‼ CVE-2023-4506 ‼
📖 Read
via "National Vulnerability Database".
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44020 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5221 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40384 ‼
📖 Read
via "National Vulnerability Database".
A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39375 ‼
📖 Read
via "National Vulnerability Database".
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43263 ‼
📖 Read
via "National Vulnerability Database".
A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41232 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44017 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39233 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44207 ‼
📖 Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40520 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40417 ‼
📖 Read
via "National Vulnerability Database".
A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41984 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44169 ‼
📖 Read
via "National Vulnerability Database".
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43331 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41073 ‼
📖 Read
via "National Vulnerability Database".
An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40441 ‼
📖 Read
via "National Vulnerability Database".
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40420 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44042 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5176 ‼
📖 Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32377 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".