βΌ CVE-2023-46542 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46563 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5731 βΌ
π Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46547 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26570 βΌ
π Read
via "National Vulnerability Database".
Missing authentication in the StudentPopupDetails_Timetable method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27254 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated SQL injection in the GetRoomChanges method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42490 βΌ
π Read
via "National Vulnerability Database".
EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actorπ Read
via "National Vulnerability Database".
βΌ CVE-2023-4608 βΌ
π Read
via "National Vulnerability Database".
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.Γ This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46559 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27261 βΌ
π Read
via "National Vulnerability Database".
Missing authentication in the DeleteAssignments method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37909 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45844 βΌ
π Read
via "National Vulnerability Database".
The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).π Read
via "National Vulnerability Database".
βΌ CVE-2023-42844 βΌ
π Read
via "National Vulnerability Database".
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46543 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42846 βΌ
π Read
via "National Vulnerability Database".
This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46659 βΌ
π Read
via "National Vulnerability Database".
Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42856 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46158 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46562 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42492 βΌ
π Read
via "National Vulnerability Database".
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Keyπ Read
via "National Vulnerability Database".
βΌ CVE-2023-46410 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.π Read
via "National Vulnerability Database".