βΌ CVE-2023-46484 βΌ
π Read
via "National Vulnerability Database".
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41377 βΌ
π Read
via "National Vulnerability Database".
In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39610 βΌ
π Read
via "National Vulnerability Database".
An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20886 βΌ
π Read
via "National Vulnerability Database".
VMware Workspace ONE UEM console contains an open redirect vulnerability.A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5306 βΌ
π Read
via "National Vulnerability Database".
Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities.Γ The 'city' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37833 βΌ
π Read
via "National Vulnerability Database".
Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5899 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5515 βΌ
π Read
via "National Vulnerability Database".
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks againstweb servers and deployed web applications.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5890 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5898 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-47097 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Virtualmin 7.7. The Server Templates feature under System Settings allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5891 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5895 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5897 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46278 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5896 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2621 βΌ
π Read
via "National Vulnerability Database".
The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computersystem. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client canexploit this vulnerability by uploading a crafted ZIP archive via thenetwork to McFeederΓ’β¬β’s service endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5514 βΌ
π Read
via "National Vulnerability Database".
The response messages received from the eSOMS report generation using certain parameter queries with full file path can beabused for enumerating the local file system structure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-47099 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Virtualmin 7.7. The Create Virtual Server functionality allows XSS attacks against anyone who accesses the Virtual Server Summary tab.π Read
via "National Vulnerability Database".
βΌ CVE-2023-47096 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Virtualmin 7.7. The Cloudmin Services Client under System Settings allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5889 βΌ
π Read
via "National Vulnerability Database".
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".