βΌ CVE-2023-45852 βΌ
π Read
via "National Vulnerability Database".
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45348 βΌ
π Read
via "National Vulnerability Database".
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default.It is recommended to upgrade to a version that is not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5578 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PortΓΒ‘bilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument cod_agenda with the input ");'> <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42792 βΌ
π Read
via "National Vulnerability Database".
Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42663 βΌ
π Read
via "National Vulnerability Database".
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42780 βΌ
π Read
via "National Vulnerability Database".
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33161 βΌ
π Read
via "National Vulnerability Database".
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5582 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242147.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32755 βΌ
π Read
via "National Vulnerability Database".
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33165 βΌ
π Read
via "National Vulnerability Database".
IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45871 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5585 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "><script>confirm (document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242170 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40378 βΌ
π Read
via "National Vulnerability Database".
IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5586 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25091 βΌ
π Read
via "National Vulnerability Database".
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).π Read
via "National Vulnerability Database".
βΌ CVE-2023-38312 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5589 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242188.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5588 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is told to be difficult. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 2c795094535537a8607cc0d3b7f076a609636f40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-242187.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5587 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5590 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48612 βΌ
π Read
via "National Vulnerability Database".
A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places.π Read
via "National Vulnerability Database".