βΌ CVE-2022-31200 βΌ
π Read
via "National Vulnerability Database".
Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3980 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3981 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38510 βΌ
π Read
via "National Vulnerability Database".
Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's important to note that this vulnerability only affects projects that have inadvertently exposed their API keys on the internet. Projects that have kept their API keys secure are not impacted. This issue is fixed in version 3.23.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38495 βΌ
π Read
via "National Vulnerability Database".
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered with a Package. The problem has been fixed in 1.11.5, 1.12.3 and 1.13.0. As a workaround, only use images from trusted sources and keep Package editing/creating privileges to administrators only.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36580 βΌ
π Read
via "National Vulnerability Database".
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38505 βΌ
π Read
via "National Vulnerability Database".
DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36941 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3982 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-38504 βΌ
π Read
via "National Vulnerability Database".
Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2022-43703 βΌ
π Read
via "National Vulnerability Database".
An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2022-43701 βΌ
π Read
via "National Vulnerability Database".
When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.π Read
via "National Vulnerability Database".
π1π₯1
βΌ CVE-2022-43702 βΌ
π Read
via "National Vulnerability Database".
When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38592 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38599 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32654 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38590 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-3990 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32445 βΌ
π Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3670 βΌ
π Read
via "National Vulnerability Database".
In CODESYS Development System 3.5.9.0 toΓ 3.5.17.0 andΓ CODESYS ScriptingΓ 4.0.0.0 toΓ 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32444 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.π Read
via "National Vulnerability Database".