βΌ CVE-2021-43072 βΌ
π Read
via "National Vulnerability Database".
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4146 βΌ
π Read
via "National Vulnerability Database".
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3714 βΌ
π Read
via "National Vulnerability Database".
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the member's role. This issue was partially patched in version 5.5.2 preventing privilege escalation, however, it was fully patched in 5.5.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38430 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3713 βΌ
π Read
via "National Vulnerability Database".
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34143 βΌ
π Read
via "National Vulnerability Database".
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3403 βΌ
π Read
via "National Vulnerability Database".
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38426 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38427 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38432 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38434 βΌ
π Read
via "National Vulnerability Database".
xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3708 βΌ
π Read
via "National Vulnerability Database".
Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38429 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3459 βΌ
π Read
via "National Vulnerability Database".
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with shop manager-level permissions to change user passwords and potentially take over administrator accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36695 βΌ
π Read
via "National Vulnerability Database".
Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31998 βΌ
π Read
via "National Vulnerability Database".
A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.π Read
via "National Vulnerability Database".
π’ Warning issued over βincompleteβ fix for Adobe ColdFusion vulnerability π’
π Read
via "ITPro".
An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned π Read
via "ITPro".
ITPro
Warning issued over βincompleteβ fix for Adobe ColdFusion vulnerability
An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
βΌ CVE-2022-46857 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <=Γ 1.9.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25482 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <=Γ 1.1.2 versions.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-3743 βΌ
π Read
via "National Vulnerability Database".
Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37973 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <=Γ 2.1 versions.π Read
via "National Vulnerability Database".