Total
27484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4168 | 1 Templatecookie | 1 Adlisting | 2024-05-17 | 4.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-49610 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2024-05-17 | N/A | 8.1 HIGH |
| MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack. | |||||
| CVE-2023-49102 | 1 Nzbget | 1 Nzbget | 2024-05-17 | N/A | 8.8 HIGH |
| NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-46033 | 1 Dlink | 4 Dsl-2730u, Dsl-2730u Firmware, Dsl-2750u and 1 more | 2024-05-17 | N/A | 6.8 MEDIUM |
| D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control. | |||||
| CVE-2023-3231 | 1 Ujcms | 1 Ujcms | 2024-05-17 | 2.1 LOW | 6.5 MEDIUM |
| A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-35866 | 1 Keepassxc | 1 Keepassxc | 2024-05-17 | N/A | 5.5 MEDIUM |
| In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker." | |||||
| CVE-2023-35042 | 1 Geoserver | 1 Geoserver | 2024-05-17 | N/A | 9.8 CRITICAL |
| GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version. | |||||
| CVE-2023-34257 | 1 Bmc | 1 Patrol Agent | 2024-05-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication." | |||||
| CVE-2023-33796 | 1 Netbox | 1 Netbox | 2024-05-17 | N/A | 9.1 CRITICAL |
| A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied. | |||||
| CVE-2023-2979 | 1 Abstrium | 1 Pydio Cells | 2024-05-17 | 5.8 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211. | |||||
| CVE-2023-2926 | 1 Seacms | 1 Seacms | 2024-05-17 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230081 was assigned to this vulnerability. | |||||
| CVE-2023-2874 | 2 Filseclab, Microsoft | 2 Twister Antivirus, Windows | 2024-05-17 | 4.6 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2670 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2646 | 1 Tp-link | 2 Archer C7, Archer C7 Firmware | 2024-05-17 | 5.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-29581 | 1 Yasm Project | 1 Yasm | 2024-05-17 | N/A | 5.5 MEDIUM |
| yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs. | |||||
| CVE-2023-29218 | 1 Twitter | 1 Recommendation Algorithm | 2024-05-17 | N/A | 7.5 HIGH |
| The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023. NOTE: Vendor states that allowing users to unfollow, mute, block, and report tweets and accounts and the impact of these negative engagements on Twitter’s ranking algorithm is a conscious design decision, rather than a security vulnerability. | |||||
| CVE-2023-24676 | 1 Processwire | 1 Processwire | 2024-05-17 | N/A | 7.2 HIGH |
| An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code. | |||||
| CVE-2023-24068 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-05-17 | N/A | 7.8 HIGH |
| Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access. | |||||
| CVE-2023-1858 | 1 Earnings And Expense Tracker App Project | 1 Earnings And Expense Tracker App | 2024-05-17 | 4.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-224997 was assigned to this vulnerability. | |||||
| CVE-2023-1790 | 1 Simple Task Allocation System Project | 1 Simple Task Allocation System | 2024-05-17 | 4.0 MEDIUM | 7.5 HIGH |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724. | |||||