See a list of the latest CVEs we send weekly to subscribers.
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.
SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method.
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).
SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.
Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.
Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'.
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.
A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload.
An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages.
An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability.
IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138.
An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
amd:ryzen_3500_firmware amd:ryzen_5900_firmware amd:ryzen_5_5600ge_firmware amd:ryzen_5500_firmware amd:ryzen_3_3300_firmware amd:ryzen_3600_firmware amd:ryzen_5300ge_firmware amd:ryzen_5975wx_firmware amd:ryzen_3_3200g_firmware amd:ryzen_5800x3d_firmware amd:ryzen_3_3300g_firmware amd:ryzen_5995wx_firmware amd:ryzen_3_3200ge_firmware amd:ryzen_3995wx_firmware amd:ryzen_3960x_firmware amd:ryzen_5_5625c_firmware amd:ryzen_6600hs_firmware amd:ryzen_4300g_firmware amd:ryzen_6800h_firmware amd:ryzen_5_5600g_firmware amd:ryzen_5_5600x_firmware amd:ryzen_5900x_firmware amd:ryzen_3900_firmware amd:ryzen_threadripper_3960x_firmware amd:ryzen_3_3450u_firmware amd:ryzen_5600g_firmware amd:ryzen_5_5700g_firmware amd:ryzen_3_3250u_firmware amd:ryzen_6800u_firmware amd:ryzen_3800xt_firmware amd:ryzen_3950x_firmware amd:ryzen_3_3500c_firmware amd:ryzen_3_3580u_firmware amd:ryzen_5_5500_firmware amd:ryzen_5_5500u_firmware amd:ryzen_threadripper_pro_3945wx_firmware amd:ryzen_5700g_firmware amd:ryzen_3_3300x_firmware amd:ryzen_3100_firmware amd:ryzen_3_3780u_firmware amd:ryzen_5950x_firmware amd:ryzen_5600x_firmware amd:ryzen_3_3300u_firmware amd:ryzen_6600u_firmware amd:ryzen_5600ge_firmware amd:ryzen_4700g_firmware amd:ryzen_4700s_firmware amd:ryzen_5_5700ge_firmware amd:ryzen_threadripper_3990x_firmware amd:ryzen_6600h_firmware amd:ryzen_5700ge_firmware amd:ryzen_5800x_firmware amd:ryzen_3_3550h_firmware amd:ryzen_3900x_firmware amd:ryzen_3900xt_firmware amd:ryzen_threadripper_pro_3955wx_firmware amd:ryzen_6980hx_firmware amd:ryzen_4700ge_firmware amd:ryzen_3_3200u_firmware amd:ryzen_3600xt_firmware amd:ryzen_3990x_firmware amd:ryzen_5300g_firmware amd:ryzen_3600x_firmware amd:ryzen_threadripper_pro_3795wx_firmware amd:ryzen_5_5600x3d_firmware amd:ryzen_5600_firmware amd:ryzen_5965wx_firmware amd:ryzen_threadripper_pro_3995wx_firmware amd:ryzen_5_5600_firmware amd:ryzen_4600ge_firmware amd:ryzen_3_3350u_firmware amd:ryzen_6800hs_firmware amd:ryzen_6900hx_firmware amd:ryzen_5_5560u_firmware amd:ryzen_threadripper_3970x_firmware amd:ryzen_5800_firmware amd:ryzen_5_5600u_firmware amd:ryzen_3_3700c_firmware amd:ryzen_5945wx_firmware amd:ryzen_5_5600hs_firmware amd:ryzen_3800x_firmware amd:ryzen_3975wx_firmware amd:ryzen_3970x_firmware amd:ryzen_3_3700u_firmware amd:ryzen_6980hs_firmware amd:ryzen_3945wx_firmware amd:ryzen_3300x_firmware amd:ryzen_5955wx_firmware amd:ryzen_5_5625u_firmware amd:ryzen_3_3250c_firmware amd:ryzen_3_3500u_firmware amd:ryzen_6900hs_firmware amd:ryzen_threadripper_pro_3975wx_firmware amd:ryzen_4300ge_firmware amd:ryzen_5_5600h_firmware amd:ryzen_3_3100_firmware amd:ryzen_3500x_firmware amd:ryzen_5700x_firmware amd:ryzen_3955wx_firmware amd:ryzen_4600g_firmware amd:ryzen_3_3750h_firmware
A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'.
Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.
SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods.
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.
updateproducts_project:updateproducts simpleimportproduct_project:simpleimportproduct
SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php.
IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456.
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
amd:ryzen_3_3300_firmware amd:ryzen_6600h_firmware amd:epyc_7663_firmware amd:ryzen_5_5700g_firmware amd:ryzen_5300ge_firmware amd:ryzen_3945wx_firmware amd:ryzen_5_5500u_firmware amd:ryzen_5700g_firmware amd:ryzen_5900x_firmware amd:ryzen_3_3100_firmware amd:epyc_7763_firmware amd:ryzen_3_3780u_firmware amd:ryzen_5_5560u_firmware amd:ryzen_5800x_firmware amd:ryzen_3100_firmware amd:ryzen_5300g_firmware amd:ryzen_3_3750h_firmware amd:epyc_75f3_firmware amd:ryzen_5600_firmware amd:ryzen_3800xt_firmware amd:ryzen_5700ge_firmware amd:ryzen_4600ge_firmware amd:ryzen_3990x_firmware amd:ryzen_threadripper_3970x_firmware amd:ryzen_3_3300g_firmware amd:epyc_7003_firmware amd:ryzen_3_3450u_firmware amd:ryzen_3_3550h_firmware amd:ryzen_6800hs_firmware amd:ryzen_5600g_firmware amd:ryzen_5_5600x3d_firmware amd:ryzen_threadripper_3960x_firmware amd:ryzen_3_3250c_firmware amd:ryzen_3_3500c_firmware amd:ryzen_3600xt_firmware amd:ryzen_threadripper_pro_3975wx_firmware amd:ryzen_5_5500_firmware amd:epyc_7443_firmware amd:ryzen_3_3350u_firmware amd:ryzen_5965wx_firmware amd:ryzen_5_5625u_firmware amd:epyc_7643_firmware amd:ryzen_3_3200u_firmware amd:ryzen_5_5700ge_firmware amd:ryzen_5945wx_firmware amd:epyc_7543p_firmware amd:ryzen_4700g_firmware amd:ryzen_6900hs_firmware amd:epyc_7713_firmware amd:epyc_74f3_firmware amd:epyc_7443p_firmware amd:ryzen_5900_firmware amd:ryzen_5955wx_firmware amd:ryzen_threadripper_pro_3945wx_firmware amd:ryzen_3995wx_firmware amd:epyc_7573x_firmware amd:ryzen_3955wx_firmware amd:ryzen_3_3580u_firmware amd:ryzen_threadripper_pro_3955wx_firmware amd:epyc_7773x_firmware amd:ryzen_3500x_firmware amd:ryzen_threadripper_pro_3995wx_firmware amd:ryzen_5_5600x_firmware amd:ryzen_3500_firmware amd:ryzen_5_5600ge_firmware amd:ryzen_3_3500u_firmware amd:epyc_7513_firmware amd:ryzen_3900x_firmware amd:ryzen_5_5625c_firmware amd:epyc_73f3_firmware amd:ryzen_6800u_firmware amd:ryzen_3_3700u_firmware amd:ryzen_5_5600hs_firmware amd:ryzen_6980hx_firmware amd:ryzen_3900xt_firmware amd:ryzen_3_3250u_firmware amd:ryzen_3300x_firmware amd:ryzen_3600_firmware amd:ryzen_4300g_firmware amd:ryzen_5800x3d_firmware amd:ryzen_6600u_firmware amd:epyc_7313_firmware amd:epyc_72f3_firmware amd:ryzen_3900_firmware amd:ryzen_3_3700c_firmware amd:ryzen_5800_firmware amd:ryzen_6980hs_firmware amd:ryzen_3_3300x_firmware amd:ryzen_5700x_firmware amd:epyc_7743_firmware amd:ryzen_3_3200g_firmware amd:epyc_7343_firmware amd:ryzen_5500_firmware amd:epyc_7713p_firmware amd:epyc_7413_firmware amd:epyc_7453_firmware amd:ryzen_5_5600g_firmware amd:ryzen_5950x_firmware amd:ryzen_5_5600_firmware amd:ryzen_4600g_firmware amd:epyc_7543_firmware amd:epyc_7313p_firmware amd:ryzen_3800x_firmware amd:ryzen_5995wx_firmware amd:ryzen_5975wx_firmware amd:ryzen_4700ge_firmware amd:ryzen_3_3300u_firmware amd:ryzen_threadripper_pro_3795wx_firmware amd:ryzen_4700s_firmware amd:ryzen_3960x_firmware amd:ryzen_threadripper_3990x_firmware amd:ryzen_3970x_firmware amd:ryzen_4300ge_firmware amd:ryzen_5_5600u_firmware amd:ryzen_3975wx_firmware amd:ryzen_6800h_firmware amd:ryzen_3_3200ge_firmware amd:ryzen_3950x_firmware amd:ryzen_5600x_firmware amd:ryzen_6600hs_firmware amd:ryzen_6900hx_firmware amd:ryzen_5_5600h_firmware amd:epyc_7373x_firmware amd:ryzen_5600ge_firmware amd:ryzen_3600x_firmware
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.
A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter.
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds.
IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must craft a malicious XML document, embed this document into specific 3rd party private RTst metadata tags, transfer the now compromised DICOM object to MIM, and force MIM to archive and load the data. Users on either version are strongly encouraged to update to an unaffected version (7.2.11+, 7.3.4+). This issue was found and analyzed by MIM Software's internal security team. We are unaware of any proof of concept or actual exploit available in the wild. For more information, visit https://www.mimsoftware.com/cve-2023-3892 https://www.mimsoftware.com/cve-2023-3892 This issue affects MIM Assistant: 7.2.10, 7.3.3; MIM Client: 7.2.10, 7.3.3.
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee’s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable ‘e’ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system administrator could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content.
The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc.
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.
rockwellautomation:1756-en2tk_series_c_firmware rockwellautomation:1756-en3tr_series_a_firmware rockwellautomation:1756-en2txt_series_b_firmware rockwellautomation:1756-en2tpxt_series_a_firmware rockwellautomation:1756-en2trxt_series_c_firmware rockwellautomation:1756-en2trk_series_b_firmware rockwellautomation:1756-en2fk_series_c_firmware rockwellautomation:1756-en3tr_series_b_firmware rockwellautomation:1756-en2t_series_c_firmware rockwellautomation:1756-en2tk_series_b_firmware rockwellautomation:1756-en2trk_series_c_firmware rockwellautomation:1756-en2tpk_series_a_firmware rockwellautomation:1756-en2txt_series_c_firmware rockwellautomation:1756-en2tk_series_a_firmware rockwellautomation:1756-en2trk_series_a_firmware rockwellautomation:1756-en2f_series_c_firmware rockwellautomation:1756-en2t_series_a_firmware rockwellautomation:1756-en2txt_series_d_firmware rockwellautomation:1756-en2tr_series_b_firmware rockwellautomation:1756-en2fk_series_a_firmware rockwellautomation:1756-en2t_series_b_firmware rockwellautomation:1756-en2trxt_series_b_firmware rockwellautomation:1756-en2trxt_series_a_firmware rockwellautomation:1756-en2fk_series_b_firmware rockwellautomation:1756-en2tp_series_a_firmware rockwellautomation:1756-en2tr_series_a_firmware rockwellautomation:1756-en2f_series_a_firmware rockwellautomation:1756-en3trk_series_b_firmware rockwellautomation:1756-en2t_series_d_firmware rockwellautomation:1756-en3trk_series_a_firmware rockwellautomation:1756-en2txt_series_a_firmware rockwellautomation:1756-en2f_series_b_firmware rockwellautomation:1756-en2tr_series_c_firmware
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
redhat:openshift_container_platform redhat:keycloak redhat:single_sign-on redhat:openshift_container_platform_for_power redhat:openshift_container_platform_for_linuxone redhat:openshift_container_platform_ibm_z_systems