‼ CVE-2023-1271 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** Duplicate. Please use CVE-2023-24421.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22951 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29573 ‼
📖 Read
via "National Vulnerability Database".
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26409 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26413 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26411 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27746 ‼
📖 Read
via "National Vulnerability Database".
BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-26398 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24509 ‼
📖 Read
via "National Vulnerability Database".
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26415 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20863 ‼
📖 Read
via "National Vulnerability Database".
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48468 ‼
📖 Read
via "National Vulnerability Database".
protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26416 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27890 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29627 ‼
📖 Read
via "National Vulnerability Database".
Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2034 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26969 ‼
📖 Read
via "National Vulnerability Database".
Atropim 1.5.26 is vulnerable to Directory Traversal.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29623 ‼
📖 Read
via "National Vulnerability Database".
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29621 ‼
📖 Read
via "National Vulnerability Database".
Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29132 ‼
📖 Read
via "National Vulnerability Database".
Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26918 ‼
📖 Read
via "National Vulnerability Database".
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.📖 Read
via "National Vulnerability Database".