CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
---|---|---|---|---|---|
CVE-2023-6395There is a flaw in the Mock software where an attacker may achieve privilege escalation and execute arbitrary code as the root user. This is due to the lack of sandboxing when expanding and executing Jinja2 templates that may be included in some configuration parameters.
Mock documentation recommends that users added to the mock group on a system be treated as privileged users. However, some build systems that invoke mock on behalf of users may unintentionally allow less privileged users to define configuration tags that will be passed to mock as parameters when run. Configuration tags that allow Jinja2 templates could be used to achieve remote privilege escalation and run arbitrary code as root on the build server. | CVSS 9.8 | Fedoraproject, et al | Exploit | Patched | |
CVE-2023-6381Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file. | CVSS 3.3 | Supermailer | - | - | |
CVE-2023-6291An issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts. The problem arises in the verifyRedirectUri method, which attempts to enforce rules on user-controllable input, but essentially causes a desynchronization in how Keycloak and browsers interpret URLs. Keycloak, for example, receives "www%2ekeycloak%2eorg%2fapp%2f:y@example.com" and thinks the authority to be keycloak.org when it is actually example.com. This happens because the validation logic is performed on a URL decoded version, which no longer represents the original input. | CVSS 7.1 | Redhat | - | Patched | |
CVE-2023-6245The Candid library causes a Denial of Service while
parsing a specially crafted payload with 'empty' data type. For example,
if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop.
Canisters using affected versions of candid
are exposed to denial of service by causing the decoding to run
indefinitely until the canister traps due to reaching maximum
instruction limit per execution round. Repeated exposure to the payload
will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.
| CVSS 7.5 | Dfinity | - | Patched | |
CVE-2023-6190Improper Input Validation vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023.
| CVSS 9.8 | Ikcu | - | - | |
CVE-2023-6069Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
| CVSS 8.8 | Froxlor | Exploit | Patched | |
CVE-2023-5964
The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.
To remediate this issue DELETE the instruction “Show dialogue with caption %Caption% and message %Message%” from the list of instructions in the Settings UI, and replace it with the new instruction 1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as “Show %Type% type notification with header %Header% and message %Message%” with a version of 7.1 or above. | CVSS 7.2 | 1e | - | Patched | |
CVE-2023-5832Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | CVSS 9.1 | Mintplexlabs | Exploit | Patched | |
CVE-2023-5763In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
| CVSS 9.8 | Eclipse | - | Patched | |
CVE-2023-5624
Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.
| CVSS 7.2 | Tenable | - | Patched | |
CVE-2023-5571Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0. | CVSS 7.5 | Exploit | Patched | ||
CVE-2023-5528A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. | CVSS 8.8 | Kubernetes, et al | - | Patched | |
CVE-2023-5397Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
| CVSS 8.1 | - | - | ||
CVE-2023-5378Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2 (newer versions were not tested; the vendor has not confirmed fixing the vulnerability).
| CVSS 5.4 | Smod, et al | - | - | |
CVE-2023-5275Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.
| CVSS 2.5 | Mitsubishielectric | - | Patched | |
CVE-2023-5274Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.
| CVSS 2.5 | Mitsubishielectric | - | Patched | |
CVE-2023-52552Input verification vulnerability in the power module.
Impact: Successful exploitation of this vulnerability will affect availability. | CVSS 7.5 | - | - | ||
CVE-2023-52535In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed | CVSS 4.4 | - | - | ||
CVE-2023-52385Out-of-bounds write vulnerability in the RSMC module.
Impact: Successful exploitation of this vulnerability will affect availability. | CVSS 6.2 | - | - | ||
CVE-2023-52372Vulnerability of input parameter verification in the motor module.Successful exploitation of this vulnerability may affect availability. | CVSS 7.5 | - | - | ||
CVE-2023-52368Input verification vulnerability in the account module.Successful exploitation of this vulnerability may cause features to perform abnormally. | CVSS Low | - | - | ||
CVE-2023-52296IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547. | CVSS 5.3 | Ibm | - | - | |
CVE-2023-52137The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands, an attacker may be able to steal secrets such as `GITHUB_TOKEN` if triggered on other events than `pull_request`.
This has been patched in versions [17](https://github.com/tj-actions/verify-changed-files/releases/tag/v17) and [17.0.0](https://github.com/tj-actions/verify-changed-files/releases/tag/v17.0.0) by enabling `safe_output` by default and returning filename paths escaping special characters for bash environments. | CVSS 7.7 | Tj-actions | Exploit | Patched | |
CVE-2023-51931An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function. | CVSS 7.5 | - | - | ||
CVE-2023-5188The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device. | CVSS 7.5 | Wago | - | - | |
CVE-2023-51747Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling.
A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks.
The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction.
We recommend James users to upgrade to non vulnerable versions.
| CVSS 7.1 | Apache | - | - | |
CVE-2023-51456A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | CVSS 6.8 | - | - | ||
CVE-2023-51453A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the process_push_file function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, compromising it in a term of availability and producing a denial-of-service attack. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | CVSS 3 | Aterm | - | - | |
CVE-2023-51452A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pull_file_v2_proc function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, compromising it in a term of availability and producing a denial-of-service attack. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | CVSS 3 | Aterm | - | - | |
CVE-2023-51444GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Coverage stores that are configured using relative paths use a GeoServer Resource implementation that has validation to prevent path traversal but coverage stores that are configured using absolute paths use a different Resource implementation that does not prevent path traversal. This vulnerability can lead to executing arbitrary code. An administrator with limited privileges could also potentially exploit this to overwrite GeoServer security files and obtain full administrator privileges. Versions 2.23.4 and 2.24.1 contain a fix for this issue. | CVSS 7.2 | Geoserver | - | Patched | |
CVE-2023-51441** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF
This issue affects Apache Axis: through 1.3.
As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release
fixing this problem, though contributors that would like to work towards
this are welcome.
| CVSS 7.2 | Apache | - | Patched | |
CVE-2023-51438A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access. | CVSS 9.8 | Microchip | - | Patched | |
CVE-2023-5129With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.
The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.
The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.
| CVSS 10 | Webmproject | Exploit | Patched | |
CVE-2023-5104Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. | CVSS 6.5 | Xgenecloud | Exploit | Patched | |
CVE-2023-50977In GNOME Shell through 45.2, unauthenticated remote code execution can be achieved by intercepting two DNS requests (GNOME Network Manager and GNOME Shell Portal Helper connectivity checks), and responding with attacker-specific IP addresses. This DNS hijacking causes GNOME Captive Portal to be launched via a WebKitGTK browser, by default, on the victim system; this can run JavaScript code inside a sandbox. NOTE: the vendor's position is that this is not a vulnerability because running JavaScript code inside a sandbox is the intended behavior. | CVSS HIGH | - | Patched | ||
CVE-2023-5097Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.
| CVSS 5.5 | Hypr | - | Patched | |
CVE-2023-5079Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.
| CVSS 7.5 | Lenovo | - | Patched | |
CVE-2023-50737This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability.<br/>The specific flaw exists within the implementation of authentication within the web interface. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root.<br/> Lexmark has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html">https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html</a> <br/></td> | CVSS 9.1 | Exploit | - | ||
CVE-2023-50709Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in `v0.34.34` and it's recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent service disruption.
There are currently no workaround for older versions, and the recommendation is to upgrade. | CVSS 6.5 | Cube | - | Patched | |
CVE-2023-5058Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. | CVSS 7.8 | Phoenix | - | Patched | |
CVE-2023-5044Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
| CVSS 8.8 | Kubernetes | Exploit | Patched | |
CVE-2023-5043Ingress nginx annotation injection causes arbitrary command execution.
| CVSS 8.8 | Kubernetes | Exploit | Patched | |
CVE-2023-50378Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8
Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads.
Users are recommended to upgrade to version 2.7.8 which fixes this issue.
| CVSS 6.1 | Apache | - | Patched | |
CVE-2023-50308IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. | CVSS 6.5 | Ibm | - | Patched | |
CVE-2023-50262Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself.
php-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images.
When Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request.
Version 2.0.4 contains a fix for this issue. | CVSS 5.3 | Dompdf project | Exploit | Patched | |
CVE-2023-50256Dear Sirs and Madams, I would like to report a business logic error vulnerability that I discovered during my recent penetration test on Froxlor. Specifically, I identified an issue where it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements established by the system. The surname, family name AND company name all of them can be left blank. I believe addressing this vulnerability is crucial to ensure the security and integrity of the Froxlor platform. Thank you for your attention to this matter. This action served as a means to bypass the mandatory field requirements. Lets see (please have a look at the Video -> attachment). as you can see i was able to let the username and second name blank. https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4 Lets see again. Only the company name is set. Thank you for your time | CVSS 7.5 | Froxlor | Exploit | Patched | |
CVE-2023-49958An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity. | CVSS 7.5 | Dallmann-consulting | Exploit | Patched | |
CVE-2023-49796The put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. This issue may lead to arbitrary file write. This vulnerability allows for writing files anywhere on the server that the filesystem permissions that the running server has access to. | CVSS 5.3 | Mindsdb | - | Patched | |
CVE-2023-49735** UNSUPPORTED WHEN ASSIGNED **
The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.
This issue affects Apache Tiles from version 2 onwards.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
| CVSS 7.5 | Apache | - | Patched | |
CVE-2023-49610
MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.
| CVSS 8.1 | Machinesense | - | - | |
CVE-2023-49568A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability.
This is a go-git implementation issue and does not affect the upstream git cli. | CVSS 7.5 | Go-git project | - | Patched | |
CVE-2023-49551An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. | CVSS 7.5 | Cesanta | Exploit | Patched | |
CVE-2023-49299Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinScheduler: until 3.1.9.
Users are recommended to upgrade to version 3.1.9, which fixes the issue.
| CVSS 8.8 | Apache | - | Patched | |
CVE-2023-49291tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 9.3 | Tj-actions | Exploit | Patched | |
CVE-2023-49252A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition. | CVSS 7.5 | Siemens | - | Patched | |
CVE-2023-49248Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access. | CVSS 5.5 | Huawei | - | Patched | |
CVE-2023-49095nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2. | CVSS 8.6 | Nexryai | - | Patched | |
CVE-2023-49082aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0. | CVSS 5.3 | Aiohttp | Exploit | Patched | |
CVE-2023-49081aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0. | CVSS 7.2 | Aiohttp | Exploit | Patched | |
CVE-2023-48949An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | CVSS 7.5 | Openlinksw | Exploit | Patched | |
CVE-2023-48948An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | CVSS 7.5 | Openlinksw | Exploit | Patched | |
CVE-2023-48947An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | CVSS 7.5 | Openlinksw | Exploit | Patched | |
CVE-2023-48946An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | CVSS 7.5 | Openlinksw | Exploit | Patched | |
CVE-2023-48693 Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 8.7 | Microsoft | - | - | |
CVE-2023-48634Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | Adobe | - | Patched | |
CVE-2023-48631A Regular Expression Denial of Service (ReDoS) vulnerability was found in Adobe's css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS. | CVSS 5.3 | Adobe | - | Patched | |
CVE-2023-48608
Impact: Arbitrary code execution
Severity: Important
Impact: Security feature bypass
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Moderate | CVSS 3.5 | Adobe | - | Patched | |
CVE-2023-48387TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.
| CVSS 8.8 | Twca | - | - | |
CVE-2023-48368Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. | CVSS 5.9 | Intel | - | - | |
CVE-2023-48311dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable docker image, instead of restricting to only the single configured image, as intended. This issue has been addressed in commit `3ba4b665b` which has been included in dockerspawner release version 13. Users are advised to upgrade. Users unable to upgrade should explicitly set `DockerSpawner.allowed_images` to a non-empty list containing only the default image will result in the intended default behavior. | CVSS 8 | Jupyter | - | Patched | |
CVE-2023-48310TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue. | CVSS 9.1 | Nc3 | Exploit | Patched | |
CVE-2023-48238joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work against this library is the RS256 algorithm is in use, however it is a best practice to use that algorithm. | CVSS 7.5 | Joaquimserafim | Exploit | Patched | |
CVE-2023-48226OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings (for registration looks like validation is correct), a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for example. Email is really send from OpenReplay, but bad actors can add there HTML code injected (content spoofing). Please notice that during Registration steps for FullName looks like is validated correct - can not type there, but using this kind of bypass/workaround - bad actors can achieve own goal. As of time of publication, no known fixes or workarounds are available. | CVSS 6.5 | - | - | ||
CVE-2023-48223fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work if the victim application utilizes a public key containing the `BEGIN RSA PUBLIC KEY` header. Applications using the RS256 algorithm, a public key with a `BEGIN RSA PUBLIC KEY` header, and calling the verify function without explicitly providing an algorithm, are vulnerable to this algorithm confusion attack which allows attackers to sign arbitrary payloads which will be accepted by the verifier. Version 3.3.2 contains a patch for this issue. As a workaround, change line 29 of `blob/master/src/crypto.js` to include a regular expression. | CVSS 5.9 | Nearform | Exploit | Patched | |
CVE-2023-4818PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.
The attacker must have physical USB access to the device in order to exploit this vulnerability.
| CVSS 7.6 | Paxtechnology | Exploit | - | |
CVE-2023-47855Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. | CVSS 6 | Extremenetworks | - | - | |
CVE-2023-47804Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose.
Links can be activated by clicks, or by automatic document events.
The execution of such links must be subject to user approval.
In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.
This is a corner case of CVE-2022-47502.
| CVSS 8.8 | Apache | - | Patched | |
CVE-2023-47747IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646. | CVSS 6.5 | Ibm | - | Patched | |
CVE-2023-47746IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. | CVSS 6.5 | Ibm | - | Patched | |
CVE-2023-47705IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228. | CVSS 4.3 | Ibm | - | Patched | |
CVE-2023-47701IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166. | CVSS 6.5 | Ibm | - | Patched | |
CVE-2023-4753OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error input. | CVSS 5.5 | Openatom, et al | - | - | |
CVE-2023-47210Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | CVSS 4.7 | Intel | - | - | |
CVE-2023-47161IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799. | CVSS 5.3 | Ibm | - | Patched | |
CVE-2023-47158IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750. | CVSS 6.5 | Ibm | - | Patched | |
CVE-2023-47141IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264. | CVSS 6.5 | Ibm | - | Patched | |
CVE-2023-47106Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS 4.8 | Traefik | Exploit | Patched | |
CVE-2023-47003An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. | CVSS 9.8 | Redislabs | Exploit | - | |
CVE-2023-4698Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. | CVSS 7.5 | Usememos | Exploit | Patched | |
CVE-2023-4680HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11. | CVSS 6.8 | Hashicorp | - | Patched | |
CVE-2023-46763Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously. | CVSS 5.3 | Huawei | - | Patched | |
CVE-2023-46695An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. | CVSS 7.5 | Djangoproject | - | Patched | |
CVE-2023-46589Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.
Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
| CVSS HIGH | Apache, et al | - | Patched | |
CVE-2023-46402git-urls version 1.0.1 is vulnerable to ReDOS (Regular Expression Denial of Service) in Go package. | CVSS 7.5 | Git-urls project | Exploit | Patched | |
CVE-2023-46285A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog. | CVSS 7.5 | Siemens | - | Patched | |
CVE-2023-46167IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. | CVSS 5.9 | Ibm | - | Patched | |
CVE-2023-46159IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. | CVSS 6.5 | Ibm | - | Patched | |
CVE-2023-46116Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the `file:` URL scheme, which can be used by malicious actors to gain code execution on a victims computer, however fails to check other harmful schemes such as `ftp:`, `smb:`, etc. which can also be used. Successful exploitation of this vulnerability will enable an attacker to gain code execution on a victim's computer. Version 3.118.2 contains a patch for this issue. | CVSS 9.3 | Tuta | Exploit | Patched | |
CVE-2023-46047An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file. | CVSS 7.3 | - | - | ||
CVE-2023-4586A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack. | CVSS 7.4 | Infinispan, et al | - | Patched |