05-01-2024 10:15:11
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1.

CVE ID : CVE-2023-51539
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51668

First published on : 05-01-2024 10:15:11
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18.

CVE ID : CVE-2023-51668
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/image-upload-for-bbpress/wordpress-inline-image-upload-for-bbpress-plugin-1-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51678

First published on : 05-01-2024 10:15:12
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.0.33.

CVE ID : CVE-2023-51678
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/doofinder-for-woocommerce/wordpress-doofinder-wp-woocommerce-search-plugin-2-0-33-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52119

First published on : 05-01-2024 10:15:12
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18.

CVE ID : CVE-2023-52119
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52122

First published on : 05-01-2024 10:15:13
Last modified on : 05-01-2024 11:54:11

Description :
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6.

CVE ID : CVE-2023-52122
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/simple-job-board/wordpress-simple-job-board-plugin-2-10-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52222

First published on : 08-01-2024 19:15:09
Last modified on : 08-01-2024 19:30:06

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.

CVE ID : CVE-2023-52222
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-52216

First published on : 08-01-2024 20:15:46
Last modified on : 08-01-2024 20:15:46

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3.

CVE ID : CVE-2023-52216
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/js-css-script-optimizer/wordpress-js-css-script-optimizer-plugin-0-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : vuldb.com

Vulnerability ID : CVE-2024-0270

First published on : 07-01-2024 08:15:07
Last modified on : 08-01-2024 19:04:24

Description :
A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file item_list_submit.php. The manipulation of the argument item_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249825 was assigned to this vulnerability.

CVE ID : CVE-2024-0270
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%201.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249825 | source : cna@vuldb.com
https://vuldb.com/?id.249825 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0271

First published on : 07-01-2024 09:15:09
Last modified on : 08-01-2024 18:21:11

Description :
A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file addmaterial_edit.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249826 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0271
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%206.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249826 | source : cna@vuldb.com
https://vuldb.com/?id.249826 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0272

First published on : 07-01-2024 11:15:16
Last modified on : 08-01-2024 18:21:25

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file addmaterialsubmit.php. The manipulation of the argument material_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249827.

CVE ID : CVE-2024-0272
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%208.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249827 | source : cna@vuldb.com
https://vuldb.com/?id.249827 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0273

First published on : 07-01-2024 11:15:16
Last modified on : 08-01-2024 18:19:08

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as critical. Affected is an unknown function of the file addwaste_entry.php. The manipulation of the argument item_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249828.

CVE ID : CVE-2024-0273
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%203.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249828 | source : cna@vuldb.com
https://vuldb.com/?id.249828 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0274

First published on : 07-01-2024 12:15:14
Last modified on : 08-01-2024 18:19:13

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file billAjax.php. The manipulation of the argument item_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249829 was assigned to this vulnerability.

CVE ID : CVE-2024-0274
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%202.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249829 | source : cna@vuldb.com
https://vuldb.com/?id.249829 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0275

First published on : 07-01-2024 12:15:14
Last modified on : 08-01-2024 18:19:20

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file item_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249830 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0275
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%204.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249830 | source : cna@vuldb.com
https://vuldb.com/?id.249830 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0276

First published on : 07-01-2024 13:15:08
Last modified on : 08-01-2024 18:18:13

Description :
A vulnerability classified as critical has been found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file rawstock_used_damaged_smt.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249831.

CVE ID : CVE-2024-0276
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%205.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249831 | source : cna@vuldb.com
https://vuldb.com/?id.249831 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0277

First published on : 07-01-2024 13:15:08
Last modified on : 08-01-2024 18:18:21

Description :
A vulnerability classified as critical was found in Kashipara Food Management System up to 1.0. This vulnerability affects unknown code of the file party_submit.php. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249832.

CVE ID : CVE-2024-0277
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%209.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249832 | source : cna@vuldb.com
https://vuldb.com/?id.249832 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0278

First published on : 07-01-2024 14:15:43
Last modified on : 08-01-2024 18:18:29

Description :
A vulnerability, which was classified as critical, has been found in Kashipara Food Management System up to 1.0. This issue affects some unknown processing of the file partylist_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249833 was assigned to this vulnerability.

CVE ID : CVE-2024-0278
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2010.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249833 | source : cna@vuldb.com
https://vuldb.com/?id.249833 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0279

First published on : 07-01-2024 14:15:43
Last modified on : 08-01-2024 18:18:37

Description :
A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. Affected is an unknown function of the file item_list_edit.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249834 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0279
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2011.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249834 | source : cna@vuldb.com
https://vuldb.com/?id.249834 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0280

First published on : 07-01-2024 15:15:08
Last modified on : 08-01-2024 18:04:43

Description :
A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file item_type_submit.php. The manipulation of the argument type_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249835.

CVE ID : CVE-2024-0280
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2012.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249835 | source : cna@vuldb.com
https://vuldb.com/?id.249835 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0281

First published on : 07-01-2024 15:15:09
Last modified on : 08-01-2024 18:04:28

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file loginCheck.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249836.

CVE ID : CVE-2024-0281
Source : cna@vuldb.com
CVSS Score : 6.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2013.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249836 | source : cna@vuldb.com
https://vuldb.com/?id.249836 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0265

First published on : 07-01-2024 05:15:09
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability.

CVE ID : CVE-2024-0265
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE | source : cna@vuldb.com
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py | source : cna@vuldb.com
https://vuldb.com/?ctiid.249821 | source : cna@vuldb.com
https://vuldb.com/?id.249821 | source : cna@vuldb.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2023-7213

First published on : 07-01-2024 19:15:08
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249769 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7213
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/2/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249769 | source : cna@vuldb.com
https://vuldb.com/?id.249769 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-7214

First published on : 07-01-2024 20:15:47
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7214
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/3/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249770 | source : cna@vuldb.com
https://vuldb.com/?id.249770 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-0291

First published on : 08-01-2024 01:15:10
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0291
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/UploadFirmwareFile/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249857 | source : cna@vuldb.com
https://vuldb.com/?id.249857 | source : cna@vuldb.com

Vulnerability : CWE-77


Vulnerability ID : CVE-2024-0292

First published on : 08-01-2024 02:15:14
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0292
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setOpModeCfg/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249858 | source : cna@vuldb.com
https://vuldb.com/?id.249858 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-0293

First published on : 08-01-2024 03:15:13
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0293
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUploadSetting/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249859 | source : cna@vuldb.com
https://vuldb.com/?id.249859 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-0300

First published on : 08-01-2024 06:15:45
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in Beijing Baichuo Smart S150 Management Platform up to 20240101. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0300
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/tolkent/cve/blob/main/upload.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249866 | source : cna@vuldb.com
https://vuldb.com/?id.249866 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-0301

First published on : 08-01-2024 07:15:08
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249868.

CVE ID : CVE-2024-0301
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/heishou/blob/main/iparking-SQL.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249868 | source : cna@vuldb.com
https://vuldb.com/?id.249868 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0302

First published on : 08-01-2024 07:15:10
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. This issue affects some unknown processing of the file /vueLogin. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249869 was assigned to this vulnerability.

CVE ID : CVE-2024-0302
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/heishou/blob/main/Iparking%20rce.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249869 | source : cna@vuldb.com
https://vuldb.com/?id.249869 | source : cna@vuldb.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2024-0303

First published on : 08-01-2024 08:15:36
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249870 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0303
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/fssH60eQkvSl | source : cna@vuldb.com
https://vuldb.com/?ctiid.249870 | source : cna@vuldb.com
https://vuldb.com/?id.249870 | source : cna@vuldb.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2024-0304

First published on : 08-01-2024 08:15:36
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871.

CVE ID : CVE-2024-0304
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/3jF3Xpl3ttlZ | source : cna@vuldb.com
https://vuldb.com/?ctiid.249871 | source : cna@vuldb.com
https://vuldb.com/?id.249871 | source : cna@vuldb.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2024-0308

First published on : 08-01-2024 10:15:11
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument p_url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249875.

CVE ID : CVE-2024-0308
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/2E2JG2PClHGF | source : cna@vuldb.com
https://vuldb.com/?ctiid.249875 | source : cna@vuldb.com
https://vuldb.com/?id.249875 | source : cna@vuldb.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2024-0282

First published on : 07-01-2024 16:15:44
Last modified on : 08-01-2024 17:55:46

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability.

CVE ID : CVE-2024-0282
Source : cna@vuldb.com
CVSS Score : 6.1

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2014.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249837 | source : cna@vuldb.com
https://vuldb.com/?id.249837 | source : cna@vuldb.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0283

First published on : 07-01-2024 16:15:44
Last modified on : 08-01-2024 17:55:40

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file party_details.php. The manipulation of the argument party_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249838 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0283
Source : cna@vuldb.com
CVSS Score : 6.1

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2015.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249838 | source : cna@vuldb.com
https://vuldb.com/?id.249838 | source : cna@vuldb.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:wordpress:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2024-0284

First published on : 07-01-2024 17:15:08
Last modified on : 08-01-2024 17:50:23

Description :
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file party_submit.php. The manipulation of the argument party_address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249839.

CVE ID : CVE-2024-0284
Source : cna@vuldb.com
CVSS Score : 6.1

References :
https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2016.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.249839 | source : cna@vuldb.com
https://vuldb.com/?id.249839 | source : cna@vuldb.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*
Vulnerable version(s) : 1.0


Vulnerability ID : CVE-2023-7211

First published on : 07-01-2024 10:15:08
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to reliance on ip address for authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-249766 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7211
Source : cna@vuldb.com
CVSS Score : 5.6

References :
https://drive.google.com/file/d/11thSuALGcn0C_9tbmYu8_QzTXtBnCoNS/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249766 | source : cna@vuldb.com
https://vuldb.com/?id.249766 | source : cna@vuldb.com

Vulnerability : CWE-291


Vulnerability ID : CVE-2024-0261

First published on : 07-01-2024 02:15:44
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability.

CVE ID : CVE-2024-0261
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.249817 | source : cna@vuldb.com
https://vuldb.com/?id.249817 | source : cna@vuldb.com
https://www.youtube.com/watch?v=q-CVJfYdd-g | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0263

First published on : 07-01-2024 04:15:08
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819.

CVE ID : CVE-2024-0263
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://0day.today/exploit/description/39212 | source : cna@vuldb.com
https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.249819 | source : cna@vuldb.com
https://vuldb.com/?id.249819 | source : cna@vuldb.com
https://www.youtube.com/watch?v=HWOGeg3e5As | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0305

First published on : 08-01-2024 09:15:21
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872.

CVE ID : CVE-2024-0305
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://github.com/2267787739/cve/blob/main/logic.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249872 | source : cna@vuldb.com
https://vuldb.com/?id.249872 | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-7212

First published on : 07-01-2024 17:15:08
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249768. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-7212
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://hmxwjm7x03.feishu.cn/docx/FPjhdYcQvocR4gxy34Rc0pmon5e?from=from_copylink | source : cna@vuldb.com
https://vuldb.com/?ctiid.249768 | source : cna@vuldb.com
https://vuldb.com/?id.249768 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-0246

First published on : 05-01-2024 14:15:48
Last modified on : 05-01-2024 18:23:44

Description :
A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27"()%26%25<zzz><ScRiPt>alert(document.domain)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0246
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://vuldb.com/?ctiid.249759 | source : cna@vuldb.com
https://vuldb.com/?id.249759 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0260

First published on : 07-01-2024 00:15:42
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816.

CVE ID : CVE-2024-0260
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo | source : cna@vuldb.com
https://vuldb.com/?ctiid.249816 | source : cna@vuldb.com
https://vuldb.com/?id.249816 | source : cna@vuldb.com

Vulnerability : CWE-613


Vulnerability ID : CVE-2024-0266

First published on : 07-01-2024 06:15:47
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249822 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0266
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://drive.google.com/file/d/1U60z1xzBzJjalbmwBmPD5NjJ4pPaDevF/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249822 | source : cna@vuldb.com
https://vuldb.com/?id.249822 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0286

First published on : 07-01-2024 18:15:16
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843.

CVE ID : CVE-2024-0286
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.249843 | source : cna@vuldb.com
https://vuldb.com/?id.249843 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : us.ibm.com

Vulnerability ID : CVE-2023-50948

First published on : 08-01-2024 02:15:13
Last modified on : 08-01-2024 12:02:30

Description :
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671.

CVE ID : CVE-2023-50948
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275671 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105509 | source : psirt@us.ibm.com

Vulnerability : CWE-259


Vulnerability ID : CVE-2023-47140

First published on : 08-01-2024 03:15:13
Last modified on : 08-01-2024 12:02:30

Description :
IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. IBM X-Force ID: 270259.

CVE ID : CVE-2023-47140
Source : psirt@us.ibm.com
CVSS Score : 4.0

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/270259 | source : psirt@us.ibm.com
https://https://www.ibm.com/support/pages/node/7105094 | source : psirt@us.ibm.com


Source : wordfence.com

Vulnerability ID : CVE-2023-6801

First published on : 06-01-2024 10:15:46
Last modified on : 08-01-2024 12:02:30

Description :
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6801
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3012392%40feedzy-rss-feeds%2Ftrunk&old=2991547%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a713d897-c549-4e0d-9cb3-7002ef2b127f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6798

First published on : 06-01-2024 10:15:45
Last modified on : 08-01-2024 12:02:30

Description :
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings including proxy settings, which are also exposed to authors.

CVE ID : CVE-2023-6798
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3012392%40feedzy-rss-feeds%2Ftrunk&old=2991547%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c2cdf4e5-0a40-42ca-b5ac-78511fdd2b77?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6493

First published on : 05-01-2024 02:15:07
Last modified on : 05-01-2024 11:54:11

Description :
The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue.

CVE ID : CVE-2023-6493
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3013596/depicter/trunk/app/src/WordPress/Settings/Settings.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c907ea-3ab4-4674-8945-ade4f6ff2679?source=cve | source : security@wordfence.com


Source : github.com

Vulnerability ID : CVE-2024-21647

First published on : 08-01-2024 14:15:47
Last modified on : 08-01-2024 15:27:36

Description :
Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.

CVE ID : CVE-2024-21647
Source : security-advisories@github.com
CVSS Score : 5.9

References :
https://github.com/puma/puma/commit/5fc43d73b6ff193325e657a24ed76dec79133e93 | source : security-advisories@github.com
https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2 | source : security-advisories@github.com

Vulnerability : CWE-444


Vulnerability ID : CVE-2023-51701

First published on : 08-01-2024 14:15:46
Last modified on : 08-01-2024 15:27:36

Description :
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in '@fastify/reply-from` version 9.6.0.

CVE ID : CVE-2023-51701
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/fastify/fastify-reply-from/releases/tag/v9.6.0 | source : security-advisories@github.com
https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-v2v2-hph8-q5xp | source : security-advisories@github.com

Vulnerability : CWE-444


Vulnerability ID : CVE-2024-21645

First published on : 08-01-2024 14:15:47
Last modified on : 08-01-2024 15:27:36

Description :
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77.

CVE ID : CVE-2024-21645
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/pyload/pyload/commit/4159a1191ec4fe6d927e57a9c4bb8f54e16c381d | source : security-advisories@github.com
https://github.com/pyload/pyload/security/advisories/GHSA-ghmw-rwh8-6qmr | source : security-advisories@github.com

Vulnerability : CWE-74


Source : open-xchange.com

Vulnerability ID : CVE-2023-29049

First published on : 08-01-2024 09:15:20
Last modified on : 08-01-2024 12:02:30

Description :
The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known.

CVE ID : CVE-2023-29049
Source : security@open-xchange.com
CVSS Score : 5.4

References :
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0005.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf | source : security@open-xchange.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-29052

First published on : 08-01-2024 09:15:20
Last modified on : 08-01-2024 12:02:30

Description :
Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

CVE ID : CVE-2023-29052
Source : security@open-xchange.com
CVSS Score : 5.4

References :
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0006.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf | source : security@open-xchange.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-41710

First published on : 08-01-2024 09:15:20
Last modified on : 08-01-2024 12:02:30

Description :
User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known.

CVE ID : CVE-2023-41710
Source : security@open-xchange.com
CVSS Score : 5.4

References :
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0006.json | source : security@open-xchange.com
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6251_7.10.6_2023-09-25.pdf | source : security@open-xchange.com

Vulnerability : CWE-79


Source : ubuntu.com

Vulnerability ID : CVE-2022-2585

First published on : 08-01-2024 18:15:44
Last modified on : 08-01-2024 19:05:05

Description :
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.

CVE ID : CVE-2022-2585
Source : security@ubuntu.com
CVSS Score : 5.3

References :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 | source : security@ubuntu.com
https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5564-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5565-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5566-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5567-1 | source : security@ubuntu.com
https://www.openwall.com/lists/oss-security/2022/08/09/7 | source : security@ubuntu.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2022-2586

First published on : 08-01-2024 18:15:44
Last modified on : 08-01-2024 19:05:05

Description :
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

CVE ID : CVE-2022-2586
Source : security@ubuntu.com
CVSS Score : 5.3

References :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586 | source : security@ubuntu.com
https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5557-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5560-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5560-2 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5562-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5564-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5565-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5566-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5567-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5582-1 | source : security@ubuntu.com
https://www.openwall.com/lists/oss-security/2022/08/09/5 | source : security@ubuntu.com
https://www.zerodayinitiative.com/advisories/ZDI-22-1118/ | source : security@ubuntu.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2022-2588

First published on : 08-01-2024 18:15:44
Last modified on : 08-01-2024 19:05:05

Description :
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

CVE ID : CVE-2022-2588
Source : security@ubuntu.com
CVSS Score : 5.3

References :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588 | source : security@ubuntu.com
https://github.com/Markakd/CVE-2022-2588 | source : security@ubuntu.com
https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5557-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5560-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5560-2 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5562-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5564-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5565-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5566-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5567-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5582-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5588-1 | source : security@ubuntu.com
https://www.openwall.com/lists/oss-security/2022/08/09/6 | source : security@ubuntu.com
https://www.zerodayinitiative.com/advisories/ZDI-22-1117/ | source : security@ubuntu.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2022-2602

First published on : 08-01-2024 18:15:45
Last modified on : 08-01-2024 19:05:05

Description :
io_uring UAF, Unix SCM garbage collection

CVE ID : CVE-2022-2602
Source : security@ubuntu.com
CVSS Score : 5.3

References :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5691-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5692-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5693-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5700-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5752-1 | source : security@ubuntu.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-1032

First published on : 08-01-2024 19:15:08
Last modified on : 08-01-2024 19:30:10

Description :
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

CVE ID : CVE-2023-1032
Source : security@ubuntu.com
CVSS Score : 4.7

References :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-5977-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-6024-1 | source : security@ubuntu.com
https://ubuntu.com/security/notices/USN-6033-1 | source : security@ubuntu.com
https://www.openwall.com/lists/oss-security/2023/03/13/2 | source : security@ubuntu.com

Vulnerability : CWE-415


Source : huntr.dev

Vulnerability ID : CVE-2024-0322

First published on : 08-01-2024 13:15:09
Last modified on : 08-01-2024 15:27:36

Description :
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE ID : CVE-2024-0322
Source : security@huntr.dev
CVSS Score : 4.4

References :
https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70 | source : security@huntr.dev
https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec | source : security@huntr.dev

Vulnerability : CWE-125


Vulnerability ID : CVE-2024-0321

First published on : 08-01-2024 13:15:09
Last modified on : 08-01-2024 15:27:36

Description :
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE ID : CVE-2024-0321
Source : security@huntr.dev
CVSS Score : 4.0

References :
https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a | source : security@huntr.dev
https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769 | source : security@huntr.dev

Vulnerability : CWE-121


(11) LOW VULNERABILITIES [0.1, 3.9]

Source : zte.com.cn

Vulnerability ID : CVE-2023-41782

First published on : 05-01-2024 02:15:07
Last modified on : 05-01-2024 11:54:11

Description :
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.

CVE ID : CVE-2023-41782
Source : psirt@zte.com.cn
CVSS Score : 3.9

References :
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032984 | source : psirt@zte.com.cn

Vulnerability : CWE-20


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-45039

First published on : 05-01-2024 17:15:09
Last modified on : 05-01-2024 18:23:40

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-45039
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-27 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45040

First published on : 05-01-2024 17:15:10
Last modified on : 05-01-2024 18:23:40

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-45040
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-27 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45041

First published on : 05-01-2024 17:15:10
Last modified on : 05-01-2024 18:23:40

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-45041
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-27 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45042

First published on : 05-01-2024 17:15:10
Last modified on : 05-01-2024 18:23:40

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-45042
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-27 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45043

First published on : 05-01-2024 17:15:10
Last modified on : 05-01-2024 18:23:40

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-45043
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-27 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45044

First published on : 05-01-2024 17:15:10
Last modified on : 05-01-2024 18:23:40

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-45044
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-27 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-47219

First published on : 05-01-2024 17:15:11
Last modified on : 05-01-2024 18:23:40

Description :
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later

CVE ID : CVE-2023-47219
Source : security@qnapsecurity.com.tw
CVSS Score : 3.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-32 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-89


Source : patchstack.com

Vulnerability ID : CVE-2022-40696

First published on : 08-01-2024 22:15:44
Last modified on : 08-01-2024 22:15:44

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.

CVE ID : CVE-2022-40696
Source : audit@patchstack.com
CVSS Score : 3.7

References :
https://patchstack.com/database/vulnerability/advanced-custom-fields/wordpress-advanced-custom-fields-plugin-3-1-1-6-0-2-custom-field-value-exposure?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Source : vuldb.com

Vulnerability ID : CVE-2023-7215

First published on : 08-01-2024 02:15:14
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input <image src onerror=prompt(document.domain)> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249779.

CVE ID : CVE-2023-7215
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/Chanzhaoyu/chatgpt-web/issues/2001 | source : cna@vuldb.com
https://vuldb.com/?ctiid.249779 | source : cna@vuldb.com
https://vuldb.com/?id.249779 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0262

First published on : 07-01-2024 02:15:44
Last modified on : 08-01-2024 12:02:30

Description :
A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input </title><scRipt>alert(0x00C57D)</scRipt> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249818 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0262
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://mega.nz/file/zEsxyIYQ#re6pHT-2OGX9SNk1OpygDCQYu1RpBiOrQ_2QS6beRos | source : cna@vuldb.com
https://vuldb.com/?ctiid.249818 | source : cna@vuldb.com
https://vuldb.com/?id.249818 | source : cna@vuldb.com

Vulnerability : CWE-79


(59) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2024-22075

First published on : 05-01-2024 03:15:08
Last modified on : 05-01-2024 11:54:11

Description :
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

CVE ID : CVE-2024-22075
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-52323

First published on : 05-01-2024 04:15:07
Last modified on : 05-01-2024 11:54:11

Description :
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

CVE ID : CVE-2023-52323
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst | source : cve@mitre.org
https://pypi.org/project/pycryptodomex/#history | source : cve@mitre.org


Vulnerability ID : CVE-2024-22086

First published on : 05-01-2024 04:15:07
Last modified on : 05-01-2024 11:54:11

Description :
handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.

CVE ID : CVE-2024-22086
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/hayyp/cherry/issues/1 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22087

First published on : 05-01-2024 04:15:07
Last modified on : 05-01-2024 11:54:11

Description :
route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.

CVE ID : CVE-2024-22087
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/foxweb/pico/issues/31 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22088

First published on : 05-01-2024 04:15:07
Last modified on : 05-01-2024 11:54:11

Description :
Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.

CVE ID : CVE-2024-22088
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/chendotjs/lotos/issues/7 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51277

First published on : 05-01-2024 05:15:08
Last modified on : 05-01-2024 11:54:11

Description :
nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.

CVE ID : CVE-2023-51277
Source : cve@mitre.org
CVSS Score : /

References :
https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087731 | source : cve@mitre.org
https://github.com/tuxu/nbviewer-app/commit/dc1e4ddf64c78e13175a39b076fa0646fc62e581 | source : cve@mitre.org
https://github.com/tuxu/nbviewer-app/compare/0.1.5...0.1.6 | source : cve@mitre.org
https://www.youtube.com/watch?v=c0nawqA_bdI | source : cve@mitre.org


Vulnerability ID : CVE-2020-13878

First published on : 05-01-2024 08:15:41
Last modified on : 05-01-2024 11:54:11

Description :
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.

CVE ID : CVE-2020-13878
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/oicu0619/2b0eb7dd447aca8f4ab398a99f47488b | source : cve@mitre.org


Vulnerability ID : CVE-2020-13879

First published on : 05-01-2024 08:15:42
Last modified on : 05-01-2024 11:54:11

Description :
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write.

CVE ID : CVE-2020-13879
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/oicu0619/878b8c37f238f4de5ff543973ef083f5 | source : cve@mitre.org


Vulnerability ID : CVE-2020-13880

First published on : 05-01-2024 09:15:08
Last modified on : 05-01-2024 11:54:11

Description :
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.

CVE ID : CVE-2020-13880
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/oicu0619/2de8f91ddc6b06b516475d5d67d7efba | source : cve@mitre.org


Vulnerability ID : CVE-2023-50027

First published on : 05-01-2024 09:15:08
Last modified on : 05-01-2024 11:54:11

Description :
SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method.

CVE ID : CVE-2023-50027
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2023/12/19/baproductzoommagnifier.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-50991

First published on : 05-01-2024 10:15:10
Last modified on : 05-01-2024 11:54:11

Description :
Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.

CVE ID : CVE-2023-50991
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ef4tless/vuln/blob/master/iot/i29/pingSet.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-50612

First published on : 06-01-2024 03:15:43
Last modified on : 08-01-2024 12:02:30

Description :
Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.

CVE ID : CVE-2023-50612
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yaowenxiao721/CloudExplorer-Lite-v1.4.1-vulnerability-BOPLA | source : cve@mitre.org


Vulnerability ID : CVE-2023-39853

First published on : 06-01-2024 04:15:08
Last modified on : 08-01-2024 12:02:30

Description :
SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.

CVE ID : CVE-2023-39853
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/EternalGemini/dzz | source : cve@mitre.org


Vulnerability ID : CVE-2023-50609

First published on : 06-01-2024 04:15:08
Last modified on : 08-01-2024 12:02:30

Description :
Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx.

CVE ID : CVE-2023-50609
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/zhishituboshu/f8f07e9df411b1ee3d8212a166b2034e | source : cve@mitre.org


Vulnerability ID : CVE-2023-46953

First published on : 06-01-2024 05:15:09
Last modified on : 08-01-2024 12:02:30

Description :
SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module.

CVE ID : CVE-2023-46953
Source : cve@mitre.org
CVSS Score : /

References :
https://cxsecurity.com/issue/WLB-2023120036 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50121

First published on : 06-01-2024 05:15:09
Last modified on : 08-01-2024 12:02:30

Description :
Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).

CVE ID : CVE-2023-50121
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Drone-Lab/Reports-of-AUTEL-drones-losing-control-at-the-edge-of-the-no-fly-zone/tree/main | source : cve@mitre.org


Vulnerability ID : CVE-2024-22216

First published on : 08-01-2024 07:15:11
Last modified on : 08-01-2024 12:02:30

Description :
In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339).

CVE ID : CVE-2024-22216
Source : cve@mitre.org
CVSS Score : /

References :
https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability | source : cve@mitre.org


Vulnerability ID : CVE-2023-47890

First published on : 08-01-2024 20:15:44
Last modified on : 08-01-2024 20:15:44

Description :
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.

CVE ID : CVE-2023-47890
Source : cve@mitre.org
CVSS Score : /

References :
http://pyload.com | source : cve@mitre.org
https://github.com/pyload/pyload/security/advisories/GHSA-h73m-pcfw-25h2 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51246

First published on : 08-01-2024 20:15:44
Last modified on : 08-01-2024 20:15:44

Description :
A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page.

CVE ID : CVE-2023-51246
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/NING0121/25498c5326c2590423b26ace38d2cf39 | source : cve@mitre.org
https://github.com/NING0121/CVE/issues/1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-52271

First published on : 08-01-2024 20:15:46
Last modified on : 08-01-2024 20:15:46

Description :
The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time).

CVE ID : CVE-2023-52271
Source : cve@mitre.org
CVSS Score : /

References :
https://northwave-cybersecurity.com/vulnerability-notice-topaz-antifraud | source : cve@mitre.org
https://www.topazevolution.com/en/antifraud/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-27739

First published on : 08-01-2024 21:15:08
Last modified on : 08-01-2024 21:15:08

Description :
easyXDM 2.5 allows XSS via the xdm_e parameter.

CVE ID : CVE-2023-27739
Source : cve@mitre.org
CVSS Score : /

References :
https://threeshield.ca/easyxdm-2.5.20.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-49961

First published on : 08-01-2024 21:15:08
Last modified on : 08-01-2024 21:15:08

Description :
WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.

CVE ID : CVE-2023-49961
Source : cve@mitre.org
CVSS Score : /

References :
https://www.wallix.com/support/alerts/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-52072

First published on : 08-01-2024 22:15:45
Last modified on : 08-01-2024 22:15:45

Description :
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.

CVE ID : CVE-2023-52072
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zouyang0714/cms/blob/main/2.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-52073

First published on : 08-01-2024 22:15:45
Last modified on : 08-01-2024 22:15:45

Description :
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte.

CVE ID : CVE-2023-52073
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zouyang0714/cms/blob/main/3.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-52074

First published on : 08-01-2024 22:15:45
Last modified on : 08-01-2024 22:15:45

Description :
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.

CVE ID : CVE-2023-52074
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zouyang0714/cms/blob/main/1.md | source : cve@mitre.org


Source : xen.org

Vulnerability ID : CVE-2023-34321

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:44

Description :
Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory.

CVE ID : CVE-2023-34321
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-437.html | source : security@xen.org


Vulnerability ID : CVE-2023-34322

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:44

Description :
For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn't large enough.

CVE ID : CVE-2023-34322
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-438.html | source : security@xen.org


Vulnerability ID : CVE-2023-34323

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:44

Description :
When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default).

CVE ID : CVE-2023-34323
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-440.html | source : security@xen.org


Vulnerability ID : CVE-2023-34324

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:44

Description :
Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).

CVE ID : CVE-2023-34324
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-441.html | source : security@xen.org


Vulnerability ID : CVE-2023-34325

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:44

Description :
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the same user as the toolstack (root in a priviledged domain). At least one issue has been reported to the Xen Security Team that allows an attacker to trigger a stack buffer overflow in libfsimage. After further analisys the Xen Security Team is no longer confident in the suitability of libfsimage when run against guest controlled input with super user priviledges. In order to not affect current deployments that rely on pygrub patches are provided in the resolution section of the advisory that allow running pygrub in deprivileged mode. CVE-2023-4949 refers to the original issue in the upstream grub project ("An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.") CVE-2023-34325 refers specifically to the vulnerabilities in Xen's copy of libfsimage, which is decended from a very old version of grub.

CVE ID : CVE-2023-34325
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-443.html | source : security@xen.org


Vulnerability ID : CVE-2023-34326

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:40

Description :
The caching invalidation guidelines from the AMD-Vi specification (48882β€”Rev 3.07-PUBβ€”Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.

CVE ID : CVE-2023-34326
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-442.html | source : security@xen.org


Vulnerability ID : CVE-2023-34327

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:40

Description :
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.

CVE ID : CVE-2023-34327
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-444.html | source : security@xen.org


Vulnerability ID : CVE-2023-34328

First published on : 05-01-2024 17:15:08
Last modified on : 05-01-2024 18:23:40

Description :
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.

CVE ID : CVE-2023-34328
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-444.html | source : security@xen.org


Vulnerability ID : CVE-2023-46835

First published on : 05-01-2024 17:15:11
Last modified on : 05-01-2024 18:23:40

Description :
The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.

CVE ID : CVE-2023-46835
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-445.html | source : security@xen.org


Vulnerability ID : CVE-2023-46836

First published on : 05-01-2024 17:15:11
Last modified on : 05-01-2024 18:23:40

Description :
The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default. Therefore, there is a race condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen.

CVE ID : CVE-2023-46836
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-446.html | source : security@xen.org


Vulnerability ID : CVE-2023-46837

First published on : 05-01-2024 17:15:11
Last modified on : 05-01-2024 18:23:40

Description :
Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.

CVE ID : CVE-2023-46837
Source : security@xen.org
CVSS Score : /

References :
https://xenbits.xenproject.org/xsa/advisory-447.html | source : security@xen.org


Source : apache.org

Vulnerability ID : CVE-2023-51441

First published on : 06-01-2024 12:15:42
Last modified on : 08-01-2024 12:02:30

Description :
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.

CVE ID : CVE-2023-51441
Source : security@apache.org
CVSS Score : /

References :
https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 | source : security@apache.org
https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd | source : security@apache.org

Vulnerability : CWE-20


Source : arm.com

Vulnerability ID : CVE-2023-5091

First published on : 08-01-2024 10:15:11
Last modified on : 08-01-2024 12:02:30

Description :
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0.

CVE ID : CVE-2023-5091
Source : arm-security@arm.com
CVSS Score : /

References :
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities | source : arm-security@arm.com

Vulnerability : CWE-416


Source : cert.pl

Vulnerability ID : CVE-2023-6552

First published on : 08-01-2024 13:15:09
Last modified on : 08-01-2024 15:27:36

Description :
Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.

CVE ID : CVE-2023-6552
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-6552/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-6552/ | source : cvd@cert.pl
https://github.com/TasmoAdmin/TasmoAdmin/pull/1039 | source : cvd@cert.pl

Vulnerability : CWE-601


Source : openvpn.net

Vulnerability ID : CVE-2023-7224

First published on : 08-01-2024 14:15:47
Last modified on : 08-01-2024 15:27:36

Description :
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable

CVE ID : CVE-2023-7224
Source : security@openvpn.net
CVSS Score : /

References :
https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/ | source : security@openvpn.net

Vulnerability : CWE-95


Source : wpscan.com

Vulnerability ID : CVE-2018-25095

First published on : 08-01-2024 19:15:08
Last modified on : 08-01-2024 19:30:10

Description :
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.

CVE ID : CVE-2018-25095
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5235

First published on : 08-01-2024 19:15:09
Last modified on : 08-01-2024 19:30:06

Description :
The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks.

CVE ID : CVE-2023-5235
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/35c9a954-37fc-4818-a71f-34aaaa0fa3db | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5911

First published on : 08-01-2024 19:15:09
Last modified on : 08-01-2024 19:30:06

Description :
The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-5911
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/dde0767d-1dff-4261-adbe-1f3fdf2d9aae | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5957

First published on : 08-01-2024 19:15:09
Last modified on : 08-01-2024 19:30:06

Description :
The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.

CVE ID : CVE-2023-5957
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/70f823ff-64ad-4f05-9eb3-b69b3b79dc12 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6042

First published on : 08-01-2024 19:15:09
Last modified on : 08-01-2024 19:30:06

Description :
Any unauthenticated user may send e-mail from the site with any title or content to the admin

CVE ID : CVE-2023-6042
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/56a1c050-67b5-43bc-b5b6-28d9a5a59eba | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6139

First published on : 08-01-2024 19:15:09
Last modified on : 08-01-2024 19:30:06

Description :
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks.

CVE ID : CVE-2023-6139
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/96396a22-f523-4c51-8b72-52be266988aa | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6140

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 19:30:06

Description :
The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.

CVE ID : CVE-2023-6140
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6141

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 19:30:06

Description :
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks.

CVE ID : CVE-2023-6141
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/df12513b-9664-45be-8824-2924bfddf364 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6161

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 19:30:06

Description :
The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE ID : CVE-2023-6161
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/ca7b6a39-a910-4b4f-b9cc-be444ec44942 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6383

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 19:30:06

Description :
The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data

CVE ID : CVE-2023-6383
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6505

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 19:30:06

Description :
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files.

CVE ID : CVE-2023-6505
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/eca6f099-6af0-4f42-aade-ab61dd792629 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6528

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 19:30:06

Description :
The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.

CVE ID : CVE-2023-6528
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6529

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 19:30:06

Description :
The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities.

CVE ID : CVE-2023-6529
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/c36314c1-a2c0-4816-93c9-e61f9cf7f27a | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6532

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 19:30:06

Description :
The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE ID : CVE-2023-6532
Source : contact@wpscan.com
CVSS Score : /

References :
https://magos-securitas.com/txt/CVE-2023-6532.txt | source : contact@wpscan.com
https://wpscan.com/vulnerability/05a730bc-2d72-49e3-a608-e4390b19e97f | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6555

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 19:30:06

Description :
The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE ID : CVE-2023-6555
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/58803934-dbd3-422d-88e7-ebbc5e8c0886 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6627

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 19:30:06

Description :
The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site.

CVE ID : CVE-2023-6627
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/ | source : contact@wpscan.com
https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6750

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 19:30:06

Description :
The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.

CVE ID : CVE-2023-6750
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/fad9eefe-4552-4d20-a1fd-bb2e172ec8d7 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6845

First published on : 08-01-2024 19:15:10
Last modified on : 08-01-2024 19:30:06

Description :
The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

CVE ID : CVE-2023-6845
Source : contact@wpscan.com
CVSS Score : /

References :
https://magos-securitas.com/txt/2023-6845 | source : contact@wpscan.com
https://wpscan.com/vulnerability/cbdaf158-f277-4be4-b022-68d18dae4c55 | source : contact@wpscan.com


Source : patchstack.com

Vulnerability ID : CVE-2022-29409

First published on : 08-01-2024 22:15:44
Last modified on : 08-01-2024 22:15:44

Description :
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE ID : CVE-2022-29409
Source : audit@patchstack.com
CVSS Score : /

References :


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.