Multiple vulnerabilities have been discovered in LibreOffice software suite. Upgrade libreoffice packages to resolve the issues.
CVE ID: CVE-2023-6186, CVE-2023-6185, CVE-2020-12803, CVE-2020-12802, CVE-2020-12801
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
An arbitrary code execution vulnerability by sending a specially crafted request has been discovered in IBM Maximo Application Suite - IoT Component's "quartz-jobs-2.3.2.jar". The affected products are IBM Maximo Application Suite - IoT Component 8.7 & IoT Component 8.8. Security updates are available.
CVE ID: CVE-2023-39017 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been identified within Docker shipped as pattern type (pType) component with Cloud Pak System Software.
CVE ID: CVE-2023-28842 (Medium), CVE-2023-28840 (High), CVE-2023-28841 (Medium)
IBM Security SOAR uses an older version of Apache ActiveMQ that may be identified and exploited. Updates for supported versions have been released which address the issue.
CVE ID: CVE-2023-46604 (Critical)
A Cross-Site Request Forgery (CSRF) vulnerability and an use of a Broken or Risky Cryptographic Algorithm vulnerability have been identified in Moxa ioLogik E1200 Series firmware versions v3.3 and prior.
CVE ID: CVE-2023-5961, CVE-2023-5962
A Buffer Overflow vulnerability has been found in osslsigncode, which possibly allows an malicious attacker to execute arbitrary code when signing a crafted file.
CVE ID: CVE-2023-36377
A critical vulnerability has been observed in Brix crypto-js which could allow a remote attacker to obtain sensitive information.
CVE ID: CVE-2023-46233 (Critical)
Multiple vulnerabilities exist in several Mitsubishi Electric FA products due to OpenSSL vulnerabilities. An attacker could disclose information in the product or could cause Denial-of-Service (DoS) condition.
CVE ID: CVE-2022-4304, CVE-2022-4450, CVE2023-0286
A Server Side Request Forgery (SSRF) which lead to a Local File Inclusion (LFI) vulnerability has been discovered in the JCDashboards component for Joomla.
CVE ID: CVE-2023-40630 (Critical)
A SQL injection vulnerability has been discovered in SchedMD Slurm. The affected version is SchedMD Slurm 23.11.x. Security updates are available.
CVE ID: CVE-2023-49934 (Critical)
A Remove Code Execution (RCE) vulnerability due to unrestricted upload of files has been discovered in Avalanche. The affected versions are Avalanche 6.4.1 and below.
CVE ID: CVE-2023-46264 (Critical)
A Remove Code Execution (RCE) vulnerability due to unrestricted upload of files has been discovered in Avalanche. The affected versions are Avalanche 6.4.1 and below.
CVE ID: CVE-2023-46263 (Critical)
A buffer overflow vulnerability has been discovered in Shenzhen Libituo Technology Co. Ltd. The affected version is Shenzhen Libituo Technology Co. Ltd LBT-T300-T310 v2.2.2.6.
CVE ID: CVE-2023-50469 (Critical)
A command execution vulnerability has been discovered in MajorDoMo. The affected versions are MajorDoMo (aka Major Domestic Module) before 0662e5e.
CVE ID: CVE-2023-50917 (Critical)
A command injection vulnerability has been discovered in NETGEAR WNR2000v4. The affected version is NETGEAR WNR2000v4 version 1.0.0.70.
CVE ID: CVE-2023-50089 (Critical)
Mozilla has released security updates to address multiple vulnerabilities in Firefox 121, Thunderbird 115.6, and Firefox ESR 115.6. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-6856 (High), CVE-2023-6135 (High), CVE-2023-6865 (High), CVE-2023-6857 (Medium), CVE-2023-6858 (Medium), CVE-2023-6859 (Medium), CVE-2023-6866 (Medium), CVE-2023-6860 (Medium), CVE-2023-6867 (Medium), CVE-2023-6861 (Medium), CVE-2023-6868 (Medium), CVE-2023-6869 (Low), CVE-2023-6870 (Low), CVE-2023-6871 (Low), CVE-2023-6872 (Low), CVE-2023-6863 (Low), CVE-2023-6864 (High), CVE-2023-6873 (High)
A deserialization of untrusted data vulnerability has been discovered in Apache Dubbo. The affected version is Apache Dubbo 3.1.5. Security updates are available.
CVE ID: CVE-2023-46279 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Dokmee ECM. The affected version is Dokmee ECM 7.4.6.
CVE ID: CVE-2023-47261 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Nagios XI. The affected versions are Nagios XI before version 5.11.3.
CVE ID: CVE-2023-48085 (Critical)
A SQL injection vulnerability has been discovered in Nagios XI. The affected versions are Nagios XI before version 5.11.3.
CVE ID: CVE-2023-48084 (Critical)
A stack-based buffer overflow vulnerability has been discovered in Dell DM5500. The affected version is Dell DM5500 5.14.0.0.
CVE ID: CVE-2023-44305 (Critical)
A weak password requirements vulnerability has been discovered in the GitHub repository Modoboa. The affected versions are GitHub repository Modoboa prior to 2.1.0.
CVE ID: CVE-2023-2160 (Critical)
An authentication bypass vulnerability has been discovered in the GitHub repository thorsten/phpmyfaq. The affected versions are GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE ID: CVE-2023-1886 (Critical)
A weak password requirements vulnerability has been discovered in the GitHub repository thorsten/phpmyfaq. The affected versions are GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE ID: CVE-2023-1753 (Critical)
An incorrect permission assignment for critical resource vulnerability has been discovered in PHOENIX CONTACT's Automation Worx & classic line controllers that allows to gain full access of the affected device.
CVE ID: CVE-2023-46141 (Critical)
An incorrect permission assignment for critical resource vulnerability has been discovered in PHOENIX CONTACT MULTIPROG & PHOENIX CONTACT ProConOS eCLR (SDK) that allows to upload arbitrary malicious code and gain full access on the affected device.
CVE ID: CVE-2023-0757 (Critical)
A memory overflow vulnerability has been discovered in OpenEXR-viewer. The affected versions are OpenEXR-viewer prior to 0.6.1.
CVE ID: CVE-2023-50245 (Critical)
Palo Alto Networks has released security updates to resolve exposure of sensitive information and local file deletion vulnerabilities in its products.
CVE ID: CVE-2023-6790 (Medium), CVE-2023-6791 (Medium), CVE-2023-6794 (Medium), CVE-2023-6792 (Medium), CVE-2023-6795 (Medium), CVE-2023-6793 (Medium), CVE-2023-6789 (Medium)
A stack overflow vulnerability has been discovered in TOTOLink A7000R. The affected version is TOTOLink A7000R V9.1.0u.6115_B20201022.
CVE ID: CVE-2023-49418 (Critical)
A stack overflow vulnerability has been discovered in TOTOLink A7000R. The affected version is TOTOLink A7000R V9.1.0u.6115_B20201022.
CVE ID: CVE-2023-49417 (Critical)
It has been observed that Advanced Persistent Threat 29 (APT 29) aka Dukes, CozyBear & NOBELIUM/Midnight Blizzard is exploiting an authentication bypass vulnerability (CVE-2023-42793) that leads to Remote Code Execution (RCE) on TeamCity Server at a large scale. The affected products are JetBrains TeamCity before 2023.05.4. Cybersecurity & Infrastructure Security Agency (CISA) has released MITRE ATT&CK Tactics & Techniques, detection methods, mitigations and IoCs to protect organisations.
Google has released Chrome Beta 121 (121.0.6167.18) for iOS, Dev channel OS version 15699.10.0, Browser version 121.0.6167.14 for most ChromeOS devices, Chrome Beta 121 (121.0.6167.18) for Android and Beta channel 121.0.6167.16 for Windows, Mac & Linux.
VMware has released security updates to address a privilege escalation vulnerability in VMware Workspace ONE Launcher. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-34064 (Medium)
A path traversal vulnerability has been discovered in Schneider Electric's Equipment- Easy UPS Online monitoring software. The affected versions are Schneider Electric Easy UPS Online monitoring software (Windows 10, 11, Windows Server 2016, 2019, 2022): 2.6-GA-01-23116 and prior. The mitigations are available.
CVE ID: CVE-2023-6407 (Medium)
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in FortiOS, FortiPAM and FortiProxy. Security updates are available.
CVE ID: CVE-2023-41678 (High), CVE-2023-47536 (Low), CVE-2023-36639 (High)
Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-35618 (Critical), CVE-2023-36019 (Critical)
Google has released Stable channel OS version: 15633.69.0 Browser version: 119.0.6045.212 for most ChromeOS devices, Chrome Stable 120 (120.0.6099.119) for iOS and Stable channel 120.0.6099.109 for Mac, Linux and Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2023-6702 (High), CVE-2023-6703 (High), CVE-2023-6704 (High), CVE-2023-6705 (High), CVE-2023-6706 (High), CVE-2023-6707 (High)
An OS Command Injection vulnerability has been discovered in DrayTek Vigor167. The affected version is DrayTek Vigor167 version 5.2.2.
CVE ID: CVE-2023-47254 (Critical)
Apple has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-42874, CVE-2023-42890, CVE-2023-42881, CVE-2023-42882, CVE-2023-42883, CVE-2023-42884, CCVE-2023-42886, VE-2023-42900, CVE-2023-42901, CVE-2023-42902, CVE-2023-42903, CVE-2023-42904, CVE-2023-42904, CVE-2023-42905, CVE-2023-42906, CVE-2023-42907, CVE-2023-42908, CVE-2023-42909, CVE-2023-42910, CVE-2023-42911, CVE-2023-42912, CVE-2023-42914, CVE-2023-42916, CVE-2023-42917, CVE-2023-42919, CVE-2023-42922, CVE-2023-42923, CVE-2023-42884, CVE-2023-42894, CVE-2023-42897, CVE-2023-45866, CVE-2023-42924, CVE-2023-42926, CVE-2023-42927, CVE-2023-42922, CVE-2023-42898, CVE-2023-42899
An improper input validation vulnerability has been discovered in Samsung Open Source Escargot. The affected versions are Samsung Open Source Escargot from 3.0.0 through 4.0.0.
CVE ID: CVE-2023-41268 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Apache Struts 2. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this vulnerability.
CVE ID: CVE-2023-50164 (Critical)
Microsoft has released Microsoft Edge Stable Channel (Version 120.0.2210.61) to resolve multiple vulnerabilities.
CVE ID: CVE-2023-38174 (Medium), CVE-2023-35618 (Critical), CVE-2023-36880 (Medium)
Multiple vulnerabilities have been discovered in Mitsubishi Electric FA products that allow to disclose information in the affected products. The mitigation is available.
CVE ID: CVE-2022-21151 (Medium), CVE-2021-33149 (Low)
Google has released Beta channel 120.0.6099.80 (Platform version: 15662.35.0) for ChromeOS devices and Stable channel 120.0.6099.71 for Mac, Linux & Windows.
A deserialization vulnerability has been discovered in Jupiter that allows it to execute arbitrary commands. The affected version is Jupiter v1.3.1.
CVE ID: CVE-2023-48887 (Critical)
A deserialization vulnerability has been discovered in NettyRpc that allows it to execute arbitrary commands. The affected version is NettyRpc v1.2.
CVE ID: CVE-2023-48886 (Critical)
A command execution vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719.
CVE ID: CVE-2023-48801 (Critical)
A command injection vulnerability has been discovered in D-Link. The affected version is D-Link Go-RT-AC750 revA_v101b03.
CVE ID: CVE-2023-48842 (Critical)
A buffer overflow vulnerability has been discovered in KEPServerEX that may allow the product to crash when being accessed or leak information.
CVE ID: CVE-2023-5908 (Critical)
Threat actors had exploited an improper access control vulnerability in Adobe ColdFusion that resulted in arbitrary code execution. The affected products are Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier). Cybersecurity and Infrastructure Security Agency (CISA) has released mitigation to avoid exploitation.
CVE ID: CVE-2023-26360 (High)
An authentication bypass vulnerability has been discovered in Zebra Technologies' Equipment- ZTC Industrial ZT410, ZTC Desktop GK420d. All versions of ZTC Industrial ZT410 and ZTC Desktop GK420d are affected.
CVE ID: CVE-2023-4957 (Medium)
Cisco has released a security update to resolve vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) due to improper validation of the packet's inner source IP address after decryption. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-20275 (Medium)
A SQL injection vulnerability has been discovered in My Calendar WordPress Plugin. The affected versions are My Calendar below 3.4.22.
CVE ID: CVE-2023-6360 (Critical)
A vulnerability has been discovered in Jenkins MATLAB Plugin which can cause XML External Entity (XXE) attack. The affected versions are Jenkins MATLAB Plugin 2.11.0 and earlier.
CVE ID: CVE-2023-49656 (Critical)
A missing permission checks vulnerability has been discovered in the Jenkins MATLAB Plugin. The affected versions are Jenkins MATLAB Plugin 2.11.0 and earlier.
CVE ID: CVE-2023-49654 (Critical)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-12-05 or later, address all of these issues.
CVE ID: CVE-2023-45866 (Critical), CVE-2023-40088 (Critical), CVE-2023-40077 (Critical), CVE-2023-40076 (Critical)
An OS command injection vulnerability has been discovered in NEC Platforms DT900 and DT900S Series. All versions of NEC Platforms DT900 and DT900S Series are affected.
CVE ID: CVE-2023-3741 (Critical)
A vulnerability has been discovered in NETGEAR ProSAFE Network Management System that allows an arbitrary code execution via Java Debug Wire Protocol (JDWP) listening port 11611.
CVE ID: CVE-2023-49693 (Critical)
A dylib injection vulnerability has been discovered in XMachOViewer that allows attackers to compromise integrity. The affected version is XMachOViewer 0.04.
CVE ID: CVE-2023-49313 (Critical)
An arbitrary code execution vulnerability has been discovered in Anyscale Ray. The affected versions are Anyscale Ray 2.6.3 and 2.8.0.
CVE ID: CVE-2023-48022 (Critical)
A Server-Side Request Forgery (SSRF) vulnerability has been discovered in Anyscale Ray. The affected versions are Anyscale Ray 2.6.3 and 2.8.0.
CVE ID: CVE-2023-48023 (Critical)
A command injection vulnerability has been discovered in Chamilo LMS. The affected versions are Chamilo LMS v1.11.20 and below.
CVE ID: CVE-2023-3368 (Critical)
An integer overflow vulnerability has been discovered in Skia in Google Chrome. The affected versions are Google Chrome prior to 119.0.6045.199.
CVE ID: CVE-2023-6345 (Critical)
An arbitrary code execution vulnerability has been discovered in jflyfox jfinalCMS. The affected version is jflyfox jfinalCMS v.5.1.0.
CVE ID: CVE-2023-47503 (Critical)
A Server Side Request Forgery (SSRF) vulnerability has been discovered in the WPB Show Core WordPress plugin. The affected versions are WPB Show Core through 2.2.
CVE ID: CVE-2023-5974 (Critical)
Malicious code execution vulnerability has been discovered in multiple Mitsubishi Electric FA engineering software products. All versions of GX Works3, MELSOFT iQ AppPortal, MELSOFT Navigator, and Motion Control Setting (*1) are affected.
CVE ID: CVE-2023-5247 (High)
Cybersecurity & Infrastructure Security Agency (CISA) has released principles to be followed by Software Manufacturers in order to have a product "Secure by design" to protect from ongoing malicious cyber activity against web management interfaces.
Microsoft has released Microsoft Edge Stable Channel (Version 119.0.2151.97) and Microsoft Edge Extended Stable Channel (Version 118.0.2088.122) to resolve multiple vulnerabilities.
CVE ID: CVE-2023-6345
Google has released Chrome Beta 120 (120.0.6099.43) for Android, Beta channel 120.0.6099.56 for Windows, Mac & Linux, Stable channel 120.0.6099.56 for Windows & Mac, and Chrome Stable 120 (120.0.6099.50) for iOS.
A vulnerability has been discovered in the WSGI server of Zyxel firmware that allows to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. The affected versions are Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0.
CVE ID: CVE-2023-4474 (Critical)
A command injection vulnerability has been discovered in the web server of Zyxel firmware. The affected versions are Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0.
CVE ID: CVE-2023-4473 (Critical)
A command injection vulnerability has been discovered in the "show_zysync_server_contents" function of Zyxel firmware. The affected versions are Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0.
CVE ID: CVE-2023-35138 (Critical)
An uncontrolled search path element vulnerability has been discovered in Pandora FMS. The affected versions are Pandora FMS: from 700 through 773.
CVE ID: CVE-2023-41790 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress. The affected versions are Drag and Drop Multiple File Upload - Contact Form 7 plugin versions up to, and including, 1.3.7.3.
CVE ID: CVE-2023-5822 (Critical)
An OS command injection vulnerability has been discovered in INEA ME RTU firmware. The affected versions are INEA ME RTU firmware 3.36b and prior.
CVE ID: CVE-2023-35762 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Royal Elementor Addons and Templates WordPress plugin. The affected versions are Royal Elementor Addons and Templates before 1.3.79.
CVE ID: CVE-2023-5360 (Critical)
A path traversal vulnerability has been discovered in Franklin Electric Fueling Systems' Equipment- Colibri that can allow obtaining login credentials for other users. All versions of FFS Colibri are affected.
CVE ID: CVE-2023-5885 (Medium)
Multiple vulnerabilities have been discovered in Delta Electronics' Equipment- InfraSuite Device Master that can allow to remotely execute arbitrary code and obtain plaintext credentials. The affected versions are InfraSuite Device Master: 1.0.7 and prior.
CVE ID: CVE-2023-46690 (High), CVE-2023-47207 (Critical), CVE-2023-39226 (Critical), CVE-2023-47279 (High)
An OS command injection vulnerability has been discovered in SmartNode SN200. The affected version is SmartNode SN200 3.21.2-23021.
CVE ID: CVE-2023-41109 (Critical)
Cybersecurity & Infrastructure Security Agency (CISA) has released guidelines for providers of any systems that use Artificial Intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others.The guidelines are broken down into four key areas within the AI system development life cycle- secure design, secure development, secure deployment and secure operation & maintenance. Implementing these guidelines will help providers build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties.
A buffer overflow vulnerability has been discovered in SerialiseValue of RenderDoc. The affected versions are RenderDoc before 1.27.
CVE ID: CVE-2023-33863 (Critical)
A buffer overflow vulnerability has been discovered in ReadyMedia. The affected versions are ReadyMedia from 1.1.15 up to 1.3.2.
CVE ID: CVE-2023-33476 (Critical)
An unauthorized password resets vulnerability has been discovered in AppPresser plugin for WordPress. The affected versions are AppPresser plugin versions up to, and including 4.2.5.
CVE ID: CVE-2023-4214 (Critical)
A vulnerability has been discovered in the captive portal of OpenNDS. The affected versions are OpenNDS before version 10.1.3.
CVE ID: CVE-2023-41101 (Critical)
A SQL Injection vulnerability has been discovered in Veribilim Software Computer Veribase. The affected versions are Veribase through 20231123.
CVE ID: CVE-2023-3377 (Critical)
An OS commands injection vulnerability has been discovered in OpenNDS Captive Portal.The affected versions are OpenNDS Captive Portal before version 10.1.2.
CVE ID: CVE-2023-38316 (Critical)
A vulnerability has been discovered in EPMM that enables unauthorized access and potential misuse of user accounts and resources. The affected versions are EPMM 11.10, 11.9, 11.8 and older.
CVE ID: CVE-2023-39335 (Critical)
Foxit has released updated Foxit PDF Reader 2023.3, Foxit PDF Editor 2023.3, Foxit PDF Editor for Mac 2023.3, and Foxit PDF Reader for Mac 2023.3 to resolve multiple vulnerabilities.
A vulnerability has been discovered in Concrete CMS that allows unauthorized access because directories can be created with insecure permissions. The affected versions are Concrete CMS before 8.5.13 and 9.x before 9.2.2.
CVE ID: CVE-2023-48648 (Critical)
An elevation of privilege vulnerability has been discovered in .NET, .NET Framework, and Visual Studio. Security updates are available.
CVE ID: CVE-2023-36049 (Critical)
LockBit 3.0 ransomware is exploiting a sensitive information disclosure vulnerability (CVE-2023-4966) labeled as Citrix Bleed, affecting Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. Citrix Bleed, known to be leveraged by LockBit 3.0 affiliates, allows threat actors to bypass password requirements & Multi Factor Authentication (MFA), which leads to successful session hijacking of legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and Gateway appliances. CISA has released a joint cybersecurity advisory to disseminate IOCs, TTPs, and detection methods associated with LockBit 3.0 ransomware.
A vulnerability has been discovered in WAGO's Equipment- PFC200 Series that allows with administrative privileges to access sensitive files in an unintended, undocumented way.
CVE ID: CVE-2023-4089 (Low)
Multiple vulnerabilities such as stack based buffer overflow, out of bounds write, and improper access control have been discovered in Fuji Electric's Equipment- Tellus Lite V-Simulator. The affected versions are Tellus Lite V-Simulator prior to V4.0.19.0. Security updates are available.
CVE ID: CVE-2023-35127 (High), CVE-2023-40152 (High), CVE-2023-5299 (High)
The unprotected alternate channel and OS command injection vulnerabilities have been discovered in Rockwell Automation's Equipment- Stratix 5800 and Stratix 5200. All versions of Stratix 5800 and Stratix 5200 are affected. The mitigation is available.
CVE ID: CVE-2023-20198 (Critical), CVE-2023-20273 (High)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 115.5, Firefox for iOS 120, Firefox 115.5, and Firefox 120. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-6204 (High), CVE-2023-6205 (High), CVE-2023-6206 (High), CVE-2023-6207 (High), CVE-2023-6208 (Medium), CVE-2023-6209 (Medium), CVE-2023-6210 (Low), CVE-2023-6211 (Low), CVE-2023-6212 (High), CVE-2023-6213 (High), CVE-2023-49060 (High), CVE-2023-49061 (Medium)
An out-of-bounds write vulnerability has been discovered in Zyxel Windows-based SecuExtender SSL VPN Client software. The affected products are Zyxel SecuExtender SSL VPN Client V4.0.4.0 (for Windows). Zyxel has released security patches to address this vulnerability.
CVE ID: CVE-2023-5593
A spoofing vulnerability has been discovered in Jupyter Extension for Visual Studio Code. Security updates are available.
CVE ID: CVE-2023-36018 (Critical)
A path traversal vulnerability has been discovered in Samba that can result in SMB clients connecting as root to Unix domain sockets outside the private directory. The affected products are all Samba versions, starting with 4.16.0. Security updates are available.
CVE ID: CVE-2023-3961 (Critical)
Multiple Denial-of-service (DoS) vulnerabilities due to improper input validation have been discovered in the simulation function of Mitsubishi Electric's GX Works2. All versions of GX Works2 are affected.
CVE ID: CVE-2023-5274 (Low), CVE-2023-5275 (Low)
A vulnerability has been discovered in RedisGraph that allows to execute arbitrary code and can cause Denial of Service (DoS) via a crafted string. The affected version is RedisGraph v.2.12.10.
CVE ID: CVE-2023-47003 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Yii. The affected versions are yiisoft/yii before version 1.1.29.
CVE ID: CVE-2023-47130 (Critical)
A permissive cross-domain policy with untrusted domain vulnerability has been discovered in Fortinet products. The affected versions are Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1.
CVE ID: CVE-2023-25603 (Critical)
An OS command injection vulnerability has been discovered in Fortinet FortiSIEM. The affected versions are Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2.
CVE ID: CVE-2023-36553 (Critical)
A SQL injection vulnerability has been discovered in Fortinet FortiWLM. The affected versions are Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2.
CVE ID: CVE-2023-34991 (Critical)
A code Injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE ID: CVE-2023-6126 (Critical)
A structured Exception Handler (SEH) based buffer overflow vulnerability has been discovered in COMOS. All versions of COMOS below V10.4.4 are affected.
CVE ID: CVE-2023-43504 (Critical)
An incorrect access control vulnerability has been discovered in the SecPro product's EMSigner that allows the access accounts of all registered users, including those with administrator privileges via a crafted password reset token. The affected version is EMSigner v2.8.7.
CVE ID: CVE-2023-43902 (Critical)
An arbitrary code execution vulnerability has been discovered in Langchain. The affected version is Langchain v.0.0.171.
CVE ID: CVE-2023-36281 (Critical)
An integer underflow and out-of-bounds vulnerability has been discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd.
CVE ID: CVE-2023-38427 (Critical)
An arbitrary code execution vulnerability has been discovered in Langchain. The affected version is Langchain v.0.0.171.
CVE ID: CVE-2023-34540 (Critical)
Trellix has released a security updates to address Cross-Site Request Forgery (CSRF) and URL redirection to untrusted site vulnerabilities in ePolicy Orchestrator "On-Premises". The affected versions are ePolicy Orchestrator "On-Premises" prior to 5.10.0 SP1 UP2.
CVE ID: CVE-2023-5444 (High), CVE-2023-5445 (Medium)
An improper access control vulnerability has been discovered in ASUSTeK COMPUTER RT-AC87U. All versions of RT-AC87U are affected.
CVE ID: CVE-2023-47678 (Medium)
Multiple vulnerabilities have been discovered in Citrix Hypervisor 8.2 CU1 LTSR and Intel. Citrix has released security updates to address these vulnerabilities.
CVE ID: CVE-2023-23583 (High), CVE-2023-46835 (High)
Rhysida ransomware is leveraging external-facing remote services such as VPN, by authenticating to internal VPN access points with compromised valid credentials for initial access. Adversary has exploited vulnerabilities for lateral movement & for persistence within a network. Rhysida ransomware is showing similarities with Vice Society ransomware aka DEV-0832.
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20265 (Medium), CVE-2023-20084 (Medium), CVE-2023-20208 (Medium), CVE-2023-20272 (Medium), CVE-2023-20274 (Medium), CVE-2023-20240 (Medium), CVE-2023-20241 (Medium)
Drupal has released security updates to address faulty payment confirmation logic vulnerability in Mollie for Drupal, a third-party library used in it.
A vulnerability has been discovered in ASUS RT-AX57 that allows to execute arbitrary code via a crafted request. The affected version is ASUS RT-AX57 v.3.0.0.4_386_52041.
CVE ID: CVE-2023-47008 (Critical)
A vulnerability has been discovered in ASUS RT-AX57 that allows to execute arbitrary code via a crafted request. The affected version is ASUS RT-AX57 v.3.0.0.4_386_52041.
CVE ID: CVE-2023-47007 (Critical)
A vulnerability has been discovered in ASUS RT-AX57 that allows to execute arbitrary code via a crafted request. The affected version is ASUS RT-AX57 v.3.0.0.4_386_52041.
CVE ID: CVE-2023-47006 (Critical)
A vulnerability has been discovered in ASUS RT-AX57 that allows to execute arbitrary code via a crafted request. The affected version is ASUS RT-AX57 v.3.0.0.4_386_52041.
CVE ID: CVE-2023-47005 (Critical)
SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-40309 (Critical), CVE-2023-31403 (Critical), CVE-2023-42477 (Medium), CVE-2023-41366 (Medium), CVE-2023-42480 (Medium)
Foxit has released updated Foxit PDF Editor 13.0.1 to resolve multiple vulnerabilities in Foxit PDF Editor 13.0.0.21632, 12.1.3.15356 & all previous 12.x versions, 11.2.7.53812 & all previous 11.x versions, 10.1.12.37872 and earlier.
Microsoft has released updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-36028 (Critical), CVE-2023-36397 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-44350 (Critical), CVE-2023-44351 (Critical), CVE-2023-44324 (Critical)
Multiple vulnerabilities have been discovered in FortiOS and FortiProxy. Security updates are available.
CVE ID: CVE-2023-36641 (Medium), CVE-2023-28002 (Medium), CVE-2023-38545 (High)
VMware has released security updates to address an authentication bypass vulnerability in VMware Cloud Director Appliance (VCD Appliance). An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-34060 (Critical)
Google has released Chrome 119 (119.0.6045.163) for Android, Extended Stable channel 118.0.5993.144 for Windows & Mac, Chrome Stable 119 (119.0.6045.169) for iOS, Stable channel 119.0.6045.159 for Mac & Linux & 119.0.6045.159/.160 for Windows and Stable channel OS version: 15633.44.0 Browser version: 119.0.6045.158 for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-21216 (Medium), CVE-2023-5996 (High), CVE-2023-35685 (High), CVE-2023-4244 (Medium), CVE-2023-5197 (Medium), CVE-2023-40113 (Critical), CVE-2023-40109 (High), CVE-2023-40114 (High), CVE-2023-40110 (High), CVE-2023-40112 (High), CVE-2023-40118 (Medium), CVE-2023-5997 (High), CVE-2023-6112 (High)
A Remote Code Execution (RCE) vulnerability discovered in Apache ActiveMQ affects multiple Hitachi products. The affected products are Ellipse Pre 9.0.41, Asset Suite 9.6.3.x and 9.6.4, and Asset Suite 9.6.3.x and 9.6.4. The mitigations are available.
CVE ID: CVE-2023-46604 (Critical)
A path traversal vulnerability has been discovered in SysAid On-Premise. The affected versions are SysAid On-Premise before 23.3.36.
CVE ID: CVE-2023-47246 (Critical)
A vulnerability has been discovered in BoltWire that allows to obtain sensitive information via a crafted payload to the view and change admin password function. The affected version is BoltWire v.6.03.
CVE ID: CVE-2023-46501 (Critical)
A heap based buffer overflow vulnerability has been discovered in Videolan VLC. The affected versions are Videolan VLC prior to version 3.0.20.
CVE ID: CVE-2023-47359 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in the Java OpenWire protocol marshaller. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3.
CVE ID: CVE-2023-46604 (Critical)
A vulnerability has been discovered in lmxcms that allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. The affected version is lmxcms v.1.41.
CVE ID: CVE-2023-46958 (Critical)
A vulnerability has been discovered in Dromara Lamp-Cloud. The affected versions are Dromara Lamp-Cloud before v3.8.1.
CVE ID: CVE-2023-31579 (Critical)
A vulnerability has been discovered in Franklin Fueling System TS-550 that allow attackers to decode admin credentials. The affected versions are Franklin Fueling System TS-550 versions prior to 1.9.23.8960.
CVE ID: CVE-2023-5846 (Critical)
A stack buffer overflow vulnerability has been discovered in AsfSecureBootDxe of Insyde InsydeH2O. The affected versions are Insyde InsydeH2O with kernel 5.0 through 5.5.
CVE ID: CVE-2023-39281 (Critical)
Insufficient Session Expiration vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository thorsten/phpmyfaq prior to 3.2.2.
CVE ID: CVE-2023-5865 (Critical)
Microsoft has released Microsoft Edge Stable Channel (Version 119.0.2151.58) and Extended Stable Channel (Version 118.0.2088.102) to resolve multiple vulnerabilities.
CVE ID: CVE-2023-36014 (High), CVE-2023-36024 (High)
Multiple vulnerabilities have been discovered in Hitachi Energy's Equipment- eSOMS. The affected versions are Hitachi Energy eSOMS: v6.3.13 and prior.
CVE ID: CVE-2023-5514 (Medium), CVE-2023-5515 (Medium), CVE-2023-5516 (Medium)
Google has released Dev channel 121.0.6115.2 for Windows, Mac and Linux, Chrome Beta 120 (120.0.6099.19) for Android, and Chrome Beta 120 (120.0.6099.16) for iOS.
Palo Alto Networks has released security updates to resolve a local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system. The affected version is Cortex XSOAR 6.10.
CVE ID: CVE-2023-3282 (Medium)
Remote Code Execution vulnerability has been discovered in Remote Desktop Manager. The affected versions are Remote Desktop Manager 2023.2.33 and earlier on Windows.
CVE ID: CVE-2023-5766 (Critical)
Improper access control vulnerability has been discovered in the password analyzer feature of Devolutions Remote Desktop Manager. The affected versions are Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows.
CVE ID: CVE-2023-5765 (Critical)
Arbitrary code execution vulnerability has been discovered in franfinance. The affected versions are franfinance before v.2.0.27.
CVE ID: CVE-2023-43139 (Critical)
Improper Input Validation vulnerability has been discovered in GitHub repository. The affected version is GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
CVE ID: CVE-2023-5832 (Critical)
Insufficient Session Expiration vulnerability has been discovered in GitHub repository. The affected version is GitHub repository linkstackorg/linkstack prior to v4.2.9.
CVE ID: CVE-2023-5838 (Critical)
Drupal has released security updates to resolve Cross Site Request Forgery and Access bypass vulnerabilities in GraphQL, third-party library used in it.
Foxit has released updated Foxit PDF Editor for Mac 13.0.1 to resolve multiple vulnerabilities in Foxit PDF Editor for Mac 13.0.0.61829, 12.1.1.55342 and all previous 12.x versions, 11.1.5.0913 and earlier.
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-11-05 or later, address all of these issues.
An arbitrary code execution vulnerability has been discovered in EC-CUBE 3 series and 4 series. The affected versions are EC-CUBE 4 series: EC-CUBE 4.0.0 to 4.0.6-p3, EC-CUBE 4.1.0 to 4.1.2-p2, EC-CUBE 4.2.0 to 4.2.2 and EC-CUBE 3 series: EC-CUBE 3.0.0 to 3.0.18-p6.
CVE ID: CVE-2023-46845 (High)
Google has released Beta channel OS version 15633.37.0 Browser version 119.0.6045.116 for most ChromeOS devices, Extended Stable channel 118.0.5993.136 for Windows & Mac, Stable channel 119.0.6045.123 for Mac and Linux & 119.0.6045.123/.124 for Windows and LTS channel 114.0.5735.339 (Platform Version 15437.76.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-5472 (High), CVE-2023-5481 (Medium), CVE-2023-5474 (Medium), CVE-2023-35688 (High), CVE-2023-21401 (High), CVE-2023-21263 (High), CVE-2023-38545 (High), CVE-2023-5996 (High)
An uncontrolled search path element vulnerability has been discovered in General Electric's Equipment- MiCOM S1 Agile that allows to upload malicious files and achieve code execution. All versions of General Electric MiCOM S1 Agile are affected.
CVE ID: CVE-2023-0898 (Medium)
A command injection vulnerability has been discovered in TOTOLINK X6000R. The affected versions are TOTOLINK X6000R V9.4.0cu.852_B20230719.
CVE ID: CVE-2023-46979 (Critical)
A stack overflow vulnerability has been discovered in TOTOLINK LR1200GB. The affected versions are TOTOLINK LR1200GB V9.1.0u.6619_B20230130.
CVE ID: CVE-2023-46977 (Critical)
An improper input validation vulnerability has been discovered in the Apache Software Foundation Apache Traffic Server. The affected versions are Apache Traffic Server through 9.2.1.
CVE ID: CVE-2023-33934 (Critical)
A buffer overflow vulnerability has been discovered in D-Link devices that can allow execution of arbitrary code. The affected versions are D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before.
CVE ID: CVE-2023-45580 (Critical)
A buffer overflow vulnerability has been discovered in DreamSecurity MagicLine4NX that allows an attacker to remotely execute code. The affected versions are DreamSecurity MagicLine4NX 1.0.0.1 to 1.0.0.26.
CVE ID: CVE-2023-45797 (Critical)
A buffer overflow vulnerability has been discovered in D-Link devices that can allow execution of arbitrary code. The affected versions are D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before.
CVE ID: CVE-2023-45573 (Critical)
A SQL injection vulnerability has been discovered in the WP Job Portal WordPress plugin. The affected versions are WP Job Portal WordPress plugin before 2.0.6.
CVE ID: CVE-2023-4490 (Critical)
Microsoft has released Microsoft Edge Stable Channel (Version 119.0.2151.44) to resolve multiple vulnerabilities.
CVE ID: CVE-2023-36022 (Medium), CVE-2023-36029 (Medium), CVE-2023-36034 (Medium)
An improper neutralization of null byte or NUL character vulnerability has been discovered in Red Lion's Equipment- FlexEdge Gateway, DA50A, DA70A running Crimson. The affected versions are Red Lion Crimson: v3.2.0053.18 or prior.
CVE ID: CVE-2023-5719 (High)
Multiple vulnerabilities have been discovered in Moxa's PT-G503 Series. The affected versions are PT-G503 Series firmware version v5.2 and prior.
CVE ID: CVE-2005-4900 (Medium), CVE-2015-9251 (Medium), CVE-2019-11358 (Medium), CVE-2020-11022 (Medium), CVE-2020-11023 (Medium), CVE-2023-4217 (Low), CVE-2023-5035 (Low)
Multiple vulnerabilities have been discovered in several Cisco products. Security updates are available.
CVE ID: CVE-2023-44487 (High), CVE-2023-20086 (High), CVE-2023-20095 (High), CVE-2023-20228 (Medium)
A Denial of Service (DoS) vulnerability due to insufficient verification of data authenticity has been discovered in the MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules.
CVE ID: CVE-2023-4699 (Critical)
A Denial of Service (DoS) vulnerability has been discovered due to improper restriction of excessive authentication attempts in the Web server function of the MELSEC iQ-F Series CPU module.
CVE ID: CVE-2023-4625
A critical vulnerability has been discovered in the web services interface of Cisco Firepower Management Center (FMC) Software. This vulnerability could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software.
CVE ID: CVE-2023-20048 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Google has released Chrome Beta 120 (120.0.6099.4) for Android, Chrome Beta channel 120.0.6099.5 for Windows, Mac & Linux, Beta channel to OS version: 15633.30.0 Browser version: 119.0.6045.104 for most ChromeOS devices and Extended Stable channel to 118.0.5993.129 for Windows & Mac.
Multiple vulnerabilities have been discovered in Zavio IP Camera. Successful exploitation of these vulnerabilities could allow Remote Code Execution (RCE).
CVE ID: CVE-2023-3959 (Critical), CVE-2023-45225 (Critical), CVE-2023-43755 (Critical),CVE-2023-39435 (High), CVE-2023-4249 (High)
Multiple vulnerabilities have been discovered in INEA's ME RTU Equipment that can cause Remote Code Execution (RCE). The affected version is ME RTU 3.36b and prior.
CVE ID: CVE-2023-35762 (Critical), CVE-2023-29155 (Critical)
Dell has released security updates for Dell SupportAssist for Home PCs and Dell SupportAssist for Business PCs user interface component. Successful exploitation may allow to compromise the affected system.
CVE ID: CVE-2023-44283 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-24998 (High), CVE-2016-0321 (Medium), CVE-2023-26049 (Medium), CVE-2023-26048 (Medium)
Dell has released security updates for Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) to resolve multiple vulnerabilities.
Dell has released security updates for Dell Connectrix (Brocade) for Multiple Vulnerabilities. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Google has released Stable channel 118.0.5993.123/124 (Platform version: 15604.56/57.0) for most ChromeOS devices and Chrome Beta 119 (119.0.6045.66) for Android.
Debian has released a security update to resolve a vulnerability in the OpenJDK Java runtime which may result in Denial of Service (DoS).
CVE ID: CVE-2023-22081
Debian has released a security update to resolve a vulnerability in node-browserify-sign. Successful exploitation of vulnerability may lead to a signature forgery attack.
CVE ID: CVE-2023-46234
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility. This vulnerability may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.
CVE ID: CVE-2023-46748 (High)
An unauthenticated Remote Code Execution (RCE) vulnerability has been discovered in BIG-IP Configuration Utility. This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.
CVE ID: CVE-2023-46747 (Critical)
Dell has released security updates to address multiple security vulnerabilities in several products. These vulnerabilities could be exploited by malicious users to compromise the affected system.
A local privilege escalation vulnerability has been discovered in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions. Security updates are available.
CVE ID: CVE-2023-44219
A DLL search order hijacking vulnerability has been discovered in SonicWall NetExtender Windows (32 and 64-bit) client 10.2.336 and earlier versions. Successful exploitation may result in command execution in the target system. Security updates are available.
CVE ID: CVE-2023-44220
Apple has released security updates to address multiple vulnerabilities in iOS and iPadOS versions 17.1, 16.7.2 and 15.8, macOS Sonoma 14.1, macOS Ventura 13.6.1, macOS Monterey 12.7.1,tvOS 17.1, watchOS 10.1 and Safari 17.1.
A critical vulnerability has been discovered in IBM CloudPak for Watson AIOps version 4.2.1. This vulnerability could be exploited by remote attacker to gain elevated privileges on the system.
CVE ID: CVE-2023-41419 (Critical)
Google has released Chrome 119 (119.0.6045.53) for Android, Chrome Beta 119 (119.0.6045.53) for Android, Beta channel OS version: 15633.23.0Browser version: 119.0.6045.38 for most ChromeOS devices, Chrome Beta 119 (119.0.6045.40) for iOS and Chrome Stable 119 (119.0.6045.41) for iOS.
An out-of-bounds write vulnerability (CVE-2023-34048) and a partial information disclosure vulnerability (CVE-2023-34056) have been discovered in vCenter Server.Updates are available to remediate these vulnerabilities in affected VMware products.
CVE ID: CVE-2023-34048 (Critical), CVE-2023-34056 (Critical)
A vulnerability has been discovered in the processing of key and initialisation vector (IV) lengths. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
CVE ID: CVE-2023-5363
Multiple NetApp products incorporate Undertow. Undertow versions prior to 2.2.24 and 2.3.0 prior to 2.3.5 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS).
CVE ID: CVE-2023-1108 (High)
Unprotected Alternate Channel vulnerability has been discovered in Rockwell Automation's Equipment: Stratix 5800 and Stratix 5200. All versions are affected.
CVE ID: CVE-2023-20198 (Critical)
Mozilla has released security update for Firefox which addresses multiple vulnerabilities. Updated version is Firefox 119.
CVE ID: CVE-2023-5721, CVE-2023-5722, CVE-2023-5723, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726, CVE-2023-5727CVE-2023-5728, CVE-2023-5729, CVE-2023-5730, CVE-2023-5731
Mozilla has released security update for Thunderbird which addresses multiple vulnerabilities. Fixed version is Thunderbird 115.4.1.
CVE ID: CVE-2023-5732, CVE-2023-5730, CVE-2023-5728, CVE-2023-5727, CVE-2023-5726, CVE-2023-5725, CVE-2023-5724, CVE-2023-5721
Dell has released security updates to address multiple security vulnerabilities in Dell Unity, Unity VSA and Unity XT. These vulnerabilities could be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2023-43074, CVE-2023-43065, CVE-2023-43066, CVE-2023-43067
OS command injection vulnerability has been discovered in web2py. The affected versions are web2py 2.24.1 and earlier.
CVE ID: CVE-2023-45158 (Critical)
SQL injection vulnerability has been discovered in WP Job Portal WordPress plugin. The affected versions are WP Job Portal WordPress plugin before 2.0.6.
CVE ID: CVE-2023-4490 (Critical)
Authentication Bypass by Spoofing vulnerability has been discovered in Neutron Smart VMS. The affected versions are Neutron Smart VMS: before b1130.1.0.1.
CVE ID: CVE-2023-4178 (Critical)
A vulnerability has been discovered in Splunk Enterprise that allows an attacker to execute a specially crafted query that they can then use to serialize untrusted data. The affected versions are Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1.
CVE ID: CVE-2023-40595 (Critical)
A local file inclusion vulnerability has been discovered in Raffle Draw System. The affected version is Raffle Draw System v1.0.
CVE ID: CVE-2023-24202 (Critical)
Multiple denial of service vulnerabilities have been discovered in Jenkins bundles Winstone-Jetty. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2023-36478 (High), CVE-2023-44487 (High)
The Phishing Prevention Guidance was created by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) to outline phishing techniques malicious actors commonly use and to provide guidance for both network defenders and software manufacturers.
Improper Input Validation vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk Linx. The affected versions are FactoryTalk Linx: v6.20 and prior.
CVE ID: CVE-2023-29464 (High)
Oracle has released its critical patch update for October 2023 to address 387 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-34034 (Critical), CVE-2023-38408 (Critical), CVE-2022-42920 (Critical), CVE-2022-36944 (Critical), CVE-2021-41945 (Critical), CVE-2023-23914 (Critical), CVE-2023-22946 (Critical), CVE-2022-1471 (Critical), CVE-2023-20873 (Critical), CVE-2023-39022 (Critical), CVE-2023-22072 (Critical), CVE-2023-22069 (Critical), CVE-2023-22089 (Critical), CVE-2022-26612 (Critical), CVE-2022-33980 (Critical), CVE-2023-25690 (Critical), CVE-2022-42920 (Critical)
Server-Side Request Forgery (SSRF) vulnerability has been discovered in GitHub repository. The affected version is GitHub repository vriteio/vrite prior to 0.3.0.
CVE ID: CVE-2023-5572 (Critical)
SQL Injection vulnerability has been discovered in Biltay Technology Procost. The affected versions are Biltay Technology Procost: before 1390.
CVE ID: CVE-2023-5046 (Critical)
A vulnerability has been discovered in Thecosy IceCMS that allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting. The affected version is Thecosy IceCMS v.1.0.0.
CVE ID: CVE-2023-40833 (Critical)
Google has released Chrome 118 (118.0.5993.80) for Android, Beta channel OS version: 15633.13.0 Browser version: 119.0.6045.23 for most ChromeOS devices, Stable channel 118.0.5993.88 for Mac and Linux and 118.0.5993.88/.89 for Windows, and Chrome Stable 118 (118.0.5993.92) for iOS.
A vulnerability has been discovered in the web UI feature of Cisco IOS XE Software that allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
CVE ID: CVE-2023-20198 (Critical)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection,Command Line Execution through SQL Injection.This issue affects Procost: before 1390.
CVE ID: CVE-2023-5046 (Critical)
Improper Authentication vulnerability has been discovered in Mitsubishi Electric's MELSEC-F series that allows information disclosure, information tampering and authentication bypass. All versions of MELSEC-F series are affected.
CVE ID: CVE-2023-4562 (Critical)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection,Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286.
CVE ID: CVE-2023-5045 (Critical)
Dell has released security updates to address multiple security vulnerabilities in VxRail. These vulnerabilities could be exploited by malicious users to compromise the affected system.
An undefined permissions vulnerability has been discovered in the MeeTime module. Successful exploitation of this vulnerability will affect availability and confidentiality in affected product.
CVE ID: CVE-2023-44118 (Critical)
Vulnerability of access permissions not being strictly verified in the APPWidget module. Successful exploitation of this vulnerability may cause some apps to run without being authorized.
CVE ID: CVE-2023-44116 (Critical)
Vulnerability of defects introduced in the design process in the screen projection module. Successful exploitation of this vulnerability may affect service availability and integrity.
CVE ID: CVE-2023-44107 (Critical)
Vulnerability of permissions not being strictly verified in the window management module. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE ID: CVE-2023-44105 (Critical)
SQL injection vulnerability has been discovered in Prixan prixanconnect. The affected versions are Prixan prixanconnect up to v1.62.
CVE ID: CVE-2023-40920 (Critical)
An undefined permissions vulnerability has been discovered in the MeeTime module. Successful exploitation of this vulnerability will affect availability and confidentiality in affected product.
CVE ID: CVE-2023-44118 (Critical)
Vulnerability of access permissions not being strictly verified in the APPWidget module. Successful exploitation of this vulnerability may cause some apps to run without being authorized.
CVE ID: CVE-2023-44116 (Critical)
Vulnerability of defects introduced in the design process in the screen projection module. Successful exploitation of this vulnerability may affect service availability and integrity.
CVE ID: CVE-2023-44107 (Critical)
Vulnerability of permissions not being strictly verified in the window management module. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE ID: CVE-2023-44105 (Critical)
Google has released Dev channel OS version: 15633.10.0 Browser version: 119.0.6045.16 for most ChromeOS devices, Chrome Beta 119 (119.0.6045.17) for Android, and Chrome Beta 119 (119.0.6045.18) for iOS.
A denial-of-service (DoS) vulnerability known as Rapid Reset has been discovered in HTTP/2 protocol because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE ID: CVE-2023-44487
SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CISA, the Federal Bureau of Investigation, the National Security Agency, and the U.S. Department of the Treasury released a guidance on improving the security of open source software (OSS) in operational technology (OT) and industrial control systems (ICS).
Google has released Chrome 118 (118.0.5993.65) for Android, Chrome Stable 118 (118.0.5993.69) for iOS, Stable channel 118.0.5993.70 for Mac and Linux and 118.0.5993.70/.71 for Windows, and Extended Stable channel 118.0.5993.71 for Windows and 118.0.5993.70 for Mac.
CVE ID: CVE-2023-5218 (Critical), CVE-2023-5487 (Medium), CVE-2023-5484 (Medium), CVE-2023-5475 (Medium), CVE-2023-5483 (Medium), CVE-2023-5481 (Medium), CVE-2023-5476 (Medium), CVE-2023-5474 (Medium), CVE-2023-5479(Medium), CVE-2023-5485 (Low), CVE-2023-5478 (Low), CVE-2023-5477 (Low), CVE-2023-5486 (Low), CVE-2023-5473 (Low)
Multiple vulnerabilities have been discovered in FortiOS and FortiProxy. Security updates are available.
CVE ID: CVE-2023-41675 (Medium), CVE-2023-36555 (Low), CVE-2023-41841 (High), CVE-2023-37935 (Medium), CVE-2023-33301 (Medium)
Microsoft has released updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-35349 (Critical), CVE-2023-36434 (Critical)
A directory traversal vulnerability has been discovered in BIG-IP Configuration Utility that allow an authenticated attacker to execute commands on the BIG-IP system.Â
CVE ID: CVE-2023-41373 (Critical)
A vulnerability has been discovered in Simcenter Amesim that allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. The affected versions are Simcenter Amesim below V2021.1.Â
CVE ID: CVE-2023-43625 (Critical)
Stack overflow vulnerability has been discovered in D-Link in the cancelPing function. The affected version is D-Link DIR-820L 1.05B03.
CVE ID: CVE-2023-44807 (Critical)
Stack overflow vulnerability has been discovered in IBM Robotic Process Automation. The affected version is IBM Robotic Process Automation 23.0.9.
CVE ID: CVE-2023-43058 (Critical)
OS Command Injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository sbs20/scanservjs prior to v2.27.0.
CVE ID: CVE-2023-2564 (Critical)
Code Injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository builderio/qwik prior to 0.21.0.
CVE ID: CVE-2023-1283 (Critical)
Multiple vulnerabilities have been discovered in Citrix Hypervisor, NetScaler ADC and NetScaler Gateway. The security updates are available for Citrix Hypervisor.
CVE ID: CVE-2022-1304 (High), CVE-2023-20588 (High), CVE-2023-34324 (High), CVE-2023-34326 (High), CVE-2023-34327 (High), CVE-2023-4966 (Critical), CVE-2023-4967 (High)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2023-43625 (Critical), CVE-2023-22779 (Critical), CVE-2023-22780 (Critical), CVE-2023-22781 (Critical), CVE-2023-22782 (Critical), CVE-2023-22783 (Critical), CVE-2023-22784 (Critical), CVE-2023-22785 (Critical), CVE-2023-22786 (Critical), CVE-2023-3935 (Critical), CVE-2023-36380 (Critical)
Schneider Electric's has released security updates to address multiple vulnerabilities in SpaceLogic C-Bus Toolkit products and EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation products.
CVE ID: CVE-2023-5391 (Critical), CVE-2023-5402 (Critical), CVE-2023-5399 (Critical)
Google has released Chrome Beta 119 (119.0.6045.11) for Android, Dev channel OS version: 15633.6.0 Browser version: 119.0.6045.10 for most ChromeOS devices, and Dev channel 120.0.6051.2 for Windows, Mac and Linux.
A vulnerability has been discovered in Atos Unify OpenScape Session Border Controller that allows execution of administrative scripts by unauthenticated users. The affected versions are Atos Unify OpenScape Session Border Controller through V10 R3.01.03.
CVE ID: CVE-2023-36619 (Critical)
Stack-based buffer overflow vulnerability has been discovered in Easy Chat Server. The affected version is Easy Chat Server 3.1.
CVE ID: CVE-2023-4494 (Critical)
Information disclosure and Denial-of-Service (DoS) vulnerabilities due to OpenSSL vulnerabilities have been discovered in Mitsubishi Electric's equipment- CC-Link IE TSN Industrial Managed Switch. All versions of NZ2MHG-TSNT8F2 and NZ2MHG-TSNT4 are affected.
CVE ID: CVE-2022-4304 (Medium), CVE-2022-4450 (Medium)
CISA and NSA have released New Guidance on Identity and Access Management that aims to address risks that threaten critical infrastructure and national security systems.
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-1572 (High), CVE-2023-20259 (High), CVE-2023-20235 (Medium)
Apple has released security updates to address multiple vulnerabilities in iOS 17.0.3 and iPadOS 17.0.3. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-42824, CVE-2023-5217
Google has released Chrome 118 (118.0.5993.48) for Android, Beta channel 118.0.5993.54 for Windows, Mac and Linux, Stable channel 118.0.5993.54 for Windows and Mac, and Chrome Beta 118 (118.0.5993.48) for Android.
OS command injection vulnerability has been discovered in DTS Monitoring. The affected version is DTS Monitoring 3.57.0.
CVE ID: CVE-2023-33273 (Critical)
OS command injection vulnerability has been discovered in GitHub repository. The affected version are GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE ID: CVE-2023-5350 (Critical)
Arbitrary code execution vulnerability has been discovered in mojoPortal. The affected version is mojoPortal v.2.7.0.0.
CVE ID: CVE-2023-44011 (Critical)
Cisco has released security updates to address Static Credentials vulnerability in Cisco Emergency Responder. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-20101 (Critical)
An improper validation of integrity check vulnerability has been discovered in Moxa NPort 5000 Series Firmware. This vulnerability can allow an unauthorized attacker to gain control of a device.
CVE ID: CVE-2023-4929 (Medium)
Google has released Chrome 117 (117.0.5938.153) for Android, and Stable channel 117.0.5938.149 for Mac and Linux and 117.0.5938.149/.150 for Windows.
CVE ID: CVE-2023-5346 (High)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-10-06 or later, address all of these issues.
Microsoft has released Microsoft Edge Stable (Version 117.0.2045.47) and Extended Stable Channel (Version 116.0.1938.98) to resolve vulnerability.
CVE ID: CVE-2023-5217
Mozilla has released security update to address a heap buffer overflow vulnerability in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox Focus for Android 118.1, and Firefox for Android 118.1. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-5217 (Critical)
Google has released Chrome Beta 118 (118.0.5993.32) for Android, Chrome Beta 118 (118.0.5993.29) for iOS, Extended Stable channel 116.0.5845.228 for Windows and Mac, and Beta channel 118.0.5993.32 for Windows, Mac and Linux.
CVE ID: CVE-2023-20252 (Critical), CVE-2023-20253 (High), CVE-2023-20034 (High), CVE-2023-20254 (High), CVE-2023-20262 (Medium)
WS_FTP has released security updates to address multiple vulnerabilities in WS_FTP Server Ad hoc Transfer Module and WS_FTP Server manager interface. All versions of WS_FTP Server are affected.
CVE ID: CVE-2023-40044 (Critical), CVE-2023-42657 (Critical), CVE-2023-40045 (High), CVE-2023-40046 (High), CVE-2023-40047 (High), CVE-2023-40048 (Medium), CVE-2022-27665 (Medium), CVE-2023-40049 (Medium)
Cisco has released security updates to address multiple vulnerabilities in Cisco Catalyst SD-WAN Manager. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20252 (Critical), CVE-2023-20253 (High), CVE-2023-20034 (High), CVE-2023-20254 (High), CVE-2023-20262 (Medium)
Google has released Stable channel has been updated to 117.0.5938.132 for Windows, Mac and Linux. This update contains a fix for CVE-2023-5217, which has an exploit in the wild.
CVE ID: CVE-2023-5217 (High), CVE-2023-5186 (High), CVE-2023-5187 (High)
Google has released Chrome 117 (117.0.5938.140) for Android, and ChromeOS LTS 114.
CVE ID: CVE-2023-4863 (High), CVE-2023-4429 (High), CVE-2023-4572 (High), CVE-2023-4428 (High)
An out of bounds write vulnerability has been discovered in Cisco Group Encrypted Transport VPN (GET VPN) of Cisco IOS and IOS XE Software. A successful exploit can allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. Cisco has discovered attempted exploitation of the GET VPN feature.
CVE ID: CVE-2023-20109 (Medium)
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20231 (High), CVE-2023-20187 (High), CVE-2023-20227 (High), CVE-2023-20223 (High), CVE-2023-20033 (High), CVE-2023-20226 (High), CVE-2023-20186 (High), CVE-2023-20269 (Medium), CVE-2023-20202 (Medium), CVE-2023-20179 (Medium), CVE-2023-20176 (Medium), CVE-2023-20251 (Medium), CVE-2023-20268 (Medium)
VMware has released security updates to address a local privilege escalation vulnerability in VMware Aria Operations. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-34043 (Medium)
Apple has released security updates to address multiple vulnerabilities in iOS 17.0.2 and iPadOS 17.0.2, watchOS 10.0.2, Safari 17, and macOS Sonoma 14. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-40417, CVE-2023-40451, CVE-2023-41074, CVE-2023-35074, CVE-2023-41993, CVE-2023-40384, CVE-2023-32377, CVE-2023-38615, CVE-2023-40448, CVE-2023-40432, CVE-2023-40399, CVE-2023-40410, CVE-2023-32361, CVE-2023-35984, CVE-2023-40402
An out-of-bounds write vulnerability has been discovered in Accusoft ImageGear. The affected version is Accusoft ImageGear 20.1.
CVE ID: CVE-2023-40163 (Critical)
A Remote Code Execution(RCE) vulnerability has been discovered in Docker Desktop. The affected versions are Docker Desktop before 4.12.0.
CVE ID: CVE-2023-0626 (Critical)
A vulnerability has been discovered in Gevent Gevent that allows a remote attacker to escalate privileges. The affected versions are Gevent Gevent before version 23.9.1.
CVE ID: CVE-2023-41419 (Critical)
A missing authorization vulnerability has been discovered in kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.
CVE ID: CVE-2023-41296 (Critical)
A service hijacking vulnerability has been discovered in DP module. Successful exploitation of this vulnerability may affect some Super Device services.
CVE ID: CVE-2023-41294 (Critical)
A vulnerability has been discovered in Real Time Automation's Equipment- 460MCBS which allows to run malicious JavaScript content, resulting in Cross Site Scripting (XSS). The affected versions are Real Time Automation 460 Series prior to v8.9.8.
CVE ID: CVE-2023-4523 (Critical)
A stack based buffer overflow vulnerability has been discovered in Rockwell Automation Logix Communication Modules that causes Remote Code Execution (RCE). The affected products are Rockwell Automation's Equipment- 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK. The mitigations are available.
CVE ID: CVE-2023-2262 (Critical)
An use after free and out of bounds write vulnerabilities have been discovered in Rockwell Automation's Equipment- Connected Components Workbench. The affected versions are Connected Components Workbench prior to R21. The mitigations are available.
CVE ID: CVE-2020-16017 (Critical), CVE-2022-0609 (High), CVE-2020-16009 (High), CVE-2020-16013 (High), CVE-2020-15999 (High)
Rockwell Automation has released security updates to address an improper input validation vulnerability in its equipment- FactoryTalk View Machine Edition. The affected versions are FactoryTalk View Machine Edition: v13.0, v12.0 and prior.
CVE ID: CVE-2023-2071 (Critical)
Apple has released security updates to address multiple vulnerabilities in iOS 17.0.2, Safari 16.6.1, iOS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7, watchOS 10.0.1, watchOS 9.6.3, macOS Ventura 13.6, and macOS Monterey 12.7. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-41991, CVE-2023-41992, CVE-2023-41993
An out of bounds write vulnerability has been discovered in Delta Electronics' Equipment- DIAScreen. The affected versions are DIAScreen prior to v1.3.2.
CVE ID: CVE-2023-5068 (High)
It has been observed that Snatch ransomware is spreading through malicious email attachments to infiltrate into the targeted network. Adversary deletes volume shadow copies from a victim’s filesystem to inhibit system recovery. Snatch ransomware has targeted a wide range of critical infrastructure sectors including the Defense Industrial Base (DIB), Food and Agriculture and Information Technology sectors.
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2023-43494 (Medium), CVE-2023-43495 (High), CVE-2023-43496 (High), CVE-2023-43497 (Low), CVE-2023-43498 (Low), CVE-2023-43499 (High), CVE-2023-43500 (Medium), CVE-2023-43501 (Medium), CVE-2023-43502 (Medium)
ISC has released security updates to address two vulnerabilities affecting multiple versions of the ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-4236 (High), CVE-2023-3341 (High)
Atlassian has released a security bulletin to resolve multiple vulnerabilities affecting its products.
CVE ID: CVE-2022-25647 (High), CVE-2023-22512 (High), CVE-2023-22513 (High), CVE-2023-28709 (High)
Trend Micro has released security updates to address a vulnerability in the 3rd party AV uninstaller module that is provided with the endpoint products for Trend Micro Apex One (on-premise and SaaS), Worry-Free Business Security and Worry-Free Business Security Services (SaaS).
CVE ID: CVE-2023-41179 (Critical)
A remote command execution (RCE) vulnerability has been discovered in FUXA that allows attackers to execute arbitrary commands via a crafted POST request. The affected version is FUXA 1.1.13.
CVE ID: CVE-2023-33831 (Critical)
Improper Input Validation vulnerability has been discovered in Honeywell PM43. The affected versions are PM43 prior to P10.19.050004.
CVE ID: CVE-2023-3710 (Critical)
A vulnerability has been discovered in FRRouting FRR that does not check for an overly large length of the rcv software version. The affected version is FRRouting FRR 9.0. bgpd/bgp_open.c.
CVE ID: CVE-2023-41361 (Critical)
A malicious code execution vulnerability has been discovered in Mitsubishi Electric's FA Engineering software products that can result in information disclosure, tampering with and deletion, or a Denial of Service (DoS) condition. The affected products are all versions of GX Works3. The mitigation is available.
CVE ID: CVE-2023-4088 (Critical)
GitLab has released updated versions 16.3.4 and 16.2.7 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve vulnerability.
CVE ID: CVE-2023-5009 (Critical)
A deserialization of untrusted data vulnerability has been discovered in Adobe ColdFusion. The affected versions are Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier).
CVE ID: CVE-2023-38204 (Critical)
An integer overflow vulnerability has been discovered in mp_grow of libtom libtommath that allows to execute arbitrary code and causes a Denial of Service (DoS). The affected versions are libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9.
CVE ID: CVE-2023-36328 (Critical)
A SQL Injection vulnerability has been discovered in PHPGurukul Online Security Guards Hiring System. The affected version is PHPGurukul Online Security Guards Hiring System v.1.0.
CVE ID: CVE-2023-39551 (Critical)
A buffer overflow vulnerability has been discovered in Artifex Ghostscript. The affected versions are Artifex Ghostscript through 10.01.0.
CVE ID: CVE-2023-28879 (Critical)
A vulnerability has been discovered in SNMP Web Pro that allows to execute arbitrary code and obtain sensitive information via a crafted request. The affected versions are SNMP Web Pro v.1.1.
CVE ID: CVE-2023-39073 (Critical)
An authentication bypass vulnerability has been discovered in Dover Fueling Solutions MAGLINK LX Web Console Configuration. The affected versions are Dover Fueling Solutions MAGLINK LX Web Console Configuration 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3.
CVE ID: CVE-2023-41256 (Critical)
An improper access control vulnerability has been discovered in the Intel(R) Ethernet Controller RDMA driver for Linux. The affected versions are Intel(R) Ethernet Controller RDMA driver for Linux before version 1.9.30.
CVE ID: CVE-2023-25775 (Critical)
An out-of-bounds read vulnerability has been discovered in the Linux kernel. The affected versions are Linux kernel before 6.3.4.
CVE ID: CVE-2023-38426 (Critical)
Microsoft has released Microsoft Edge Stable Channel (Version 109.0.1518.140) to resolve the heap buffer overflow vulnerability in WebP.
CVE ID: CVE-2023-4863
Siemens has released security updates to address local privilege escalation and sensitive information disclosure vulnerabilities in Spectrum Power 7 and SIMATIC PCS neo respectively.
CVE ID: CVE-2023-38557 (High), CVE-2023-38558 (Medium)
Microsoft has released updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in Palo Alto Networks' Cortex XDR Agent and BGP Software. Security updates are available for Cortex XDR Agent.
CVE ID: CVE-2023-3280 (Medium), CVE-2023-38802 (High)
Fortinet has released security updates to address a Stored XSS vulnerability in FortiOS and FortiProxy. The affected versions are FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.11, FortiOS version 6.4.0 through 6.4.12, and FortiOS version 6.2.0 through 6.2.14.
CVE ID: CVE-2023-29183 (High)
Google has released Chrome Beta 118 (118.0.5993.13) for Android, Chrome Beta 118 (118.0.5993.13) for iOS, Stable channel has been updated to 109.0.5414.165 for Windows Server 2012 and Windows Server 2012 R2, Dev channel 118.0.5993.11 for Windows, Mac and Linux, and Chrome Stable 117 (117.0.5938.82) for iOS.
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20135 (Medium), CVE-2023-20236 (Medium), CVE-2023-20233 (Medium), CVE-2023-20191 (Medium), CVE-2023-20190 (Medium)
Google has released Chrome Beta 118 (118.0.5993.13) for Android, Chrome Beta 118 (118.0.5993.13) for iOS, Stable channel 109.0.5414.165 for Windows Server 2012 and Windows Server 2012 R2, Dev channel 118.0.5993.11 for Windows, Mac and Linux and Chrome Stable 117 (117.0.5938.82) for iOS.
SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-40622 (Critical), CVE-2022-41272 (Critical), CVE-2023-25616 (Critical), CVE-2023-40309 (Critical), CVE-2023-42472 (High), CVE-2023-40308 (High)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2023-3338 (Medium), CVE-2023-3389 (High), CVE-2023-3268 (High), CVE-2023-3141 (High), CVE-2023-1095 (Medium)
Adobe has released security updates to address multiple vulnerabilities in Adobe Connect, Adobe Acrobat & Reader and Adobe Experience Manager. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-29305 (Medium), CVE-2023-29306 (Medium), CVE-2023-26369 (High), CVE-2023-38214 (Medium), CVE-2023-38215 (Medium)
Siemens has released security updates to address a heap buffer overflow vulnerability in WIBU systems that affects Siemens products.
CVE ID: CVE-2023-3935 (Critical)
Mozilla has released a security update to address the heap buffer overflow vulnerability in Firefox 117.0.1, Firefox ESR 102.15.1, Firefox ESR 115.2.1, Thunderbird 102.15.1, and Thunderbird 115.2.2. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-4863 (Critical)
Google has released Chrome Stable channel 117.0.5938.62 for Linux & Mac and 117.0.5938.62/.63 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2023-4863, CVE-2023-4900,CVE-2023-4901, CVE-2023-4902, CVE-2023-4903, CVE-2023-4904, CVE-2023-4905, CVE-2023-4906, CVE-2023-4907, CVE-2023-4908, CVE-2023-4909
Schneider Electric's has released security updates to address a missing authentication for critical function vulnerability in IGSS (Interactive Graphical SCADA System) product that can cause Remote Code Execution (RCE). The affected versions are IGSS Update Service v16.0.0.23211 and prior.
CVE ID: CVE-2023-4516 (High)
A heap buffer overflow vulnerability has been discovered in WebP in Google Chrome prior to 116.0.5845.187, that allows to perform out of bounds memory writing via a crafted HTML page. Google has released updated Stable and Extended stable channels 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows to resolve this vulnerability.
Apple has released security updates to address multiple vulnerabilities in macOS Monterey 12.6.9, macOS Big Sur 11.7.10, iOS 15.7.9 and iPadOS 15.7.9. An attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-41064
Google has released Chrome 117 (117.0.5938.60) for Android, Chrome Beta 117 (117.0.5938.60) for Android, Stable and Extended stable channels 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows, and Beta channel OS version: 15572.34.0 Browser version: 117.0.5938.55 for most ChromeOS devices.
CVE ID: CVE-2023-4863 (Critical)
Incorrect access control vulnerability has been discovered in the User Registration page of Crypto Currency Tracker (CCT) that allows unauthenticated attackers to register as an Admin account via a crafted POST request. The affected versions are Crypto Currency Tracker (CCT) before v9.5.
CVE ID: CVE-2023-37759 (Critical)
A memory corruption vulnerability has been discovered in ArubaOS-Switch that can lead to unauthenticated remote code execution by receiving specially crafted packets.
CVE ID: CVE-2023-39268 (Critical)
An unauthenticated blind SQL injection vulnerability has been discovered in ARDEREG Sistema SCADA Central. The affected versions are ARDEREG Sistema SCADA Central versions 2.203 and prior.
CVE ID: CVE-2023-4485 (Critical)
Notepad++ has released a security update to address multiple vulnerabilities in its products.
CVE ID: CVE-2023-40031 (High), CVE-2023-40036 (Medium), CVE-2023-40164 (Medium), CVE-2023-40166 (Medium)
Multiple privilege escalation vulnerabilities have been discovered in Cisco Identity Services Engine (ISE). The updates are available.
CVE ID: CVE-2023-20193 (Medium), CVE-2023-20194 (Medium)
It has been observed that Advanced Persistent Threat (APT) actors have exploited the Remote Code Execution (RCE) vulnerability (CVE-2022-47966) in Multiple Zoho ManageEngine on-premise products and the heap-based buffer overflow vulnerability (CVE-2022-42475 ) in FortiOS SSL-VPN. The mitigations are available.
CVE ID: CVE-2022-47966 (Critical), CVE-2022-42475 (Critical)
Multiple vulnerabilities have been discovered in Dover Fueling Solutions' Equipment- MAGLINK LX - Web Console Configuration that can allow to gain full access to the system. The affected versions are MAGLINK LX Web Console Configuration: version 2.5.1, version 2.5.2, version 2.5.3, version 2.6.1, version 2.11, version 3.0, version 3.2, and version 3.3. The mitigations are available.
CVE ID: CVE-2023-41256 (Critical), CVE-2023-36497 (High), CVE-2023-38256 (Medium)
Google has released Chrome Dev 118 (118.0.5993.2) for Android, Dev channel 118.0.5993.3 for Windows, Mac & Linux and Chrome Beta 117 (117.0.5938.54) for iOS.
Phoenix Contact has released security updates to address Cross Site Scripting (XSS), and XML entity expansion vulnerabilities in its equipment- TC ROUTER and TC CLOUD CLIENT. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-3526 (Critical), CVE-2023-3569 (Medium)
Multiple vulnerabilities have been discovered in Socomec's Equipment- MOD3GP-SY-120K that allows to execute malicious Javascript code, obtain sensitive information, or steal session cookies. The affected versions are MODULYS GP (MOD3GP-SY-120K) Web firmware v01.12.10.
CVE ID: CVE-2023-38582 (Medium), CVE-2023-39446 (High), CVE-2023-41965 (High), CVE-2023-41084 (Critical), CVE-2023-40221 (High), CVE-2023-39452 (High), CVE-2023-38255 (Medium)
WordPress has released a security update to resolve local file inclusion and Remote Code Execution (RCE) vulnerability in Media Library Assistant plugin. The affected versions are Media Library Assistant plugin for WordPress
CVE ID: CVE-2023-4634 (Critical)
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20269 (Medium), CVE-2023-20263 (Medium), CVE-2023-20250 (Medium), CVE-2023-20243 (High)
Cisco has released security updates to address a vulnerability in the Single Sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20238 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-09-05 or later, address all of these issues.
Use of hard coded credentials vulnerability has been discovered in Fujitsu Limited's Equipment- Real-time Video Transmission Gear "IP series" that can result in logging into the web interface using the obtained credentials.
CVE ID: CVE-2023-38433 (Medium)
Three Critical Severity Remote Code Execution (RCE) vulnerabilities have been discovered in ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers. Successful exploitation of vulnerabilities may allow adversaries to hijack devices. The affected products are ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U in firmware versions 3.0.0.4.386_50460, 3.0.0.4.386_50460, and 3.0.0.4_386_51529 respectively.
CVE ID: CVE-2023-39238, CVE-2023-39239, CVE-2023-39240
Google has released Chrome 116 (116.0.5845.172) for Android, Chrome Stable 116 (116.0.5845.177) for iOS and Stable & Extended stable channels 116.0.5845.179 for Mac & Linux & 116.0.5845.179/.180 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2023-4761 (High), CVE-2023-4762 (High), CVE-2023-4763 (High), CVE-2023-4764 (High)
A SQL injection vulnerability has been discovered in Mestav Software E-commerce Software. The affected versions are E-commerce Software: before 20230901.
CVE ID: CVE-2023-4531 (Critical)
A SQL injection vulnerability has been discovered in Digita Information Technology Smartrise Document Management System. The affected versions are Smartrise Document Management System: before Hvl-2.0.
CVE ID: CVE-2023-4034 (Critical)
An OS command injection vulnerability has been discovered in Bookreen. The affected versions are Bookreen: before 3.0.0.
CVE ID: CVE-2023-3375 (Critical)
A privilege escalation vulnerability has been discovered in Bookreen. The affected versions are Bookreen: before 3.0.0.
CVE ID: CVE-2023-3374 (Critical)
A vulnerability has been discovered in LanChain-ai Langchain that allows to execute arbitrary code. The affected version is LanChain-ai Langchain v.0.0.245.
CVE ID: CVE-2023-39631 (Critical)
An arbitrary file upload vulnerability has been discovered in the Carica immagine function of GruppoSCAI RealGimm. The affected version is GruppoSCAI RealGimm 1.1.37p38.
CVE ID: CVE-2023-41637 (Critical)
A SQL injection vulnerability has been discovered in the Data Richiesta dal parameter of GruppoSCAI RealGimm. The affected version is GruppoSCAI RealGimm v1.1.37p38.
CVE ID: CVE-2023-41636 (Critical)
A stack buffer overflow vulnerability has been discovered in PHP. The affected versions are PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8.
CVE ID: CVE-2023-3824 (Critical)
Multiple vulnerabilities have been discovered in Softneta's Equipment- MedDream PACS that allow an attacker to obtain and leak plaintext credentials or remotely execute arbitrary code. The affected versions are MedDream PACS: v7.2.8.810 and prior.
CVE ID: CVE-2023-40150 (Critical), CVE-2023-39227 (Medium)
A vulnerability has been discovered in Wavelink Avalanche Manager that results in service disruption or arbitrary code execution if successfully exploited by a specially crafted message.
CVE ID: CVE-2023-32560 (Critical)
Moxa has released security updates to resolve multiple vulnerabilities in NPort 5600 Series, TN-5900 Series, and TN-4900 Series. The affected versions are NPort 5600 Series version 3.11 and lower, TN-5900 Series version v3.3 and prior versions, and TN-4900 Series version v1.2.4 and prior versions.
CVE ID: CVE-2023-33237 (High), CVE-2023-33238 (High), CVE-2023-33239 (High), CVE-2023-34213 (High), CVE-2023-34214 (High), CVE-2023-34215 (High), CVE-2023-34216 (High), CVE-2023-34217 (High)
Command execution vulnerability has been discovered in Tenda. The affected version is Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin.
CVE ID: CVE-2023-40838 (Critical)
A vulnerability has been discovered in Splunk Enterprise that allow an attacker to execute arbitrary code. The affected versions are Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1.
CVE ID: CVE-2023-40595 (Critical)
Improper Access Control vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository usememos/memos prior to 0.13.2.
CVE ID: CVE-2023-4696 (Critical)
2FA bypass vulnerability has been discovered in Zoho ManageEngine. The affected versions are Zoho ManageEngine ADManager Plus through 7186.
CVE ID: CVE-2023-35785 (Critical)
OS command injection vulnerability has been discovered in D-Link. The affected versions are D-Link DAR-8000-10 up to 20230809.
CVE ID: CVE-2023-4542 (Critical)
Moxa has released security updates to resolve multiple vulnerabilities in MXsecurity Series. The affected versions are MXsecurity Series version v1.0.1 and prior.
CVE ID: CVE-2023-39979 (Critical), CVE-2023-39980 (High), CVE-2023-39981 (High), CVE-2023-39982 (High), CVE-2023-39983 (Medium)
An authentication bypass vulnerability has been discovered in Stripe Payment Plugin for WooCommerce plugin. The affected versions are Stripe Payment Plugin for WooCommerce versions up to, and including, 3.7.7.
CVE ID: CVE-2023-3162 (Critical)
An out of bounds read vulnerability has been discovered in the Linux kernel. The affected versions are Linux kernel before 6.3.10.
CVE ID: CVE-2023-38432 (Critical)
VMware has released security updates to address a SAML token signature bypass vulnerability in VMware Tools. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-20900 (High)
Google has released Chrome Dev 118 (118.0.5977.4) for Android, Dev channel 118.0.5979.0 for Mac and Linux, 118.0.5979.0 /.2 for Windows and Beta channel OS version: 15572.24.0 Browser version 117.0.5938.29 for most ChromeOS devices.
A hard-coded backdoor password vulnerability has been discovered in Motorola MBTS Site Controller Man Machine Interface (MMI).
CVE ID: CVE-2023-23770 (Critical)
An arbitrary file upload vulnerability has been discovered in Forminator plugin. The affected versions are Forminator versions up to, and including, 1.24.6.
CVE ID: CVE-2023-4596 (Critical)
Cisco has released security updates to address a privilege escalation vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20266 (Medium)
Drupal has released security updates to resolve the Cross Site Scripting (XSS) vulnerability in Obfuscate Email, and Unified Twig Extensions, third-party libraries used in it.
Google has released Chrome Beta 117 (117.0.5938.36) for iOS, Chrome Beta 117 (117.0.5938.35) for Android, and Beta channel 117.0.5938.35 for Windows, Mac and Linux.
A SQL injection vulnerability has been discovered in Theme Volty CMS Blog. The affected version is Theme Volty CMS Blog version v4.0.1.
CVE ID: CVE-2023-39650 (Critical)
It has been discovered that a vulnerability in RARLabs WinRAR allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The affected versions are RARLabs WinRAR before 6.23.
CVE ID: CVE-2023-38831 (High)
Juniper has released security updates to address an improper input validation vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved which may cause a Denial of Service (DoS) Condition.
Mozilla has released security updates to resolve multiple vulnerabilities in Thunderbird 115.2, Thunderbird 102.15 and Firefox 117. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-4573 (High), CVE-2023-4574 (High), CVE-2023-4575 (High), CVE-2023-4576 (High), CVE-2023-4577 (High), CVE-2023-4051 (Medium), CVE-2023-4578 (Medium), CVE-2023-4053 (Medium), CVE-2023-4580 (Medium), CVE-2023-4581 (Medium), CVE-2023-4582 (Low), CVE-2023-4583 (Low), CVE-2023-4584 (High), CVE-2023-4585 (High)
A Cross Site Scripting (XSS) vulnerability has been discovered in PTC's Equipment- Codebeamer. The affected versions are Codebeamer v22.10-SP7 or lower, v22.04-SP5 or lower, and v21.09-SP13 or lower. The upgrades are available.
CVE ID: CVE-2023-4296 (High)
Multiple vulnerabilities have been discovered in various versions of OpenSSL library components, which are used in Hitachi Energy's Lumada APM Edge product.
CVE ID: CVE-2023-0215 (High), CVE-2022-4450 (High), CVE-2023-0286 (High), CVE-2022-4304 (Medium)
A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin.
CVE ID: CVE-2023-40846 (Critical)
A SQL Injection vulnerability has been discovered in PHPJabbers Food Delivery Script. The affected version is PHPJabbers Food Delivery Script v3.0.
CVE ID: CVE-2023-40749 (Critical)
VMware has released security updates to address authentication bypass and arbitrary file write vulnerabilities in Aria Operations for Networks. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-34039 (Critical), CVE-2023-20890 (High)
An insufficient filtering vulnerability has been discovered in Saho that can allow to perform arbitrary system commands or disrupt services. The affected products are Saho's attendance devices ADM100 and ADM-100FP.
CVE ID: CVE-2023-38029 (Critical)
An insufficient authentication vulnerability has been discovered in Saho. The affected products are Saho's attendance devices ADM100 and ADM-100FP.
CVE ID: CVE-2023-38028 (Critical)
Security bypass vulnerability has been discovered in Spring Boot. The affected versions are Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions.
CVE ID: CVE-2023-20873 (Critical)
WordPress has released a security update to resolve a reflected Cross Site Scripting (XSS) vulnerability in the Order Tracking Pro plugin. The affected versions are Order Tracking Pro versions up to, and including, 3.3.6.
CVE ID: CVE-2023-4471 (Medium)
WordPress has released a security update to resolve a stored Cross Site Scripting (XSS) vulnerability in the Order Tracking Pro plugin. The affected versions are Order Tracking Pro versions up to, and including, 3.3.6.
CVE ID: CVE-2023-4500 (Medium)
A hard-coded uBoot credentials vulnerability has been discovered in SpotCam FHD 2 that allow to access the system to perform arbitrary system operations or disrupt service.
CVE ID: CVE-2023-38026 (Critical)
An incorrect privilege assignment vulnerability has been discovered in IBM Robotic Process Automation when importing users from an LDAP directory. The affected versions are IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1.
CVE ID: CVE-2023-38734 (Critical)
An unrestricted file upload vulnerability has been discovered in Pandora FMS File Manager component. The affected versions are Pandora FMS v767 version and prior versions on all platforms.
CVE ID: CVE-2023-24517 (Critical)
A buffer overflow vulnerability has been discovered in TP-Link router. The affected versions are TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5.
CVE ID: CVE-2023-39747 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in TOTOLINK router. The affected version is TOTOLINK X5000R B20210419.
CVE ID: CVE-2023-39618 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in TOTOLINK router. The affected versions are TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313.
CVE ID: CVE-2023-39617 (Critical)
A buffer overflow vulnerability has been discovered in the D-Link router. The affected version is D-Link DIR-880 A1_FW107WWb08.
CVE ID: CVE-2023-39674 (Critical)
An arbitrary code execution vulnerability has been discovered in Alluxio. The affected versions are Alluxio v.2.9.3 and before.
CVE ID: CVE-2023-38889 (Critical)
It has been discovered that a stack buffer overflow vulnerability due to insufficient length checking in PHP may lead to . The affected versions are PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8.
CVE ID: CVE-2023-3824 (Critical)
A vulnerability has been discovered that os.path.normpath() truncates on null bytes in Python 3. The affected versions are Python 3.12.0a1 to 3.12.0rc1, and Python 3.11.0 to 3.11.4. The remediation and work-arounds are available.
CVE ID: CVE-2023-41105 (Medium)
An insufficient verification of data authenticity vulnerability has been discovered in CODESYS' Equipment- CODESYS Development System that allows Man in the Middle (MITM) attack to execute arbitrary code. The affected versions are CODESYS Development System versions from 3.5.11.0 and prior to 3.5.19.20.
CVE ID: CVE-2023-3663 (Critical)
An overly restrictive account lockout mechanism vulnerability has been discovered in KNX Association's Equipment- KNX devices using KNX Connection Authorization that can cause users to lose access to their device, potentially with no way to reset the device. All versions of KNX devices using Connection Authorization Option 1 Style in which no BCU Key is currently set are affected.
CVE ID: CVE-2023-4346 (High)
Multiple vulnerabilities have been discovered in OPTO 22's Equipment- SNAP PAC S1 that can allow an attacker to brute force passwords, access certain device files, or cause a Denial of Service (DoS) condition. The affected version is SNAP PAC S1 firmware version R10.3b.
CVE ID: CVE-2023-40706 (High), ?CVE-2023-40707 (High), ?CVE-2023-40708 (Medium), ?CVE-2023-40709 (Medium), ?CVE-2023-40710 (Medium)
An uncontrolled search path element vulnerability has been discovered in CODESYS' Equipment- CODESYS Development system. The affected versions are CODESYS Development System: versions from 3.5.17.0 and prior to 3.5.19.20.
CVE ID: CVE-2023-3662 (High)
An improper restriction of excessive authentication attempts vulnerability has been discovered in CODESYS' Equipment- CODESYS Development System. The affected versions are CODESYS Development System: versions prior to 3.5.19.20.
CVE ID: CVE-2023-3669 (Low)
An out of bounds Write vulnerability has been discovered in Rockwell Automation' Equipment- 1734-AENT/1734-AENTR Series C, 1734-AENT/1734-AENTR Series B, 1738-AENT/ 1738-AENTR Series B, 1794-AENTR Series A, 1732E-16CFGM12QCWR Series A, 1732E-12X4M12QCDR Series A, 1732E-16CFGM12QCR Series A, 1732E-16CFGM12P5QCR Series A, 1732E-12X4M12P5QCDR Series A, 1732E-16CFGM12P5QCWR Series B, 1732E-IB16M12R Series B, 1732E-OB16M12R Series B, 1732E-16CFGM12R Series B, 1732E-IB16M12DR Series B, 1732E-OB16M12DR Series B, 1732E-8X8M12DR Series B, 1799ER-IQ10XOQ10 Series B. The mitigations are available.
CVE ID: CVE-2022-1737 (High)
Moxa has released security updates to resolve multiple vulnerabilities in Moxa's ioLogik 4000 Series. The affected versions are ioLogik 4000 Series (ioLogik E4200) firmware v1.6 and prior.
CVE ID: CVE-2023-4227 (Medium), CVE-2023-4228 (Low), CVE-2023-4229 (Medium), CVE-2023-4230 (Medium)
A privilege escalation vulnerability has been discovered in Donation Forms by Charitable plugin for WordPress. The affected versions are Donation Forms by Charitable plugin versions up to, and including, 1.7.0.12.
CVE ID: CVE-2023-4404 (Critical)
An OS command injection vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023.
CVE ID: CVE-2023-4412 (Critical)
An OS command injection vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023.
CVE ID: CVE-2023-4411 (Critical)
A SQL injection vulnerability has been discovered in Codecanyon Credit Lite. The affected version is Codecanyon Credit Lite 1.5.4.
CVE ID: CVE-2023-4407 (Critical)
An OS command injection vulnerability has been discovered in ELECOM wireless LAN routers. The affected versions are: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.
CVE ID: CVE-2023-40069 (Critical)
A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01.
CVE ID: CVE-2023-39673 (Critical)
A buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC6 _US_AC6V1.0BR_V15.03.05.16.
CVE ID: CVE-2023-39670 (Critical)
A buffer overflow vulnerability has been discovered in log_blackbox.c in libqb. The affected versions are libqb before 2.0.8.
CVE ID: CVE-2023-39976 (Critical)
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20168 (High), CVE-2023-20169 (High), CVE-2023-20200 (High), CVE-2023-20115 (Medium), CVE-2023-20234 (Medium), CVE-2023-20230 (Medium)
Google has released Chrome Beta 117 (117.0.5938.22) for iOS, Chrome Beta 117 (117.0.5938.20) for Android, Beta channel 117.0.5938.22 for Windows, Mac and Linux and LTC-114 version, 114.0.5735.331 (Platform Version: 15437.67.0) for most ChromeOS devices to resolve vulnerability.
CVE ID: CVE-2023-4211 (High)
Google has released Chrome 116 (116.0.5845.114) for Android, Chrome Stable 116 (116.0.5845.118) for iOS and Stable & Extended stable channels 116.0.5845.110 for Mac & Linux & 116.0.5845.110/.111 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2023-4430 (High), CVE-2023-4429 (High), CVE-2023-4428 (High), CVE-2023-4427 (High), CVE-2023-4431 (Medium)
A protection mechanism bypass vulnerability has been discovered in Dell PowerScale OneFS that can cause Denial of Service (DoS), information disclosure and remote execution. The affected version is Dell PowerScale OneFS 9.5.0.x.
CVE ID: CVE-2023-32493 (Critical)
A command injection vulnerability has been discovered in Trane's equipment- XL824, XL850, XL1050, and Pivot thermostats.
CVE ID: CVE-2023-4212 (Medium)
A vulnerability has been discovered in Wavlink that allows a remote attacker to execute arbitrary code. The affected version is Wavlink WL_WNJ575A3 v.R75A3_V1410_220513.
CVE ID: CVE-2023-38861 (Critical)
A vulnerability has been discovered in pandas-ai that allows a remote attacker to execute arbitrary code via the _is_jailbreak function. The affected versions are pandas-ai v.0.9.1 and before.
CVE ID: CVE-2023-39661 (Critical)
A vulnerability has been discovered in langchain-ai that allows a remote attacker to execute arbitrary code. The affected versions are langchain-ai v.0.0.232 and before.
CVE ID: CVE-2023-39659 (Critical)
A file upload vulnerability has been discovered in Wolf-leo EasyAdmin8 that allows a remote attacker to execute arbitrary code. The affected version is Wolf-leo EasyAdmin8 v.1.0.
CVE ID: CVE-2023-38915 (Critical)
A heap-based buffer overflow vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository radareorg/radare2 prior to 5.9.0.
CVE ID: CVE-2023-4322 (Critical)
Microsoft has released Microsoft Edge Stable and Extended Stable Channel (Version 116.0.1938.54) to resolve multiple vulnerabilities.
CVE ID: CVE-2023-38158 (Low), CVE-2023-36787 (High)
An authentication bypass vulnerability has been discovered in Ivanti EPMM that allows unauthorized users to access restricted functionality or resources of the application without proper authentication. The affected versions are Ivanti EPMM 11.10 and older.
CVE ID: CVE-2023-35082 (Critical)
A command injection vulnerability has been discovered in MiVoice Office 400 SMB Controller. The affected versions are MiVoice Office 400 SMB Controller through 1.2.5.23.
CVE ID: CVE-2023-39293 (Critical)
A SQL injection vulnerability has been discovered in MiVoice Office 400 SMB Controller. The affected versions are MiVoice Office 400 SMB Controller through 1.2.5.23.
CVE ID: CVE-2023-39292 (Critical)
An out of bounds memory access vulnerability has been discovered in ONLYOFFICE DocumentServer that allows to run arbitrary code via crafted JavaScript file. The affected versions are ONLYOFFICE DocumentServer 4.0.3 through 7.3.2.
CVE ID: CVE-2023-30187 (Critical)
Citrix has released security update to address an improper resource control vulnerability in ShareFile storage zones controller that affects Citrix Content Collaboration. The affected versions are ShareFile storage zones controller 5.11.24 and later versions.
CVE ID: CVE-2023-24489 (Critical)
Juniper has released security updates to address multiple vulnerabilities in the J-Web component of Juniper Networks Junos OS on SRX Series and EX Series. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-36844 (Medium), CVE-2023-36845 (Medium), CVE-2023-36846 (Medium), CVE-2023-36847 (Medium)
A Cross Site Scripting (XSS) vulnerability has been discovered in Intel(R) DSA software. The affected versions are Intel(R) DSA software before version 23.1.9.
CVE ID: CVE-2023-27515 (Critical)
Google has released Beta channel 116.0.5845.102 (Platform version: 15509.57.0) for most ChromeOS devices, Dev channel 118.0.5951.0 for Windows, Mac and Linux, and Chrome Dev 118 (118.0.5950.2) for Android.
An improper access control vulnerability has been discovered in the Intel(R) Ethernet Controller RDMA driver which enables escalation of privilege via network access. The affected versions are Intel(R) Ethernet Controller RDMA driver for Linux before version 1.9.30.
CVE ID: CVE-2023-25775 (Critical)
Dell has released security updates to address multiple vulnerabilities in Dell PowerScale OneFS that can be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2023-32486, CVE-2023-32487, CVE-2023-32488, CVE-2023-32489, CVE-2023-32490, , CVE-2023-32491, CVE-2023-32492, CVE-2023-32494, CVE-2023-32495
A remote file inclusion vulnerability has been discovered in Canto plugin for WordPress. The affected versions are Canto plugin versions up to, and including, 3.0.4.
CVE ID: CVE-2023-3452 (Critical)
A SQL injection vulnerability has been discovered in PHPJabbers Document Creator. The affected version is PHPJabbers Document Creator v1.0.
CVE ID: CVE-2023-36311 (Critical)
A stack-based buffer overflow vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK T10_v2 5.9c.5061_B20200511.
CVE ID: CVE-2023-40042 (Critical)
An improper input validation vulnerability has been discovered in Zoom Desktop Client that allows to enable an escalation of privilege via network access. The affected versions are Zoom Desktop Client for Windows before 5.14.7.
CVE ID: CVE-2023-39216 (Critical)
A path traversal vulnerability has been discovered in Zoom Desktop Client that allows to enable an escalation of privilege via network access. The affected versions are Zoom Desktop Client for Windows before 5.14.7.
CVE ID: CVE-2023-36534 (Critical)
Google has released Chrome Stable 116 (116.0.5845.90) for iOS, Chrome Dev 117 (117.0.5938.0) for Android, and Dev channel 117.0.5938.0 for Windows, Mac and Linux.
An use of hard-coded Cryptographic Key vulnerability has been discovered in Sifir Bes Education and Informatics Kunduz - Homework Helper App. The affected versions are Kunduz - Homework Helper App: before 6.2.3.
CVE ID: CVE-2023-3632 (Critical)
A SQL injection vulnerability has been discovered in Oduyo Online Collection Software. The affected versions are Online Collection Software: before 1.0.1.
CVE ID: CVE-2023-3716 (Critical)
A SQL injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE ID: CVE-2023-4188 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in PyroCMS that allows to send customized commands to the server and execute arbitrary code on the affected system. The affected version is PyroCMS 3.9.
CVE ID: CVE-2023-29689 (Critical)
Google has released Chrome 116 (116.0.5845.78) for Android, Chrome Beta 116 (116.0.5845.78) for Android, Stable channel 116.0.5845.82 for Windows and Mac, Beta channel 116.0.5845.82 for Windows, Mac and Linux, and Chrome Beta 116 (116.0.5845.86) for iOS.
Schneider Electric's has released security updates to address deserialization of untrusted data vulnerability in its equipment- IGSS (Interactive Graphical SCADA System). The affected versions are IGSS Dashboard (DashBoard.exe): v16.0.0.23130 and prior.
CVE ID: CVE-2023-3001 (High)
Fortinet has released security updates to address a stack-based buffer overflow vulnerability in FortiOS that allow to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections. The affected versions are FortiOS version 7.0.0 through 7.0.3, FortiOS 6.4 all versions, and FortiOS 6.2 all versions.
CVE ID: CVE-2023-29182 (Medium)
SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-37483 (Critical), CVE-2023-36922 (Critical), CVE-2023-39439 (High)
Citrix has released security updates to address multiple vulnerabilities in Citrix Hypervisor, Intel CPUs, and AMD CPUs. The affected versions are Citrix Hypervisor 8.2 CU1 LTSR.
CVE ID: CVE-2023-20569 (Medium), CVE-2023-34319 (Medium), CVE-2022-40982 (Medium)
Schneider Electric has released security updates to resolve an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pro-face GP-Pro EX product. The affected versions are GP-Pro EX WinGP for iPC: v4.09.450 and prior, and GP-Pro EX WinGP for PC/AT: v4.09.450 and prior.
CVE ID: CVE-2023-3953 (Medium)
Microsoft has released updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-21709 (Critical), CVE-2023-35385 (Critical), CVE-2023-36910 (Critical), CVE-2023-36911 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe Acrobat and Reader, Adobe Commerce, Adobe Dimension, and Adobe XMP Toolkit SDK. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-38208 (Critical), CVE-2023-38210 (Medium), CVE-2023-38211 (High), CVE-2023-38212 (High), CVE-2023-38213 (Low), CVE-2023-38209 (Medium), CVE-2023-38207 (Medium), CVE-2023-29320 (High), CVE-2023-29299 (Medium), CVE-2023-29303 (Medium), CVE-2023-38222 (High), CVE-2023-38223 (High)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2023-24845 (Critical), CVE-2023-25957 (Critical), CVE-2023-29129 (Critical), CVE-2023-37372 (Critical), CVE-2023-27411 (High), CVE-2023-37373 (Medium)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-08-05 or later, address all of these issues.
Microsoft has released Microsoft Edge Stable Channel (Version 115.0.1901.200) and Microsoft Edge Extended Stable Channel (Version 114.0.1823.106) to resolve security feature bypass vulnerability
CVE ID: CVE-2023-38157 (Medium)
A vulnerability has been discovered in GitLab CE/EE. The affected versions are GitLab CE/EE all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2.
CVE ID: CVE-2023-4008 (Critical)
A Remote Command Execution (RCE) vulnerability has been discovered in NextGen Mirth Connect that allows to execute arbitrary commands on the hosting server. The affected version is NextGen Mirth Connect v4.3.0.
CVE ID: CVE-2023-37679 (Critical)
A SQL injection vulnerability has been discovered in ZKTeco BioAccess IVS. The affected version is ZKTeco BioAccess IVS v3.3.1.
CVE ID: CVE-2023-38954 (Critical)
A command injection vulnerability has been discovered in Xiaomi routers. Successful exploitation can permit Remote Code Execution(RCE) and complete compromise of the device.
CVE ID: CVE-2023-26317 (Critical)
A buffer overflow vulnerability has been discovered in TP-Link Archer. The affected versions are TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219.
CVE ID: CVE-2023-31710 (Critical)
A SQL injection vulnerability has been discovered in BMC Control-M. The affected versions are BMC Control-M through 9.0.20.200.
CVE ID: CVE-2023-39122 (Critical)
A lack of verification vulnerability has been discovered in PHPJabbers Cleaning Business Software. The affected version is PHPJabbers Cleaning Business Software 1.0.
CVE ID: CVE-2023-36139 (Critical)
An incorrect access control vulnerability has been discovered in PHP Jabbers Availability Booking Calendar. The affected version is PHP Jabbers Availability Booking Calendar 5.0.
CVE ID: CVE-2023-36132 (Critical)
A path traversal vulnerability has been discovered in Control ID IDSecure that allows to delete arbitrary files on the IDSecure filesystem, causing a Denial of Service (DoS). The affected versions are Control ID IDSecure 4.7.26.0 and prior.
CVE ID: CVE-2023-33369 (Critical)
A Server-Side Template Injection (SSTI) vulnerability has been discovered in MotoCMS. The affected version is MotoCMS 3.4.3.
CVE ID: CVE-2023-36210 (Critical)
An arbitrary code execution vulnerability has been discovered in Greenshot. The affected versions are Greenshot 1.2.10 and below.
CVE ID: CVE-2023-34634 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in DedeCMS that allows to run arbitrary code. The affected versions are DedeCMS through 5.7.10.
CVE ID: CVE-2023-34842 (Critical)
A SQL Injection vulnerability has been discovered in Wifi Soft Unibox Administration. The affected versions are Wifi Soft Unibox Administration 3.0 and 3.1.
CVE ID: CVE-2023-34635 (Critical)
VMware has released security updates to address request smuggling and information disclosure vulnerabilities in VMware Horizon Server. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-34037 (Medium), CVE-2023-34038 (Medium)
A path traversal vulnerability has been discovered in TEL-STER's Equipment- TelWin SCADA WebInterface, which allows to read files on the system. The affected versions are TelWin SCADA WebInterface: 3.2 to 6.1, 7.0 to 7.1, and 8.0 and 9.0. The updates are available.
CVE ID: CVE-2023-0956 (High)
An acceptance of extraneous untrusted data with trusted data vulnerability has been discovered in Sensormatic Electronics' Equipment- VideoEdge. The affected versions are VideoEdge prior to 6.1.1. The updates are available.
CVE ID: CVE-2023-3749 (High)
An information disclosure vulnerability has been discovered in Mitsubishi Electric's Equipment- GT Designer3, GOT2000 Series, GOT SIMPLE Series and GT SoftGOT2000. The mitigations are available.
CVE ID: CVE-2023-0525 (High)
A Denial of Service (DoS) & spoofing vulnerability has been discovered in Mitsubishi Electric's Equipment- GOT2000 Series and GOT SIMPLE Series. The affected versions are GOT2000 Series: GT21 model 01.49.000 and prior, and GOT SIMPLE: GS21 model 01.49.000 and prior. The security update is available.
CVE ID: CVE-2023-3373 (Medium)
Multiple vulnerabilities have been discovered in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.
CVE ID: CVE-2022-20790 (Medium), CVE-2023-20215 (Medium), CVE-2023-20204 (Medium)
Moxa has released security updates to resolve a Denial of Service (DoS) vulnerability in Moxa's switch series. The affected versions are PT-508 Series version 3.8 and lower, PT-7728 Series version 3.8 and lower, PT-7828 Series version 3.9 and lower, and MDS-G4012 Series version 1.2 and lower.
CVE ID: CVE-2009-3563
Google has released Chrome 115 (115.0.5790.166) for Android, Dev channel OS version: 15563.0.0 Browser version: 117.0.5920.0 for most ChromeOS devices, Stable channel 115.0.5790.170 for Mac and Linux and 115.0.5790.170/.171 for Windows, and Chrome Beta 116 (116.0.5845.60) for iOS.
CVE ID: CVE-2023-4068 (High), CVE-2023-4069 (High), CVE-2023-4070 (High), CVE-2023-4071 (High), CVE-2023-4072 (High), CVE-2023-4073 (High), CVE-2023-4074 (High), CVE-2023-4075 (High), CVE-2023-4076 (High), CVE-2023-4077 (Medium), CVE-2023-4078 (Medium)
It has been discovered that the InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function. The affected versions are InstaWP Connect plugin versions up to, and including, 0.0.9.18.
CVE ID: CVE-2023-3956 (Critical)
A SQL injection vulnerability has been discovered in PrestaShop sendinblue. The affected versions are PrestaShop sendinblue v.4.0.15 and before.
CVE ID: CVE-2023-26859 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Pligg CMS. The affected version is Pligg CMS v2.0.2.
CVE ID: CVE-2023-37677 (Critical)
A vulnerability in Envoy allows a malicious client to construct credentials with permanent validity in some specific scenarios. The affected versions are Envoy prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12.
CVE ID: CVE-2023-35941 (Critical)
An elevation of privileges vulnerability has been discovered in Vasion PrinterLogic Client. The affected versions are Vasion PrinterLogic Client for Windows before 25.0.0.836.
CVE ID: CVE-2023-32232 (Critical)
Prototype Pollution vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository automattic/mongoose prior to 7.3.4.
CVE ID: CVE-2023-3696 (Critical)
A SQL injection vulnerability has been discovered in the wpbrutalai WordPress plugin. The affected versions are wpbrutalai WordPress plugin before 2.0.0.
CVE ID: CVE-2023-2601 (Critical)
An authorization bypass vulnerability through user-controlled key has been discovered in TMT Lockcell. The affected versions are Lockcell before 15.
CVE ID: CVE-2023-3048 (Critical)
A path traversal vulnerability has been discovered in NodeBB. The affected versions are NodeBB 2.5.0 and prior to version 2.8.7. The vulnerability has been resolved in NodeBB version 2.8.7.
CVE ID: CVE-2023-26045 (Critical)
An authentication bypass vulnerability has been discovered in Apache Shiro. The affected versions are Apache Shiro before 1.12.0 or 2.0.0-alpha-3.
CVE ID: CVE-2023-34478 (Critical)
A SQL injection vulnerability has been discovered in DataEase that can bypass blacklists. The affected versions are DataEase prior to 1.18.9. The vulnerability has been resolved in DataEase version 1.18.9.
CVE ID: CVE-2023-37258 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in vm2. The affected versions are vm2 up to and including 3.9.19.
CVE ID: CVE-2023-37903 (Critical)
A SQL injection vulnerability has been discovered in Boxtal (envoimoinscher) module for PrestaShop. The affected products are PrestaShop, after version 3.1.10.
CVE ID: CVE-2023-30151 (Critical)
An OS command injection vulnerability has been discovered in APSystems' Equipment- Altenergy Power Control that may allow Remote Code Execution (RCE). The affected versions are Altenergy Power Control Software C1.2.5.
CVE ID: CVE-2023-28343 (Critical)
An improper validation of specified type of Input vulnerability has been discovered in the OMRON CJ series and CS/CJ Series EtherNet/IT unit that can lead to Denial-of-service (DoS). The mitigations are available.
Mozilla has released a security update to address multiple vulnerabilities in Firefox ESR 115.1, Firefox ESR 102.14 and Firefox 116. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-4045 (High), CVE-2023-4046 (High), CVE-2023-4047 (High), CVE-2023-4048 (High), CVE-2023-4049 (High), CVE-2023-4050 (High), CVE-2023-4051 (Medium), CVE-2023-4052 (Medium), VE-2023-4053 (Medium), CVE-2023-4054 (Medium), CVE-2023-4055 (Low), CVE-2023-4056 (High), CVE-2023-4057 (High), CVE-2023-4058 (High)
Google has released Stable channel OS version: 15474.70.0 Browser version: 115.0.5790.160 for most ChromeOS devices, and Chrome Stable 115 (115.0.5790.160) for iOS.
A vulnerability has been discovered that causes excessive time spent on checking DH q parameter value in OpenSSL while using DH_check(), DH_check_ex() or EVP_PKEY_param_check(). The affected versions are OpenSSL 3.1, 3.0, 1.1.1 and 1.0.2.
CVE ID: CVE-2023-3817 (Low)
A command injection vulnerability has been discovered in PaddlePaddle. The affected versions are PaddlePaddle before 2.5.0.
CVE ID: CVE-2023-38673 (Critical)
A heap buffer overflow vulnerability has been discovered in PaddlePaddle that can lead to Denial of Service (DoS), information disclosure, or more damage is possible. The affected versions are PaddlePaddle before 2.5.0.
CVE ID: CVE-2023-38671 (Critical)
An use after free vulnerability has been discovered in PaddlePaddle. The affected versions are PaddlePaddle before 2.5.0.
CVE ID: CVE-2023-38669 (Critical)
An arbitrary file upload vulnerability has been discovered in eoffice that allows to execute arbitrary code via uploading a crafted file. The affected versions are eoffice before v9.5.
CVE ID: CVE-2023-34798 (Critical)
It has been discovered that HP LaserJet Pro print products are vulnerable to an elevation of privilege and/or information disclosure related to a lack of authentication with certain endpoints.
CVE ID: CVE-2023-26301 (Critical)
It has been discovered that a vulnerability in Metabase open source and Metabase Enterprise allow to execute arbitrary commands on the server, at the server's privilege level. The affected versions are Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1.
CVE ID: CVE-2023-38646 (Critical)
A hard-coded encryption key vulnerability has been discovered in Galaxy Software Services Vitals ESP. The affected versions are Vitals ESP 3.0.8 through 6.2.0.
CVE ID: CVE-2023-37291 (Critical)
Authorization Bypass vulnerability has been discovered in Origin Software ATS Pro that allows Authentication Abuse, Authentication Bypass. The affected versions are Origin Software ATS Pro before 20230714.
CVE ID: CVE-2023-2958 (Critical)
A path traversal vulnerability has been discovered in Ivanti EPMM that allows to write arbitrary files onto the appliance.
CVE ID: CVE-2023-35081 (High)
An insecure default initialization of resource vulnerability has been discovered in ETIC Telecom's Equipment- Remote Access Server (RAS) that allow to reconfigure the device or cause a Denial of Service (DoS) condition. The affected versions are ETIC Telecom RAS all versions 4.7.0 and prior.
CVE ID: CVE-2023-3453 (High)
An uncontrolled resource consumption vulnerability has been discovered in PTC's Equipment- KEPServerEX that can result in crashing of the affected device. The affected versions are KEPServerEX 6.0 to 6.14.263.
CVE ID: CVE-2023-3825 (High)
A Denial of Service (DoS) and malicious code execution vulnerability has been discovered in MITSUBISHI CNC series. The affected products are M800V/M80V, M800/M80/E80, C80, M700V/M70V/E70 Series and IoT Unit.
CVE ID: CVE-2023-3346 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2023-39151 (High), CVE-2023-39152 (Medium), CVE-2023-39153 (Medium), CVE-2023-3414 (Medium), CVE-2023-3442 (Medium), CVE-2023-39154 (Medium), CVE-2023-39155 (Low), CVE-2023-39156 (Medium)
Drupal has released security updates to address Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) vulnerabilities in Minify Source HTML and Drupal Symfony Mailer respectively.
Axis has released security update to address Heap-based Buffer Overflow vulnerability in its equipment- AXIS A1001 that can allow an attacker to execute arbitrary code. The affected versions are AXIS A1001: 1.65.4 and prior.
CVE ID: CVE-2023-21406 (High)
Relative Path Traversal vulnerability has been discovered in Rockwell Automation's Equipment- ThinManager ThinServer. The affected versions are ThinManager ThinServer 13.0.0-13.0.2 and 13.1.0.
CVE ID: CVE-2023-2913 (High)
Improper Restriction of Excessive Authentication Attempts vulnerability has been discovered in Johnson Controls Inc.'s Equipment- IQ Wifi 6. The affected versions are IQ Wifi 6 all firmware versions prior to 2.0.2.
CVE ID: CVE-2023-3548 (High)
VMware has released security updates to address an information disclosure vulnerability in VMware Tanzu Application Service for VMs and Isolation Segment. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-20891 (Medium)
A vulnerability has been discovered in MySQL Server that can result in an unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The affected versions are MySQL Server 8.0.33 and prior.
CVE ID: CVE-2023-22058 (Critical)
Emerson has released security updates to address an Authentication Bypass vulnerability in its equipment- ROC800-Series RTU, including ROC800, ROC800L, and DL8000 Preset Controllers. The affected versions are ROC809 & ROC827: all firmware versions, all hardware series, ROC809L & ROC827L: all firmware versions, and DL8000: all firmware versions and all hardware series.
CVE ID: CVE-2023-1935 (Critical)
A plaintext storage of a password vulnerability has been discovered in Infodrom Software E-Invoice Approval System that allows to read sensitive strings within an executable. The affected versions are E-Invoice Approval System before v.20230701.
CVE ID: CVE-2023-35067 (Critical)
A SQL injection vulnerability has been discovered in Infodrom Software E-Invoice Approval System. The affected versions are E-Invoice Approval System before v.20230701.
CVE ID: CVE-2023-35066 (Critical)
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the David Pokorny Replace Word plugin. The affected versions are David Pokorny Replace Word plugin 2.1 and below.
CVE ID: CVE-2023-37973 (Critical)
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in Kemal YAZICI - PluginPress Shortcode IMDB plugin. The affected versions are Kemal YAZICI - PluginPress Shortcode IMDB plugin 6.0.8 and below.
CVE ID: CVE-2023-37892 (Critical)
A Denial of Service (DoS) vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK CP300+ V5.2cu.7594.
CVE ID: CVE-2023-34669 (Critical)
An authorization bypass vulnerability has been discovered in Origin Software ATS Pro. The affected versions are ATS Pro: before 20230714.
CVE ID: CVE-2023-2958 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in Querlo Chatbot WordPress plugin. The affected versions are Querlo Chatbot WordPress plugin through 1.2.4.
CVE ID: CVE-2023-3418 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in QAutochat Automatic Conversation WordPress plugin. The affected versions are QAutochat Automatic Conversation WordPress plugin through 1.1.7.
CVE ID: CVE-2023-3041 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in Layui. The affected versions are Layui up to v2.8.0-rc.16.
CVE ID: CVE-2023-3691 (Critical)
A vulnerability has been discovered in Plane, an open-source, self-hosted project planning tool that allows to view all stored server files of all users. The affected version is Plane 0.7.1.
CVE ID: CVE-2023-2268 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository plaidweb/webmention.js prior to 0.5.5.
CVE ID: CVE-2023-3672 (Critical)
An iSCSI dissector crash vulnerability has been discovered in Wireshark that allows Denial of Service (DoS) via packet injection or crafted capture file. The affected versions are Wireshark 4.0.0 to 4.0.6.
CVE ID: CVE-2023-3649 (Critical)
A Kafka dissector crash vulnerability has been discovered in Wireshark that allows Denial of Service (DoS) via packet injection or crafted capture file. The affected versions are Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14.
CVE ID: CVE-2023-3648 (Critical)
It has been discovered that Alaris Systems Manager does not perform input validation during the Device Import Function.
CVE ID: CVE-2023-30564 (Critical)
Remote Unauthenticated API Access vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM). Ivanti has released security patch to address this vulnerability.
CVE ID: CVE-2023-35078 (Critical)
An improper restriction of XML external entity references (XXE) vulnerability has been discovered in the Applicant Programme. The affected versions are Applicant Programme Ver.7.06 and earlier.
CVE ID: CVE-2023-32639 (Low)
Citrix has released security updates to address CPU hardware vulnerabilities in Citrix Hypervisor. The affected versions are Citrix Hypervisor running on AMD Zen 2 CPUs.
CVE ID: CVE-2023-20593 (High)
WordPress has released a security update to resolve a Stored Cross-Site Scripting (XSS) vulnerability in the Custom Field For WP Job Manager plugin. The affected versions are Custom Field For WP Job Manager versions up to, and including, 1.1.
CVE ID: CVE-2023-3328 (Medium)
WordPress has released a security update to resolve a Cross-Site Request Forgery vulnerability in the Local Development plugin. The affected versions are Local Development versions up to, and including, 2.8.2.
CVE ID: CVE-2023-3328 (Medium)
Apple has released security updates to address multiple vulnerabilities in its various products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-38572, CVE-2023-38594, CVE-2023-38595, CVE-2023-38600, CVE-2023-38611, CVE-2023-38597, CVE-2023-38133, CVE-2023-38136, CVE-2023-38580, CVE-2023-32416, CVE-2023-32734, CVE-2023-32441, CVE-2023-38261, CVE-2023-38424, CVE-2023-38425, CVE-2023-38606, CVE-2023-32381, CVE-2023-32433, CVE-2023-35993, CVE-2023-38410, CVE-2023-38603, CVE-2023-38565, CVE-2023-38593, CVE-2023-32437
A format string vulnerability has been discovered in ASUS RT-AX56U V2 & RT-AC86U that can allow to perform remote arbitrary code execution, arbitrary system operations or can disrupt services. The affected versions are RT-AX56U V2: 3.0.0.4.386_50460, and RT-AC86U: 3.0.0.4_386_51529.
CVE ID: CVE-2023-35087 (Critical)
A format string vulnerability has been discovered in ASUS RT-AX56U V2 & RT-AC86U that can allow to perform remote arbitrary code execution, arbitrary system operations or can disrupt services. The affected versions are RT-AX56U V2: 3.0.0.4.386_50460, and RT-AC86U: 3.0.0.4_386_51529.
CVE ID: CVE-2023-35086 (Critical)
An OS command injection vulnerability has been discovered in HGiga iSherlock. The affected versions are iSherlock 4.5 before iSherlock-user-4.5-174, and iSherlock 5.5 before iSherlock-user-5.5-174.
CVE ID: CVE-2023-37292 (Critical)
A stack overflow vulnerability has been discovered in Tenda F1202. The affected versions are Tenda F1202 V1.0BR_V1.2.0.20(408), and FH1202_V1.2.0.19_EN.
CVE ID: CVE-2023-37723 (Critical)
It has been discovered that a vulnerability in Grafana can lead to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
CVE ID: CVE-2023-3128 (Critical)
A directory traversal vulnerability has been discovered in Snow Monkey Forms that allow to delete arbitrary files on the server. The affected versions are Snow Monkey Forms v5.1.1 and earlier.
CVE ID: CVE-2023-32623 (Critical)
Mozilla has released a security update to address use-after-free and file extension spoofing vulnerabilities in Thunderbird 115.0.1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-3600 (High), CVE-2023-3417 (Medium)
It has been discovered that ssh-add in OpenSSH adds smartcard keys to ssh-agent without the intended per-hop destination constraints that may  lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).  The affected version is OpenSSH 8.9.
CVE ID: CVE-2023-28531 (Critical)
A file upload vulnerability has been discovered in Online Piggery Management System. The affected version is Online Piggery Management System 1.0.
CVE ID: CVE-2023-37629 (Critical)
A SQL injection vulnerability has been discovered in Online Piggery Management System. The affected version is Online Piggery Management System 1.0.
CVE ID: CVE-2023-37628 (Critical)
Lack of integrity check vulnerability has been discovered in DigiExam that allow to access PII and takeover accounts on shared computers. The affected versions are DigiExam up to v14.0.2.
CVE ID: CVE-2023-33668 (Critical)
A Remote Command Execution (RCE) vulnerability has been discovered in RocketMQ NameServer due to earlier vulnerability CVE-2023-33246 was not completely resolved in version 5.1.1. The updates are availabble.
CVE ID: CVE-2023-37582 (Critical)
A Server Side Request Forgery (SSRF) vulnerability has been discovered in DedeCMS. The affected version is DedeCMS 5.7.109.
CVE ID: CVE-2023-3578 (Critical)
A unauthenticated privilege escalation has been discovered in MStore API plugin for WordPress. The affected versions are MStore API WordPress plugin before 3.9.9.
CVE ID: CVE-2023-3076 (Critical)
Cisco has released security updates to address several vulnerabilities in Cisco Small Business SPA500 Series IP Phones and Cisco BroadWorks software. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20181 (Medium), CVE-2023-20218 (Medium), CVE-2023-20216 (Medium)
Google has released Chrome 116 Beta channel for Windows, Mac and Linux, LTC-114 version 114.0.5735.143 (Platform Version: 15437.0) for most ChromeOS devices, Dev channel 116.0.5845.42 for Windows, Mac and Linux and LTS channel 108.0.5359.238 (Platform Version: 15183.101.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-2931 (High), CVE-2023-2932 (High), CVE-2023-2933 (High)
Foxit has released updated Foxit PDF Reader 12.1.3 and Foxit PDF Editor 12.1.3 to resolve multiple vulnerabilities in Foxit PDF Reader 12.1.2.15332 and earlier, and Foxit PDF Editor 12.1.2.15332 and all previous 12.x versions, 11.2.6.53790 and all previous 11.x versions, and 10.1.12.37872 and earlier.
Atlassian has released a security bulletin to resolve multiple vulnerabilities affecting its products.
CVE ID: CVE-2023-22505 (High), CVE-2023-22508 (High), CVE-2023-22506 (High)
An uncontrolled resource consumption vulnerability has been discovered in Rockwell Automation's Equipment- Kinetix 5700. The affected version is Rockwell Automation Kinetix 5700 V13.001.
CVE ID: CVE-2023-2263 (High)
Multiple vulnerabilities have been discovered in Keysight Technologies' Equipment- N6854A Geolocation Server. The affected versions are N6854A Geolocation Server 2.4.2 and prior.
CVE ID: CVE-2023-36853 (High), CVE-2023-34394 (High)
Multiple vulnerabilities have been discovered in Iagona's Equipment- ScrutisWeb that can allow to upload and execute arbitrary files. The affected versions are ScrutisWeb 2.1.37 and prior.
CVE ID: CVE-2023-33871 (High), CVE-2023-38257 (High), CVE-2023-35763 (Medium), CVE-2023-35189 (Critical)
Multiple vulnerabilities have been discovered in Weintek's Equipment- Weincloud. The affected versions are Weintek Weincloud ?Account API 0.13.6 and prior.
CVE ID: CVE-2023-35134 (High), CVE-2023-37362 (High), CVE-2023-32657 (Medium), CVE-2023-34429 (High)
An improper authentication vulnerability has been discovered in GeoVision's Equipment- GV-ADR2701 that allow unauthorised log in to the camera's web application. The affected versions are GV-ADR2701 V1.00_2017_12_15.
CVE ID: CVE-2023-3638 (Critical)
A heap-based buffer overflow vulnerability has been discovered in GE Digital's Equipment- CIMPLICITY that allow to cause memory corruption issues resulting in unwanted behavior such as code execution. The affected versions are all versions of CIMPLICITY.
CVE ID: CVE-2023-3463 (Medium)
WellinTech has released security updates to address multiple vulnerabilities in its equipment- KingHistorian. The affected versions are WellinTech KingHistorian 35.01.00.05.
CVE ID: CVE-2022-45124 (High), CVE-2022-43663 (High)
Oracle has released its critical patch update for July 2023 to address 508 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-21975 (Critical), CVE-2023-21974 (Critical), CVE-2023-20873 (Critical), CVE-2023-20862 (Critical)
Oracle has released its Critical patch update for Linux July 2023 to address several vulnerabilities affecting multiple products. A remote attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-29402 (Critical), CVE-2023-29404 (Critical), CVE-2023-29405 (Critical)
A SQL injection vulnerability has been discovered in PrestaShop vivawallet. The affected versions are PrestaShop vivawallet v.1.7.10 and before.
CVE ID: CVE-2023-26861 (Critical)
Oracle has released its critical patch update for Solaris Third Party July 2023 to address several vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-37434 (Critical), CVE-2023-34416 (Critical)
Adobe has released security updates to address an arbitrary code execution vulnerability in Adobe ColdFusion. The affected versions are ColdFusion 2023, 2021 and?2018.
CVE ID: CVE-2023-38203 (Critical)
A Cross-site Scripting (XSS) vulnerability has been discovered in Rockwell Automation's Equipment- PowerMonitor 1000 that can allow to achieve Remote Code Execution (RCE) and potentially the complete loss of confidentiality, integrity, and availability of the product. The affected version is PowerMonitor 1000 V4.011.
CVE ID: CVE-2023-2072 (High)
Multiple vulnerabilities have been discovered in Honeywell's Equipment- Experion PKS, LX, and PlantCruise that can cause a Denial of Service (DoS) condition and can allow privilege escalation or Remote Code Execution (RCE). The affected versions are Experion PKS: versions prior to R520.2, Experion LX: versions prior to R520.2, and Experion PlantCruise: versions prior to R520.2.
CVE ID: CVE-2023-23585 (Critical), CVE-2023-25078 (Critical), CVE-2023-25948 (Critical), CVE-2023-26597 (High), CVE-2023-24480 (Critical), CVE-2023-25770 (Critical), CVE-2023-25178 (High), CVE-2023-22435 (Critical), CVE-2023-24474 (Critical)
Multiple vulnerabilities have been discovered in BD's Equipment- Alaris PCU, Guardrails Editor, Systems Manager, Calculation Services, CQI Reporter that can allow to compromise sensitive data, hijack a session, modify firmware, make changes to system configurations, among other system impacts. The affected versions are BD Alaris Point-of-Care Unit (PCU) Model 8015: Versions 12.1.3 and prior, BD Alaris Guardrails Editor: Versions 12.1.2 and prior, BD Alaris Systems Manager: Versions 12.3 and prior, CQI Reporter: v10.17 and prior, and Calculation Services: Versions 1.0 and prior.
CVE ID: CVE-2023-30559 (Medium), CVE-2023-30560 (Medium), CVE-2023-30561 (Medium), CVE-2023-30562 (Medium), CVE-2023-30563 (High), CVE-2023-30564 (Medium), CVE-2023-30565 (Low), CVE-2018-1285 (Low)
SQL Injection vulnerability has been discovered in VegaGroup Web Collection. The affected versions are Web Collection before 31197.
CVE ID: CVE-2023-35070 (Critical)
Arbitrary file uploads vulnerability has been discovered in User Registration plugin for WordPress. The affected versions are User Registration plugin up to, and including, 3.0.2.
CVE ID: CVE-2023-3342 (Critical)
Stack overflow vulnerability has been discovered in Tenda. The affected versions are Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408).
CVE ID: CVE-2023-37712 (Critical)
Stack overflow vulnerability has been discovered in Tenda. The affected versions are Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47.
CVE ID: CVE-2023-37711 (Critical)
Command injection vulnerability has been discovered in TOTOLINK A3300R. The affected versions is TOTOLINK A3300R V17.0.0cu.557_B20221024.
CVE ID: CVE-2023-37173 (Critical)
Incorrect Access Control vulnerability has been discovered in TravianZ. The affected versions are TravianZ 8.3.4 and 8.3.3.
CVE ID: CVE-2023-36994 (Critical)
Ubuntu has released security updates to address several vulnerabilities in SciPy, and Knot Resolver. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, and Ubuntu 16.04 ESM.
CVE ID: CVE-2023-29824, CVE-2023-25399 (Medium), CVE-2022-40188
Juniper has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Palo Alto Networks has released security updates to address a vulnerability in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.
CVE ID: CVE-2023-38046 (Medium)
WordPress has released security update to resolve an authentication bypass vulnerability in MailArchiver plugin. The affected versions are MailArchiver versions up to, and including, 2.10.1.
CVE ID: CVE-2023-3136 (High)
Google has released Chrome 115 (115.0.5790.85) for Android, Stable channel 115.0.5790.90 for Windows and Mac, Beta channel 115.0.5790.90 for Windows, Mac and Linux, Dev channel 116.0.5845.27 (Platform version: 15509.20.0) for most ChromeOS devices, Chrome Stable 115 (115.0.5790.84) for iOS, and Chrome Beta 115 (115.0.5790.85) for Android.
Command injection vulnerability has been discovered in TOTOLINK LR350. The affected version is TOTOLINK LR350 V9.3.5u.6369_B20220309.
CVE ID: CVE-2023-37149 (Critical)
Arbitrary code execution vulnerability has been discovered in Zimbra Collaboration ZCS. The affected versions are Zimbra Collaboration ZCS v.8.8.15 and v.9.0.
CVE ID: CVE-2023-29382 (Critical)
Privilege escalation vulnerability has been discovered in Zimbra Collaboration (ZCS). The affected versions are Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0.
CVE ID: CVE-2023-29381 (Critical)
Buffer overflow vulnerability has been discovered in the modem pinctrl module that affects the integrity and availability of the modem.
CVE ID: CVE-2023-37245 (Critical)
Rockwell Automation has released security update to address an Out-of-bounds Write vulnerability in its equipment- 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT that can allow malicious actors to gain remote access of the running memory of the module and perform malicious activity.
CVE ID: CVE-2023-3595 (Critical), CVE-2023-3596 (High)
Cisco has released security updates to address an Unauthenticated REST API Access vulnerability in Cisco SD-WAN vManage. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20214 (Critical)
Multiple vulnerabilities have been discovered in several Zoom products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-36538 (High), CVE-2023-36537 (High), CVE-2023-36536 (High), CVE-2023-34119 (High), CVE-2023-34118 (High), CVE-2023-34117 (Low), CVE-2023-34116 (High)
SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Citrix has released security updates to address multiple vulnerabilities in Citrix Secure Access client for Ubuntu, and Citrix Secure Access client for Windows. The affected versions are Citrix Secure Access client for Ubuntu versions before 23.5.2, and Citrix Secure Access client for Windows versions before 23.5.1.3.
CVE ID: CVE-2023-24492 (Critical), CVE-2023-24491 (High)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2023-25910 (Critical), CVE-2022-1292 (Critical), CVE-2022-30767 (Critical), CVE-2023-29130 (Critical), CVE-2023-29131 (High), CVE-2022-1292 (Critical)
Remote code execution vulnerabilities have been reported in Windows and Office products.
An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim.
CVE ID: CVE-2023-36884 (High)
Fortinet has released security updates to address an insufficient session expiration vulnerability in the FortiOS REST API that can allow to reuse the session of a deleted user and can manage to obtain the API token. The affected products are FortiOS version 7.2.0 through 7.2.4, and FortiOS 7.0 all versions.
CVE ID: CVE-2023-28001 (Medium)
Mozilla has released a security update to address use-after-free vulnerability in Firefox 115.0.2 and Firefox ESR 115.0.2. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-3600 (High)
Johnson Controls has released a security update to resolve an improper authentication vulnerability in its equipment- iSTAR. The affected versions are all iSTAR Ultra and iSTAR Ultra LT after firmware version 6.8.6 and prior to 6.9.2 CU01, and all iSTAR Ultra G2 and iSTAR Edge G2 firmware versions prior to 6.9.2 CU01.
CVE ID: CVE-2023-3127 (High)
Panasonic has released a security update to address multiple vulnerabilities in its equipment- Control FPWIN Pro7. The affected versions are Panasonic Control FPWIN 7.6.0.3 and all previous versions.
CVE ID: CVE-2023-28728 (High), CVE-2023-28729 (High), CVE-2023-28730 (High)
An authentication bypass vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC-F Series that can allow to login to the product by sending specially crafted packets.
CVE ID: CVE-2023-2846 (High)
Fortinet has released security updates to address a stack-based overflow vulnerability in FortiOS & FortiProxy that can allow to execute arbitrary code or command via crafted packets. The affected products are FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and FortiProxy version 7.0.0 through 7.0.9.
CVE ID: CVE-2023-33308 (Critical)
Microsoft has released updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-32057 (Critical), CVE-2023-33150 (Critical), CVE-2023-35365 (Critical), CVE-2023-35366 (Critical), CVE-2023-35367 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe InDesign and Adobe ColdFusion. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-29308 (High), CVE-2023-29309 (Medium), CVE-2023-29310 (Medium), CVE-2023-29311 (Medium), CVE-2023-29312 (Medium), CVE-2023-29313 (Medium), CVE-2023-29314 (Medium), CVE-2023-29315 (Medium), CVE-2023-29316 (Medium), CVE-2023-29317 (Medium), CVE-2023-29318 (Medium), CVE-2023-29319 (Medium), CVE-2023-29301 (Medium), CVE-2023-29298 (High), CVE-2023-29300 (Critical)
Rockwell Automation has released a security update to resolve Cross Site Request Forgery (CSRF) vulnerability in its equipment -Enhanced HIM. Affected version is Enhanced HIM 1.001.
CVE ID: CVE-2023-2746 (Critical)
Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-37196 (High), CVE-2023-37197 (High), CVE-2023-37198 (Medium), CVE-2023-37199 (Medium), CVE-2023-37200 (Medium), CVE-2023-29414 (High),CVE-2023-28003
It has been discovered that Hero Qubo allows TELNET access with root privileges by default, without a password. The affected version is Hero Qubo HCD01_02_V1.38_20220125.
CVE ID: CVE-2023-22906 (High)
Apple has released security updates to address a vulnerability in Safari 16.5.2, Rapid Security Response iOS 16.5.1 (a) & iPadOS 16.5.1 (a), and Rapid Security Response macOS Ventura 13.4.1 (a). An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-37450
An information disclosure vulnerability has been discovered in Cisco ACI Multi-Site CloudSec Encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode that can allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic.
CVE ID: CVE-2023-20185 (High)
Progress has released security updates to address multiple vulnerabilities in MOVEit Transfer. A threat actor can exploit some of these vulnerabilities to obtain sensitive information.
CVE ID: CVE-2023-36934 (Critical), CVE-2023-36932 (High), CVE-2023-36933 (High)
PiiGAB has released a security update to address multiple vulnerabilities in its equipment- M-Bus SoftwarePack 900S, that can allow to inject arbitrary commands, steal passwords, or trick valid users into executing malicious commands.
CVE ID: CVE-2023-36859 (High), CVE-2023-33868 (Medium), CVE-2023-31277 (High), CVE-2023-35987 (Critical), CVE-2023-35765 (Medium), CVE-2023-32652 (High), CVE-2023-34995 (High), CVE-2023-34433 (High), CVE-2023-35120 (High)
VMware has released security updates to address an authentication bypass vulnerability in VMware SD-WAN (Edge). An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20899 (Medium)
Google has released Beta channel 115.0.5790.75 for Windows, Mac and Linux, Chrome Beta 115 (115.0.5790.69) for Android, and Chrome Beta 115 (115.0.5790.71) for iOS.
GitLab has released updated versions 16.1.2, 16.0.7, and 15.11.11 for GitLab Community Edition (CE) and Enterprise Edition (EE).
CVE ID: CVE-2023-3484 (High)
Mozilla has released security updates to resolve multiple vulnerabilities in Firefox for iOS 115, Thunderbird 102.13, Firefox ESR 102.13, and Firefox 115. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-37455 (Medium), CVE-2023-37456 (Low), CVE-2023-37201 (High), CVE-2023-37202 (High), CVE-2023-37207 (Medium), CVE-2023-37208 (Medium), CVE-2023-37211 (High), CVE-2023-3482 (Medium),CVE-2023-37203, CVE-2023-37204 (Medium), CVE-2023-37205 (Medium), CVE-2023-37206 (Medium), CVE-2023-37209 (Medium), CVE-2023-37210 (Low), CVE-2023-37212 (High)
Moxa has released security updates to resolve a user enumeration vulnerability in the Moxa TN-5900 Series. The affected versions are TN-5900 Series 3.3 and earlier.
CVE ID: CVE-2023-3336
A Server-Side Request Forgery (SSRF) vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository plantuml/plantuml prior to 1.2023.9.
CVE ID: CVE-2023-3432 (Critical)
A memory corruption vulnerability has been discovered in OCB feature in libnettle of Nettle. The affected versions are Nettle 3.9 before 3.9.1.
CVE ID: CVE-2023-36660 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in File Manager Advanced Shortcode WordPress plugin. The affected versions are File Manager Advanced Shortcode WordPress plugin through 2.3.2.
CVE ID: CVE-2023-2068 (Critical)
A SQL Injection vulnerability has been discovered in Custom 404 Pro WordPress plugin. The affected versions are Custom 404 Pro WordPress plugin before 3.8.1.
CVE ID: CVE-2023-2032 (Critical)
A directory traversal vulnerability has been discovered in Talend Data Catalog. The affected versions are Talend Data Catalog before 8.0-20230221.
CVE ID: CVE-2023-36301 (Critical)
A path traversal vulnerability has been discovered in Trend Micro Apex One and Apex One as a Service that allows to upload an arbitrary file to the Management Server, which can lead to Remote Code Execution (RCE) with system privileges.
CVE ID: CVE-2023-32557 (Critical)
A path traversal vulnerability has been discovered in a specific service dll of Trend Micro Mobile Security (Enterprise). The affected version is Trend Micro Mobile Security (Enterprise) 9.8 SP5.
CVE ID: CVE-2023-32521 (Critical)
An authentication bypass vulnerability has been discovered in the Web3 – Crypto wallet Login & NFT token gating plugin for WordPress. The affected versions are Web3 – Crypto wallet Login & NFT token gating plugin up to, and including, 2.6.0.
CVE ID: CVE-2023-3249 (Critical)
An authentication bypass vulnerability has been discovered in the BookIt plugin for WordPress. The affected versions are BookIt plugin up to, and including, 2.3.7.
CVE ID: CVE-2023-2834 (Critical)
An out of bounds memory read vulnerability has been discovered in Fortra Globalscape EFT. The affected versions are Fortra Globalscape EFT before 8.1.0.16.
CVE ID: CVE-2023-2989 (Critical)
A buffer overflow vulnerability has been discovered in Netgear R6250 Firmware. The affected version is Netgear R6250 Firmware 1.0.4.48.
CVE ID: CVE-2023-34563 (Critical)
An authentication bypass vulnerability has been discovered in Zoho ManageEngine ADSelfService Plus. The affected versions are Zoho ManageEngine ADSelfService Plus through 6113.
CVE ID: CVE-2023-35854 (Critical)
A SQL injection vulnerability has been discovered in Adiscon LogAnalyzer. The affected versions are Adiscon LogAnalyzer v4.1.13 and before.
CVE ID: CVE-2023-34600 (Critical)
An arbitrary code execution vulnerability has been discovered in Langchain. The affected version is Langchain 0.0.171.
CVE ID: CVE-2023-34541 (Critical)
An improper permission control vulnerability has been discovered in the Notepad app that can lead to privilege escalation.
CVE ID: CVE-2023-34159 (Critical)
A pre-authentication command injection vulnerability has been discovered in Zyxel NAS firmware that can allow to execute some Operating System (OS) commands remotely by sending a crafted HTTP request.The affected versions are Zyxel NAS326 firmware prior to V5.21(AAZF.14)C0, NAS540 firmware prior to V5.21(AATB.11)C0, and NAS542 firmware prior to V5.21(ABAG.11)C0.
CVE ID: CVE-2023-27992 (Critical)
A memory corruption vulnerability has been discovered in Firefox 113. The affected versions are Firefox prior to Firefox 114.
CVE ID: CVE-2023-34417 (Critical)
An unauthenticated Blind SQL Injection vulnerability has been discovered in MStore API plugin for WordPress. The affected versions are MStore API versions up to, and including, 4.0.1.
CVE ID: CVE-2023-3197 (Critical)
A buffer overflow vulnerability has been discovered in TP-Link Archer. The affected version is TP-Link Archer AX10(EU)_V1.2_230220.
CVE ID: CVE-2023-34832 (Critical)
A Server Side Request Forgery (SSRF) vulnerability has been discovered in OTCMS. The affected versions are OTCMS up to 6.62.
CVE ID: CVE-2023-3238 (Critical)
An insecure permissions vulnerability has been discovered in PublicCMS. The affected versions are PublicCMS V4.0.202302 and below.
CVE ID: CVE-2023-34852 (Critical)
A potential XML external entity injection vulnerability has been discovered in ArcSight Logger. The affected versions are ArcSight Logger prior to 7.3.0.
CVE ID: CVE-2023-24470 (Critical)
VMware has released security updates to address heap overflow vulnerability, use-after-free, memory corruption vulnerability, and out-of-bounds read vulnerabilities in VMware vCenter Server. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20892 (High), CVE-2023-20893 (High), CVE-2023-20894 (High), CVE-2023-20895 (High), CVE-2023-20896 (Medium)
A path traversal vulnerability has been discovered in SpiderControl's Equipment- SCADAWebServer that can result in a Denial of Service (DoS) condition. The affected versions are SCADAWebServer 2.08 and prior.
CVE ID: CVE-2023-3329 (Medium)
Advantech has released security updates to address hard coded password and external control of file name or path vulnerabilities in its equipment- R-SeeNet that can allow to authenticate as a valid user or access files on the system. The affected versions are R-SeeNet 2.4.22 and prior.
CVE ID: CVE-2023-2611 (Critical), CVE-2023-3256 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 23.04, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
Apple has released security updates to address multiple vulnerabilities in its various products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-32439, CVE-2023-32434, CVE-2023-32435
ISC has released security updates to address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. An attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-2911 (High), CVE-2023-2829 (High), CVE-2023-2828 (High)
Juniper has released security updates to address an improper input validation vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-0026 (High)
Google has released Stable channel 114.0.5735.143 (Platform version: 15437.57.0) for most ChromeOS devices, Chrome Beta 115 (115.0.5790.40) for Android, Beta channel 115.0.5790.40 for Windows, Linux and Mac, Chrome Beta 115 (115.0.5790.40) for iOS and LTS channel 108.0.5359.235 (Platform Version: 15183.98.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-3079, CVE-2023-2935, CVE-2023-0045, CVE-2023-32233
A command injection vulnerability has been discovered in Zyxel NAS. The affected products are Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0. Zyxel has released security patches to address vulnerability.
CVE ID: CVE-2023-27992(Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Fortinet has released security updates to resolve a command injection vulnerability in FortiNAC that can allow to copy local files of the device to other local directories of the device via specially crafted input fields. The affected products are FortiNAC 9.4.0 through 9.4.3, and FortiNAC 7.2.0 through 7.2.1.
CVE ID: CVE-2023-33300 (Medium)
Fortinet has released security updates to resolve a deserialization of untrusted data vulnerability in some of its products that can allow to execute unauthorized code or commands. Security updates for FortiNAC 8.8 all versions, FortiNAC 8.7 all versions, FortiNAC 8.6 all versions, FortiNAC 8.5 all versions and FortiNAC 8.3 all versions are still not released.
CVE ID: CVE-2023-33299 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 23.04, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
WordPress has released security updates to resolve multiple vulnerabilities in its plugins. The affected products are CMS Commander plugin versions up to, and including, 2.287 and WP Sticky Social plugin versions up to, and including, 1.0.1.
Fortinet has released security updates to resolve a plaintext storage of a password vulnerability in FortiSIEM. The affected products are FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions and 5.3 all versions.
CVE ID: CVE-2023-26204 (Critical)
A vulnerability has been discovered in OMICARD EDM’s file uploading function that can allow, to perform arbitrary system commands or disrupt services.
CVE ID: CVE-2023-32753 (Critical)
A vulnerability has been discovered in L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function that can allow, to perform arbitrary system commands or disrupt services.
CVE ID: CVE-2023-32752
Google has released Beta channel 115.0.5790.32 for Windows, Mac and Linux, Beta channel OS version: 15474.21.0 Browser version: 115.0.5790.30 for most ChromeOS devices, Chrome Beta 115 (115.0.5790.32) for Android and LTS channel 108.0.5359.234 (Platform Version: 15183.97.0) for most ChromeOS devices.
An arbitrary code execution vulnerability has been discovered in Adobe Commerce. The affected versions are Adobe Commerce versions 2.4.6 & earlier, 2.4.5-p2 & earlier and 2.4.4-p3 & earlier.
CVE ID: CVE-2023-29297 (Critical)
Microsoft has released a security update to resolve an elevation of privilege vulnerability in Microsoft SharePoint Server 2019.
CVE ID: CVE-2023-29357 (Critical)
A vulnerability has been discovered in TMT Lockcell that can cause privilege abuse authentication bypass in affected systems.
CVE ID: CVE-2023-3050 (Critical)
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-29357 (Critical), CVE-2023-29363 (Critical), CVE-2023-32014 (Critical), CVE-2023-32015 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-29297 (Critical)
Fortinet has released security updates to address Heap-based Buffer Overflow vulnerability in FortiOS & FortiProxy SSL-VPN that can allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
CVE ID: CVE-2023-27997 (Critical)
Fuji Electric has released security updates to address multiple vulnerabilities in V-Server, V-Server Lite, TELLUS, and TELLUS Lite. The affected versions are V-Server v4.0.15.0 and earlier, V-Server Lite v4.0.15.0 and earlier, TELLUS v4.0.15.0 and earlier, and TELLUS Lite v4.0.15.0 and earlier.
CVE ID: CVE-2023-31239 (High), CVE-2023-32538 (High), CVE-2023-32273 (High), CVE-2023-32201 (High), CVE-2023-32288 (High), CVE-2023-32276 (High), CVE-2023-32270 (High), CVE-2023-32542 (High)
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20178 (High), CVE-2023-20108 (High), CVE-2023-20006 (High), CVE-2023-20188 (High), CVE-2023-20116 (High), CVE-2023-20136 (High)
An escalation of privilege vulnerability has been discovered in the Splunk App for Stream . The affected versions are Splunk App for Stream versions below 8.1.1.
CVE ID: CVE-2023-32713 (Critical)
An escalation of privilege vulnerability has been discovered in Microworld Technologies eScan Management Console that allows to retrieve password of any admin or normal user in plain text format. The affected version is Microworld Technologies eScan Management Console 14.0.1400.2281.
CVE ID: CVE-2023-33730 (Critical)
An outbound HTTP request vulnerability has been discovered in Deno. The affected versions are deno 1.34.0 and deno_runtime 0.114.0.
CVE ID: CVE-2023-33966 (Critical)
A vulnerability has been discovered in EZ Sync service, which allows to navigate beyond the intended directory structure and delete files. The affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below, and ADM 4.2.1.RGE2 and below.
CVE ID: CVE-2023-2909 (Critical)
An OS command injection vulnerability has been discovered in Dell NetWorker client that can lead to the execution of arbitrary OS commands on the application's underlying OS. The affected version is Dell NetWorker 19.6.1.2.
CVE ID: CVE-2023-25539 (Critical)
A vulnerability has been discovered in ImageMagick that can cause Remote Code Execution (RCE) in OpenBlob with --enable-pipes configured.
CVE ID: CVE-2023-34152 (Critical)
A vulnerability has been discovered in RIOT-OS that allows to send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The affected versions are RIOT-OS 2023.01 and prior.
CVE ID: CVE-2023-33975 (Critical)
Cisco has released security updates to resolve multiple privilege escalation vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server. The affected versions are Cisco Expressway Series and Cisco TelePresence Video Communication Server 14.0 and earlier.
CVE ID: CVE-2023-20105 (Critical), CVE-2023-20192 (High)
VMware has released security update to address command injection, authenticated deserialization, and information disclosure vulnerabilities in VMware Aria Operations for Networks. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20887 (Critical), CVE-2023-20888 (Critical), CVE-2023-20889 (High)
Delta Electronics has released a security update to address a stack-based buffer overflow and heap-based buffer overflow vulnerabilities in its equipment CNCSoft-B DOPSoft. The affected products are CNCSoft-B DOPSoft: versions 1.0.0.4 and prior.
CVE ID: CVE-2023-25177 (High), CVE-2023-24014 (High)
Mozilla has released a security update to address multiple vulnerabilities in Firefox 114,and Firefox ESR 102.12. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-34414 (High), CVE-2023-34415 (Medium), CVE-2023-34416 (High), CVE-2023-34417 (High)
A command injection vulnerability has been discovered in Advanced Secure Gateway and Content Analysis. The affected versions are Advanced Secure Gateway and Content Analysis prior to 7.3.13.1 / 3.1.6.0.
CVE ID: CVE-2023-23952 (Critical)
A Remote Command Execution (RCE) vulnerability has been discovered in D-Link DIR-846. The affected version is D-Link DIR-846 v1.00A52.
CVE ID: CVE-2023-33735 (Critical)
A bypass of permission vulnerability has been discovered in JetBrains TeamCity. The affected version is JetBrains TeamCity before 2023.05.
CVE ID: CVE-2023-34218 (Critical)
A SQL Injection vulnerability has been discovered in KramerAV VIA GO². The affected versions are KramerAV VIA GO² prior to 4.0.1.1326.
CVE ID: CVE-2023-33509 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in KramerAV VIA GO². The affected versions are KramerAV VIA GO² prior to 4.0.1.1326.
CVE ID: CVE-2023-33508 (Critical)
A command insertion vulnerability has been discovered in TOTOLINK X5000R that allows to execute arbitrary commands through the "ip" parameter. The affected versions are TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113.
CVE ID: CVE-2023-33487 (Critical)
A command insertion vulnerability has been discovered in TOTOLINK X5000R that allows to execute arbitrary commands through the "hostName" parameter. The affected versions are TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113.
CVE ID: CVE-2023-33486 (Critical)
An escalation privilege vulnerability has been discovered in edjing Mix for Android. The affected version is edjing Mix v.7.09.01 for Android.
CVE ID: CVE-2023-29734 (Critical)
Zyxel has released security updates to address privilege escalation, and buffer overflow vulnerabilities in GS1900 series switches, and 4G LTE and 5G NR outdoor routers respectively.
CVE ID: CVE-2022-45853, CVE-2023-27989
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
WordPress has released security update to resolve an authentication bypass vulnerability in Visitor Traffic Real Time Statistics plugin. The affected versions are Visitor Traffic Real Time Statistics versions up to, and including, 6.7.
Google has released Chrome 114 (114.0.5735.60/.61) for Android, and Stable and extended stable channels 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows.
CVE ID: CVE-2023-3079 (High)
A vulnerability has been discovered in Abstrium Pydio Cells that leads to improper control of resource identifiers.The affected version is Abstrium Pydio Cells 4.2.0.
CVE ID: CVE-2023-2980 (Critical)
A vulnerability has been discovered in Abstrium Pydio Cells that leads to improper control of resource identifiers.The affected version is Abstrium Pydio Cells 4.2.0.
CVE ID: CVE-2023-2979 (Critical)
An authorization bypass vulnerability has been discovered in Abstrium Pydio Cells. The affected version is Abstrium Pydio Cells 4.2.0.
CVE ID: CVE-2023-2978 (Critical)
A prototype pollution vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository antfu/utils prior to 0.7.3.
CVE ID: CVE-2023-2972 (Critical)
A header spoofing vulnerability has been discovered in Emby Server that can allow administrative access to an Emby Server system, depending on certain user account settings.
CVE ID: CVE-2023-33193 (Critical)
A vulnerability has been discovered in Pomerium that can lead to incorrect authorisation decisions with specially crafted requests.
CVE ID: CVE-2023-33189 (Critical)
An information leakage vulnerability has been discovered in HGiga PowerStation that can allow to obtain the administrator's credentials.
CVE ID: CVE-2023-24838 (Critical)
Moxa has released security updates to resolve multiple Weak cryptographic algorithm vulnerabilities in Moxa CN2600 Series. The affected versions are CN2600 Series Firmware version 4.5 and lower.
FUJI ELECTRIC released security update to address multiple vulnerabilities in FUJI ELECTRIC FRENIC RHC Loader. The affected versions are FRENIC RHC Loader v1.1.0.3 and earlier.
CVE ID: CVE-2023-29160 (High), CVE-2023-29167 (High), CVE-2023-29498 (Medium)
Zyxel has released security updates to address multiple vulnerabilities related to a cyberattack targeting ZyWALL devices.
CVE ID: CVE-2023-28771, CVE-2023-33009, CVE-2023-33010
Microsoft has released Microsoft Edge Extended Stable Channel (Version 114.0.1823.37) to resolve multiple vulnerabilities.
CVE ID: CVE-2023-29345 (Medium), CVE-2023-33143 (High)
Insufficient authentication vulnerability has been discovered in Hitron Technologies. The affected version is Hitron Technologies CODA-5310.
CVE ID: CVE-2023-30604 (Critical)
SQL Injection vulnerability has been discovered in ELITE TECHNOLOGY CORP. Web Fax that can allow a remote attacker to perform arbitrary system commands, disrupt service or terminate service.
CVE ID: CVE-2023-28701 (Critical)
Insufficient authorization check vulnerability has been discovered in Wade Graphic Design FANTSY that can allow an unauthenticated remote user to perform arbitrary system operation, or disrupt service.
CVE ID: CVE-2023-28698 (Critical)
Stack-based buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC6 US_AC6V1.0BR_V15.03.05.19.
CVE ID: CVE-2023-2923 (Critical)
XSS vulnerability has been discovered in InstantPlay of Galaxy Store that allows attackers to execute javascript API to install APK from Galaxy Store. The affected versions are InstantPlay of Galaxy Store prior to version 4.5.49.8.
CVE ID: CVE-2023-21516 (Critical)
Improper scheme validation vulnerability has been discovered in InstantPlay Deeplink of Galaxy Store that allows attackers to execute javascript API to install APK from Galaxy Store. The affected versions are InstantPlay Deeplink of Galaxy Store prior to version 4.5.49.8.
CVE ID: CVE-2023-21514 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available for some products.
CVE ID: CVE-2023-1829 (High), CVE-2023-1872 (High), CVE-2023-1989 (High), CVE-2023-30846 (High), CVE-2023-20873 (Critical), CVE-2023-2236 (High)
A remote command injection vulnerability has been discovered in Barracuda Email Security Gateway. The affected versions are Barracuda Email Security Gateway 5.1.3.001 to 9.2.0.006.
CVE ID: CVE-2023-2868 (Critical)
Delta Electronics has released a security update to address a use of hard-coded credentials vulnerability in its equipment DIAEnergie, that can lead to Remote Code Execution (RCE). The affected products are DIAEnergie version 1.9.03.009 and prior.
CVE ID: CVE-2022-3214 (Critical)
Multiple vulnerabilities such as code injection and unrestricted upload of files with dangerous types have been discovered in Advantech's Equipment- WebAccess Node. The affected versions are Advantech WebAccess/SCADA 9.1.3 and prior. The mitigation is available.
CVE ID: CVE-2023-32540 (High), CVE-2023-22450 (High), CVE-2023-32628 (High)
It has been discovered that the External Visitor Manager portal of HID SAFE is vulnerable to manipulation within web fields in the Application Programmable Interface (API) that can result in exposure of personal data or create a Denial of Service (DoS) condition. The affected versions are HID SAFE 5.8.0 through 5.11.3.
CVE ID: CVE-2023-2904 (High)
An improper input validation vulnerability has been discovered in Hitachi Energy's Equipment- Relion 670, 650, and SAM600-IO that can reboot the device regularly, resulting in a Denial of Service (DoS) condition. The affected products are Relion 670 series: versions 1.1, 1.2.3, 2.0, 2.1, 2.2.2, 2.2.3, Relion 670/650 series: version 2.2.0, Relion 670/650/SAM600-IO series: version 2.2.1, and Relion 650 series: versions 1.1, 1.2, 1.3. Security updates and mitigation are available.
CVE ID: CVE-2021-27196 (High)
Ubuntu has released security updates to address several vulnerabilities in the Linux kernel, CUPS, and Avahi. The affected products are Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are Groundhogg plugin, Directorist plugin, Uncanny Toolkit for LearnDash plugin, wpForo Forum plugin, WP Directory Kit plugin, Bookly plugin, and Web Directory Free plugin. Security updates & patches are available for some plugins.
CVE ID: CVE-2023-34178 (Medium), CVE-2023-1888 (High), CVE-2023-2249 (High), CVE-2023-2835 (Medium), CVE-2023-1889 (Medium), CVE-2023-1159 (Medium), CVE-2023-2201 (High)
Google has released Chrome Stable 114 (114.0.5735.99) for iOS, Dev channel OS version: 15474.9.0 Browser version: 115.0.5790.13 for most ChromeOS devices, dev channel 116.0.5803.2 for Windows, Mac and Linux, and Chrome Dev 116 (116.0.5803.0) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
An authentication bypass vulnerability has been discovered in user_oidc app, an OpenID Connect user backend for Nextcloud. Security update is available.
CVE ID: CVE-2023-32074 (Critical)
A SQL injection vulnerability has been discovered in the Store Commander scfixmyprestashop module of PrestaShop. The affected versions are Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop.
CVE ID: CVE-2023-33279 (Critical)
An improper validation of array index vulnerability has been discovered in the spreadsheet component of The Document Foundation LibreOffice that can cause an array index underflow when loaded. The affected versions are The Document Foundation LibreOffice 7.4 versions prior to 7.4.6, and 7.5 versions prior to 7.5.1.
CVE ID: CVE-2023-0950 (Critical)
Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment- MELSEC iQ-R Series/iQ-F Series EtherNet/IP modules and EtherNet/IP configuration tools that allow to connect to the module via FTP and bypass authentication to log in illegally.
CVE ID: CVE-2023-2060 (High), CVE-2023-2061 (Medium), CVE-2023-2062 (Medium), CVE-2023-2063 (Medium)
Progress has released security updates to address a SQL injection vulnerability in MOVEit Transfer web application that can allow to gain unauthorized access to MOVEit Transfer's database. The affected versions are Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1).
Foxit has released updated Foxit PDF Editor 11.2.6 to resolve multiple vulnerabilities in Foxit PDF Editor 11.2.5.53785 and all previous 11.x versions, 10.1.11.37866 and earlier.
CONPROSYS HMI System (CHS) has released a security update to address multiple vulnerabilities in its products. The affected versions are CONPROSYS HMI System (CHS) versions prior to 3.5.3.
CVE ID: CVE-2023-28713 (Medium), CVE-2023-28399 (High), CVE-2023-28657 (High), CVE-2023-28651 (Medium), CVE-2023-28824 (Medium), CVE-2023-29154 (Medium), CVE-2023-2758 (Low)
WordPress has released security updates to resolve the IP Address Spoofing vulnerability in Brizy Page Builder plugin. The affected versions are Brizy Page Builder versions up to, and including, 2.4.18.
CVE ID: CVE-2023-2897 (Low)
Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are Donation Platform for WooCommerce: Fundraising & Donation Management plugin and Formidable Forms plugin. Security updates & patches are available.
Drupal has released security updates to address multiple vulnerabilities in 3rd party plugins such as AddToAny Share Buttons, Consent Popup, and Iubenda Integration.
Google has released Dev channel OS version: 15474.5.0 Browser version: 115.0.5790.7 for most ChromeOS devices, Chrome Beta 115 (115.0.5790.13) for iOS, Chrome Beta 115 (115.0.5790.13) for Android, and Chrome Beta 115.0.5790.13 for Windows, Mac and Linux.
A Server-Side Template Injection (SSTI) vulnerability via the formats parameter has been discovered in Camaleon CMS. The affected version is Camaleon CMS v2.7.0
CVE ID: CVE-2023-30145 (Critical)
A vulnerability that allows generation of incorrect security tokens has been discovered in CBOT Chatbot, causing token impersonation, and privilege abuse. The affected versions are Chatbot before Core: v4.0.3.4 Panel: v4.0.3.7.
CVE ID: CVE-2023-2882 (Critical)
A file upload vulnerability that leads to command execution has been discovered in SofaWiki .The affected versions are SofaWiki 3.8.9 and below.
CVE ID: CVE-2023-29721 (Critical)
An execute arbitrary script vulnerability has been discovered in Mitel MiVoice Connect. The affected versions are Mitel MiVoice Connect 19.3 SP2 (22.24.1500.0) and earlier.
CVE ID: CVE-2023-31457 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in SQLite JDBC. The affected versions are Sqlite-jdbc 3.6.14.1 through 3.41.2.1. A security update is available.
CVE ID: CVE-2023-32697 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in Pleasanter. The affected versions are Pleasanter 1.3.38.1 and earlier.
CVE ID: CVE-2023-30758 (Medium)
Use of hard-coded cryptographic key vulnerability has been discovered in DataSpider Servista. The affected versions are DataSpider Servista 4.4 and earlier.
CVE ID: CVE-2023-28937 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
An authorization bypass vulnerability has been discovered in Wordapp plugin for WordPress. The affected versions are Wordapp versions up to, and including, 1.5.0.
CVE ID: CVE-2023-2987 (Critical)
Joomla has released a security update to resolve a Lack of rate limiting vulnerability in Joomla CMS that allows brute force attacks against MFA methods. The affected versions are Joomla CMS versions 4.2.0 to 4.3.1.
CVE ID: CVE-2023-23755 (Critical)
OpenSSL has released security updates to address a vulnerability in OpenSSL that can lead to a Denial of Service (DoS). The affected versions are OpenSSL 3.0.x , OpenSSL 3.1.x , OpenSSL 1.1.1 and OpenSSL 1.0.2.
CVE ID: CVE-2023-2650 (Medium)
An insufficient type distinction vulnerability has been discovered in Advantech's Equipment- WebAccess/SCADA product that can allow full control over the supervisory control and data acquisition (SCADA) server. The affected version is WebAccess/SCADA 8.4.5. The mitigations are available.
CVE ID: CVE-2023-2866 (High)
VMware has released security updates to address an insecure redirect vulnerability in Workspace ONE Access, Identity Manager and VMware Cloud Foundation that can allow to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
CVE ID: CVE-2023-20884 (Medium)
Google has released Chrome 114 (114.0.5735.57/.58) for Android, Beta channel OS version: 15437.311.0 Browser version: 114.0.5735.84 for most ChromeOS devices, Chrome Stable 114 (114.0.5735.50) for iOS, Chrome Stable channel 114.0.5735.90 for Linux and Mac & 114.0.5735.90/91 for Windows and Extended Stable channel 114.0.5735.90 for Mac & 114.0.5735.91 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2023-2929 (High), CVE-2023-2930 (High), CVE-2023-2931 (High), CVE-2023-2932 (High), CVE-2023-2933 (High), CVE-2023-2934 (High), CVE-2023-2935 (High), CVE-2023-2936 (High), CVE-2023-2937 (Medium), CVE-2023-2938 (Medium), CVE-2023-2939 (Medium), CVE-2023-2940 (Medium), CVE-2023-2941 (Low)
A logging security vulnerability has been discovered in Hitachi Energy's FOXMAN-UN, and UNEM products. An attacker can exploit these vulnerabilities to take control of an affected system. The mitigations are available.
CVE ID: CVE-2023-1711 (Medium)
An authentication bypass vulnerability has been discovered in MStore API plugin for WordPress. The affected versions are MStore API versions up to, and including, 3.9.1.
CVE ID: CVE-2023-2734 (Critical)
A buffer overflow vulnerability has been discovered in GarminOS TVM component of CIQ API. The affected versions are GarminOS TVM component of CIQ API version 1.0.0 through 4.1.7.
CVE ID: CVE-2023-23305 (Critical)
A vulnerability has been discovered in GarminOS TVM component of CIQ API that allows to disclose potentially private or sensitive information. The affected versions are GarminOS TVM component of CIQ API version 2.1.0 through 4.1.7.
CVE ID: CVE-2023-23304 (Critical)
A directory traversal vulnerability has been discovered in Snow Monkey Forms that allows to obtain sensitive information, alter the website, or cause a Denial of Service (DoS) condition. The affected versions are Snow Monkey Forms v5.0.6 and earlier.
CVE ID: CVE-2023-28413 (Critical)
A path traversal vulnerability has been discovered in MicroEngine Mailform that allows to save an arbitrary file on the server and execute it. The affected versions are MicroEngine Mailform 1.1.0 to 1.1.8.
CVE ID: CVE-2023-27507 (Critical)
A code injection vulnerability has been discovered in Drive Explorer for macOS that allows to read and/or write to arbitrary files without the access privileges. The affected versions are Drive Explorer for macOS versions 3.5.4 and earlier.
CVE ID: CVE-2023-25953 (Critical)
It has been discovered that D-Link DIR-300 firmware is vulnerable to file inclusion via /model/__lang_msg.php. The affected versions are D-Link DIR-300 firmware REVA1.06 and below, and REVB2.06 and below.
CVE ID: CVE-2023-31814 (Critical)
It has been discovered that SolarView Compact is vulnerable to insecure permissions. The affected versions are SolarView Compact 6.0 and below.
CVE ID: CVE-2023-29919 (Critical)
A deserialization of untrusted data vulnerability has been discovered in Sitecore Experience Platform that allows to run arbitrary code via ValidationResult.aspx.The affected versions are Sitecore Experience Platform through 10.2.
CVE ID: CVE-2023-27068 (Critical)
Debian has released a security update to resolve a buffer overflow vulnerability in Kamailio SIP telephony server. The affected versions are Kamailio SIP server before 5.5.0.
CVE ID: CVE-2020-27507 (Critical)
Starlette has released security update to address a directory traversal vulnerability in its products. The affected versions are Starlette 0.13.5 and later and prior to 0.27.0.
CVE ID: CVE-2023-29159 (Low)
Zyxel has released security updates to address a post-authentication command injection vulnerability in NAS products. The affected versions are NAS326 V5.21(AAZF.12)C0 & earlier, NAS540 V5.21(AATB.9)C0 & earlier, and NAS542 V5.21(ABAG.9)C0 & earlier.
CVE ID: CVE-2023-27988
A vulnerability has been discovered in Netbox that allows to execute queries against the GraphQL database, granting access to sensitive data stored in the database. The affected version is Netbox v3.5.1.
CVE ID: CVE-2023-33796 (Critical)
WordPress has released security updates to resolve multiple Cross Site Request Forgery (CSRF) vulnerabilities in WP EasyCart plugin. The affected versions are WP EasyCart versions up to, and including, 5.4.8.
CVE ID: CVE-2023-2896 (Medium), CVE-2023-2895 (Medium), CVE-2023-2894 (Medium), CVE-2023-2893 (Medium), CVE-2023-2892 (Medium), CVE-2023-2891 (Medium)
A directory traversal vulnerability has been discovered in ESS REC Agent Server Edition for Linux. The affected versions are ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1.
CVE ID: CVE-2023-28382 (High)
Cisco has released security updates to address the CLI arbitrary file write vulnerability in Cisco Firepower Threat Defense (FTD) software that can allow to overwrite or append arbitrary data to system files using root-level privileges.
CVE ID: CVE-2021-34761 (High)
SQL Injection vulnerability has been discovered in AGT Tech Ceppatron. All versions of AGT Tech Ceppatron software are affected.
CVE ID: CVE-2023-2851 (Critical)
Authentication Bypass vulnerability has been discovered in CBOT Chatbot. The affected versions are Chatbot before Core: v4.0.3.4 Panel: v4.0.3.7.
CVE ID: CVE-2023-2887 (Critical)
WordPress released security update to resolve a SQL Injection vulnerability in User Activity Log plugin. The affected versions are User Activity Log versions up to, and including, 1.6.1.
Google has released dev channel 115.0.5790.3 for Windows, Mac and Linux, LTS channel 108.0.5359.232 (Platform Version: 15183.95.0) for most ChromeOS devices, and Chrome Dev 115 (115.0.5790.5) for Android.
CVE ID: CVE-2023-2458 (High)
Channel Accessible by Non-Endpoint vulnerability has been discovered in CBOT Chatbot that allows Adversary in the Middle (AiTM). The affected versions are Chatbot before Core: v4.0.3.4 Panel: v4.0.3.7.
CVE ID: CVE-2023-2885 (Critical)
Generation of Incorrect Security Tokens vulnerability has been discovered in CBOT Chatbot that allows Token Impersonation, Privilege Abuse. The affected versions are Chatbot before Core: v4.0.3.4 Panel: v4.0.3.7.
CVE ID: CVE-2023-2882 (Critical)
NULL Pointer Dereference vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository gpac/gpac prior to 2.2.2.
CVE ID: CVE-2023-2840 (Critical)
Out-of-bounds Read vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository gpac/gpac prior to 2.2.2.
CVE ID: CVE-2023-2838 (Critical)
Remote code execution vulnerability has been discovered in IBM InfoSphere Information Server. The affected version is IBM InfoSphere Information Server 11.7.
CVE ID: CVE-2023-32336 (Critical)
Insecure Direct Object References vulnerability has been discovered in WooCommerce Memberships for Multivendor Marketplace plugin for WordPress. The affected versions are WooCommerce Memberships for Multivendor Marketplace plugin versions up to, and including, 2.10.7.
CVE ID: CVE-2023-2276 (Critical)
An arbitrary file upload vulnerability has been discovered in PerfreeBlog. The affected version is PerfreeBlog v3.1.2.
CVE ID: CVE-2023-30333 (Critical)
Command Injection vulnerability has been discovered in TOTOLINK A3300R. The affected version is TOTOLINK A3300R v17.0.0cu.557.
CVE ID: CVE-2023-31729 (Critical)
Path Traversal vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository mlflow/mlflow prior to 2.3.1.
CVE ID: CVE-2023-2780 (Critical)
Stack overflow vulnerability has been discovered in D-Link DIR-605L. The affected version is D-Link DIR-605L firmware version 1.17B01 BETA.
CVE ID: CVE-2023-29961 (Critical)
OS Command Injection vulnerability has been discovered in the CGI component of Synology Router Manager (SRM) that allows remote attackers to execute arbitrary code via unspecified vectors. The affected versions are Synology Router Manager before 1.2.5-8227-6 and 1.3.1-9346-3.
CVE ID: CVE-2023-32956 (Critical)
Moxa has released security updates to resolve command injection and Use of Hard-coded credentials vulnerabilities in Moxa MXsecurity Series. The affected versions are MXsecurity Series Software v1.0.
CVE ID: CVE-2023-33235 (High), CVE-2023-33236 (Critical)
It has been discovered that Wacom Tablet Driver installer for macOS contains an improper link resolution before file access vulnerability. The affected versions are Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS).
CVE ID: CVE-2023-27529 (High)
WordPress has released security update to resolve an authentication bypass vulnerability in MStore API plugin. The affected versions are MStore API versions up to, and including, 3.9.2.
CVE ID: CVE-2023-2732 (Critical)
Dell has released security updates to address multiple vulnerabilities in PowerPath Windows that can be exploited to compromise the affected system. The affected versions are PowerPath Windows 7.0, 7.1 & 7.2.
CVE ID: CVE-2023-28079 (High), CVE-2023-28080 (Medium), CVE-2023-32448 (Medium)
WordPress released security update to resolve a Cross-Site Request Forgery (CSRF)vulnerability in Easy Google Maps plugin. The affected versions are Easy Google Maps versions up to, and including, 1.11.7.
CVE ID: CVE-2023-2526 (Medium)
WordPress released security update to resolve a Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Automator plugin. The affected versions are Uncanny Automator versions up to, and including, 4.14.
Google has released Chrome 114 (114.0.5735.52/.53) for Android, Beta channel 114.0.5735.45 for Windows, Linux and Mac, Stable channel 114.0.5735.45 for Windows and Mac, Chrome Beta 114 (114.0.5735.53) for Android, and Chrome Beta 114 (114.0.5735.49) for iOS.
A SQL injection vulnerability has been discovered in Minova Technology eTrace. The affected versions are Minova Technology eTrace before 23.05.20.
CVE ID: CVE-2023-2064 (Critical)
A SQL injection vulnerability has been discovered in Ipekyolu Software's Auto Damage Tracking Software. The affected versions are Auto Damage Tracking Software before 4.
CVE ID: CVE-2023-2045 (Critical)
A SQL injection vulnerability has been discovered in Cityboss's E-municipality. The affected versions are E-municipality before 6.05.
CVE ID: CVE-2023-2750 (Critical)
A SQL Injection vulnerability has been discovered in Prestashop posstaticblocks. The affected versions are Prestashop posstaticblocks 1.0.0 and prior versions.
CVE ID: CVE-2023-30189 (Critical)
An arbitrary file write vulnerability has been discovered in Jenkins Pipeline Utility Steps Plugin. The affected versions are Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier.
CVE ID: CVE-2023-32981 (Critical)
An XML deserialization vulnerability has been discovered in glazedlist that allows to execute arbitrary code. The affected versions are glazedlists v1.11.0.
CVE ID: CVE-2023-31890 (Critical)
A vulnerability has been discovered in SnapCenter that allows to gain access as an admin user. The affected versions are SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1.
CVE ID: CVE-2023-1096 (Critical)
A command injection vulnerability has been discovered in Edimax Wireless Router that allows to execute arbitrary code. The affected version is Edimax Wireless Router N300 Firmware BR-6428NS_v4.
CVE ID: CVE-2023-31983 (Critical)
A SQL injection vulnerability has been discovered in Maximilian Vogt companymaps (cmaps) that allows to execute arbitrary code.
CVE ID: CVE-2023-29809 (Critical)
An improper authentication vulnerability has been discovered in Word Press Developer's Essential Addons for Elementor plugin that can cause privilege escalation. The affected products are Essential Addons for Elementor pulgin from 5.4.0 through 5.7.1. The updates are available.
CVE ID: CVE-2023-32243 (Critical)
Dell has released security updates to address Tianocore EDK2 vulnerability in Dell PowerEdge Server that can be exploited to compromise the affected system.
CVE ID: CVE-2021-38578 (Medium)
Dell has released security updates to address multiple OpenSSL vulnerabilities in Dell PowerEdge Server that can be exploited to compromise the affected system.
CVE ID: CVE-2023-0215 (Medium), CVE-2022-4450 (Medium), CVE-2023-0286 (High), CVE-2022-4304 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 20.04 LTS, Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, Ubuntu 23.04, Ubuntu 22.10, and Ubuntu 22.04 LTS.
VMware has released security updates to address a reflected Cross Site Scripting (XSS) vulnerability in NSX-T which allows to inject HTML or JavaScript to redirect to malicious pages.
CVE ID: CVE-2023-20868 (Medium)
Apple has released security updates to address elevated privilege vulnerabilities in iTunes 12.12.9 for Windows 10 and later. An attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-32353, CVE-2023-32351
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A SQL injection vulnerability has been discovered in Adam Retail Automation Systems Mobilmen Terminal Software. The affected versions are Mobilmen Terminal Software before 3.
CVE ID: CVE-2023-1508 (Critical)
A vulnerability has been discovered in FLIR-DVTEL that allows to execute arbitrary code via a crafted request to the management page of the device.
CVE ID: CVE-2023-29861 (Critical)
A SQL injection vulnerability has been discovered in the FWP Visitor Statistics (Real Time Traffic) WordPress plugin.The affected versions are WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9.
CVE ID: CVE-2023-0600 (Critical)
A command injection vulnerability has been discovered in Edimax Wireless Router that allows to execute arbitrary code. The affected version is Edimax Wireless Router N300 Firmware BR-6428NS_v4.
CVE ID: CVE-2023-31986 (Critical)
An authentication bypass vulnerability has been discovered in Optoma 1080PSTX C02 that allows to access the administration console without valid credentials.
CVE ID: CVE-2023-27823 (Critical)
It has been discovered that SoftExpert (SE) Excellence Suite is vulnerable to Local File Inclusion in the function. The affected versions are SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3.
CVE ID: CVE-2023-30330 (Critical)
Mitsubishi Electric has released security update to address buffer overflow vulnerability in MELSEC Series CPU modules that leads to Denial of Service(DoS) and malicious code execution. The affected products are MELSEC iQ-F series version 1.220 and later.
CVE ID: CVE-2023-1424 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Tenda AC5 router. The affected version is Tenda AC5 router V15.03.06.28.
CVE ID: CVE-2023-31587 (Critical)
A SQL injection vulnerability has been discovered in Pharmacy Management System. The affected version is Pharmacy Management System v1.0.
CVE ID: CVE-2023-31519 (Critical)
An authentication bypass vulnerability has been discovered in RegistrationMagic plugin for WordPress. The affected versions are RegistrationMagic plugin for WordPress versions up to, and including 5.2.1.0.
CVE ID: CVE-2023-2499 (Critical)
It has been discovered LavaLite CMS is vulnerable to Web cache poisoning. The affected version is LavaLite CMS v 9.0.0.
CVE ID: CVE-2023-27238 (Critical)
A SQL Injection vulnerability has been discovered in Prestashop. The affected version is Prestashop possearchproducts 1.7.
CVE ID: CVE-2023-30192 (Critical)
Ubuntu has released security updates to address several vulnerabilities in the Linux kernel and tar. The affected products are Ubuntu 18.04 ESM, Ubuntu 16.04 ESM, Ubuntu 22.10, Ubuntu 22.04 LTS, and Ubuntu 23.04.
An open redirect vulnerability has been discovered in Tornado that allows to redirect to an arbitrary website, resulting in a phishing attack. The affected versions are Tornado versions 6.3.1 and earlier.
CVE ID: CVE-2023-28370 (Low)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Unrestricted Upload of File with Dangerous Type vulnerability has been discovered in "Rental Module" of Ideasoft's E-commerce Platform. This issue affects Rental Module: before 23.05.15.
CVE ID: CVE-2023-2712 (Critical)
A SQL injection vulnerability has been discovered in Judging Management System that allows to execute arbitrary code via the contestant_id parameter. The affected version is Judging Management System v.1.0.
CVE ID: CVE-2023-30246 (Critical)
A privilege escalation vulnerability has been discovered in PHP Gurukul Hospital Management System that allows to execute arbitrary code and access sensitive information via the session token parameter. The affected version is PHP Gurukul Hospital Management System In v.4.0.
CVE ID: CVE-2023-31498 (Critical)
A vulnerability has been discovered in LuaTeX, TeX Live & MiKTeX that allows to make arbitrary network requests. The affected versions are LuaTeX before 1.17.0, TeX Live before 2023 r66984 and MiKTeX before 23.5.
CVE ID: CVE-2023-32668 (Critical)
Multiple vulnerabilities have been discovered in Johnson Controls' OpenBlue Enterprise Manager Data Collector firmware which can lead to exposure of sensitive information. All OpenBlue Enterprise Manager Data Collector firmware versions prior to 3.2.5.75 are affected.
CVE ID: CVE-2023-2024, CVE-2023-2025
Microsoft has released Microsoft Edge Stable Channel (Version 113.0.1774.50), and Microsoft Edge Extended Stable Channel (Version Version 112.0.1722.84) to resolve multiple vulnerabilities.
A path traversal vulnerability has been discovered in Carlo Gavazzi's Equipment- Powersoft that allows to access and retrieve any file from the server. The affected version is Powersoft 2.1.1.1 and prior. Carlo Gavazzi will not issue a fix as this product is end-of-life.
CVE ID: CVE-2017-20184 (High)
An authentication bypass vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC WS Ethernet Interface Module. All versions of MELSEC WS Series WS0-GETH00200 are affected.
CVE ID: CVE-2023-1618 (High)
Apple has released security updates to address multiple vulnerabilities in its various products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-32402, CVE-2023-32423, CVE-2023-32409, CVE-2023-28204, CVE-2023-32373, CVE-2023-32388, CVE-2023-32400, CVE-2023-32399, CVE-2023-28191, CVE-2023-32417, CVE-2023-32392, CVE-2023-32372, CVE-2023-32384, CVE-2023-32354, CVE-2023-32420, CVE-2023-27930, CVE-2023-32398, CVE-2023-32413, CVE-2023-32352, CVE-2023-32407, CVE-2023-32368, CVE-2023-32403, CVE-2023-32390, CVE-2023-32357, CVE-2023-32391, CVE-2023-32404, CVE-2023-32394, CVE-2023-32376, CVE-2023-28202, CVE-2023-32412, CVE-2023-32408, CVE-2023-32389
Microsoft has released Microsoft Edge Stable Channel (Version 113.0.1774.50) and Microsoft Edge Extended Stable Channel (Version Version 112.0.1722.84) to resolve multiple vulnerabilities.
CVE ID: CVE-2023-2726, CVE-2023-2725, CVE-2023-2724, CVE-2023-2723, CVE-2023-2722, CVE-2023-2721
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM and Ubuntu 14.04 ESM.
Cisco has released security updates to address several vulnerabilities in Cisco Small Business Series switches. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20024 (High), CVE-2023-20156 (High), CVE-2023-20157 (High), CVE-2023-20158 (High), CVE-2023-20159 (Critical), CVE-2023-20160 (Critical), CVE-2023-20161 (Critical), CVE-2023-20162 (High), CVE-2023-20189 (Critical)
Drupal has released a security update to address the Server Side Request Forgery (SSRF) vulnerability that leads to information disclosure when File Chooser Field allows to upload files using 3rd party plugins such as Google Drive and Dropbox.
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-20864 (Medium), CVE-2023-20110 (Medium), CVE-2023-20173 (Medium), CVE-2023-20174 (Medium), CVE-2023-20166 (Medium), CVE-2023-20167 (Medium), CVE-2023-20163 (Medium), CVE-2023-20164 (Medium), CVE-2023-20077 (Medium), CVE-2023-20087 (Medium), CVE-2023-20106 (Medium), CVE-2023-20171 (Medium), CVE-2023-20172 (Medium), CVE-2023-20182 (Medium), CVE-2023-20183 (Medium), CVE-2023-20184 (Medium), CVE-2023-20003 (Medium)
Huawei has released a security update to address a traffic hijacking vulnerability in Huawei routers. The affected version is B535-232a 2.0.0.1(H318SP5C983).
CVE ID: CVE-2022-48469 (High)
A vulnerability has been discovered in Weaver E-Office 9.5 in which manipulation of the argument Filedata leads to unrestricted upload, which allows to initiate the attack remotely.
CVE ID: CVE-2023-2648 (Critical)
A Remote Code Execution (RCE) vulnerability via an XML document has been discovered in Shenzen Tenda Technology IP Camera CP3. The affected version is Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355.
CVE ID: CVE-2023-30353 (Critical)
A hard-coded default password vulnerability has been discovered in Shenzen Tenda Technology IP Camera CP3. The affected version is Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355.
CVE ID: CVE-2023-30352 (Critical)
A vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This vulnerability can allow an attacker to maintain access to a compromised account even after 2FA is enabled.
CVE ID: CVE-2023-28316 (Critical)
An OS command injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository appium/appium-desktop prior to v1.22.3-4.
CVE ID: CVE-2023-2479 (Critical)
Trend Micro has released updates to address an insecure DLL loading vulnerability in Trend Micro Security. The affected products are Trend Micro Security 2022/2023 17.7.1476 and earlier, and Trend Micro Security 2021 17.0.1412 and earlier.
CVE ID: CVE-2023-28929 (High)
It has been observed that BianLian Ransomwaregroup gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials and uses open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrates victim data via File Transfer Protocol (FTP), Rclone.
Google has released Extended Stable channel 112.0.5615.204 for Windows and Mac, Chrome Stable 113 (113.0.5672.121) for iOS, Stable channel 113.0.5672.126 for Mac and Linux & 113.0.5672.126/.127 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2023-2721 (Critical), CVE-2023-2722 (High), CVE-2023-2723 (High), CVE-2023-2724 (High), CVE-2023-2725 (High), CVE-2023-2726 (Medium)
Snap One has released security updates to address multiple vulnerabilities in its equipment OvrC Cloud, OvrC Pro Devices that can allow to impersonate and claim devices, execute arbitrary code and disclose information about the affected device. The affected version is Snap One OvrC Pro version 7.1.
CVE ID: CVE-2023-28649 (High), CVE-2023-28412 (Medium), CVE-2023-31241 (High), CVE-2023-31193 (High), CVE-2023-28386 (High), CVE-2023-31245 (High), CVE-2023-31240 (High), CVE-2023-25183 (High)
An improper input validation vulnerability has been discovered in Rockwell's Equipment ArmorStart that can allow a malicious user to view and modify sensitive data or make the web page unavailable. The affected versions are ArmorStart ST281E: Version 2.004.06 and later, ArmorStart ST284E: All versions, and ArmorStart ST280E: All versions.
CVE ID: CVE-2023-29031 (High), CVE-2023-29030 (High), CVE-2023-29023 (High), CVE-2023-29024 (Medium), CVE-2023-29025 (Medium), CVE-2023-29026 (Medium), CVE-2023-29027 (Medium), CVE-2023-29028 (Medium), CVE-2023-29029 (Medium), CVE-2023-29022 (Medium)
Multiple vulnerabilities such as a sandbox escape vulnerability and a vulnerability that allows to run untrusted code with Node's built-in modules have been discovered in the VM2 sandbox library. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-32314 (Critical), CVE-2023-32313 (Medium)
A critical vulnerability has been discovered in multiple products of WAGO that allows to create new users and change the device configuration, which can result in unintended behaviour, Denial of Service (DoS) and full system compromise.
CVE ID: CVE-2023-1698
Palo Alto Networks has released security updates to address a file disclosure vulnerability in Palo Alto Networks PAN-OS software that enables an authenticated read write administrator with access to the web interface to export local files from the firewall through a race condition.
CVE ID: CVE-2023-0008 (Medium)
VMware has released security updates to address deserialization and privilege escalation vulnerabilities in VMware Aria Operations. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20877 (High), CVE-2023-20878 (Medium), CVE-2023-20879 (Medium), CVE-2023-20880 (Medium)
Palo Alto Networks has released security updates to address a Cross Site Scripting (XSS) vulnerability in Palo Alto Networks PAN OS software on Panorama appliances that enables an authenticated read write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.
CVE ID: CVE-2023-0007 (Medium)
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird 102.11. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-32205 (High), CVE-2023-32206 (High), CVE-2023-32207 (High), CVE-2023-32211 (Medium), CVE-2023-32212 (Medium), CVE-2023-32213 (Medium), CVE-2023-32214 (Low), CVE-2023-32215 (High)
Microsoft has released updates to address multiple vulnerabilities in its software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-24941 (Critical), CVE-2023-24943 (Critical)
SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Adobe has released security updates to address multiple vulnerabilities in Adobe Substance 3D Painter. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-29273 (High), CVE-2023-29274 (High), CVE-2023-29275 (High), CVE-2023-29276 (High), CVE-2023-29277 (Medium), CVE-2023-29278 (High), CVE-2023-29279 (Medium), CVE-2023-29280 (High), CVE-2023-29281 (High), CVE-2023-29282 (High), CVE-2023-29283 (High), CVE-2023-29284 (High), CVE-2023-29285 (High), CVE-2023-29286 (Medium)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Windows Network File System.
CVE ID: CVE-2023-24941 (Critical)
Siemens has released security updates to resolve code execution vulnerability in Siveillance Video Event and Management Servers.
CVE ID: CVE-2023-30899 (Critical), CVE-2023-30898 (Critical)
Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Windows Pragmatic General Multicast (PGM).
CVE ID: CVE-2023-24943 (Critical)
Siemens has released security updates to resolve multiple vulnerabilities in SCALANCE LPE9403 all versions before V2.1.
CVE ID: CVE-2023-27407 (Critical), CVE-2023-27408 (Low), CVE-2023-27409 (Low), CVE-2023-27410 (Low)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Ubuntu has released security updates to address a vulnerability in Django that can allow attacker to bypass certain validations. The affected products are Ubuntu 23.04, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 ESM.
CVE ID: CVE-2023-31047 (Medium)
Remote Command Execution vulnerability has been discovered in Cisco SPA112 2-Port Phone Adapters that can allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Cisco SPA112 2-Port Phone Adapters have entered the end-of-life process.
CVE ID: CVE-2023-20126 (Critical)
Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are Spiffy Calendar plugin, Participants Database plugin, and Contact Form 7 extension for Google Map fields plugin. Security updates & patches are available.
Google has released Chrome Beta 114 (114.0.5735.14) for Android, Beta channel OS version: 15393.44.0 Browser version: 113.0.5672.85 for most ChromeOS devices, and Chrome 114.0.5735.16 Windows, Mac and Linux.
Apple has released Beats Firmware Update 5B66 to address an authentication vulnerability in Powerbeats Pro, Beats Fit Pro. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-27964
Ubuntu has released security updates to address invalid Blowfish password hashes vulnerability in PHP that can allow applications to accept any password as valid, contrary to expectations. The affected product is Ubuntu 16.04 ESM.
CVE ID: CVE-2023-0567 (Medium)
Google has released Chrome 113 (113.0.5672.76/.77) for Android, Extended Stable channel 112.0.5615.179 for Windows and Mac, Chrome 113.0.5672.63 for Linux and Mac, Chrome 113.0.5672.63/.64 for Windows, Chrome Beta 113 (113.0.5672.77) for Android, Chrome Stable 113 (113.0.5672.69) for iOS, and Chrome Stable 113 (113.0.5672.69) for iOS.
CVE ID: CVE-2023-2459 (Medium), CVE-2023-2460 (Medium), CVE-2023-2461 (Medium), CVE-2023-2462 (Medium), CVE-2023-2463 (Medium), CVE-2023-2464 (Medium), CVE-2023-2465 (Medium), CVE-2023-2466 (Low), CVE-2023-2467 (Low), CVE-2023-2468 (Low)
Zyxel has released security updates to address multiple vulnerabilities in NBG6604 home router, and NBG-418N v2 home router.
CVE ID: CVE-2023-22919 (High), CVE-2023-22921 (High), CVE-2023-22922 (High), CVE-2023-22923 (Medium), CVE-2023-22924
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
SQL injection vulnerability has been discovered in Steveas WP Live Chat Shoutbox WordPress plugin. The affected versions are Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2.
CVE ID: CVE-2023-1020 (Critical)
Session Validation attack vulnerability has been discovered in Apache Superset. The affected versions are Apache Superset versions up to and including 2.0.1.
CVE ID: CVE-2023-27524 (Critical)
A vulnerability has been discovered in White Rabbit Switch, which makes it possible for an attacker to perform system commands under the context of the web application.Â
CVE ID: CVE-2023-22581 (Critical)
Cross-site Scripting (XSS) vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository sidekiq/sidekiq prior to 7.0.8.
CVE ID: CVE-2023-1892 (Critical)
Security bypass vulnerability has been discovered in Spring Boot on Cloud Foundry. The affected versions are Spring Boot 3.0.0 to 3.0.5, 2.7.0 to 2.7.10, and older unsupported versions.
CVE ID: CVE-2023-20873 (Critical)
WordPress Released security update to resolve Stored Cross-Site Scripting vulnerability in Advanced Woo Search plugin. The affected versions are Advanced Woo Search versions up to, and including, 2.77.
CVE ID: CVE-2023-2452 (Medium)
WordPress Released security update to resolve Reflected Cross-Site Scripting vulnerability in WP EasyPay plugin. The affected versions are WP EasyPay versions up to, and including, 4.0.4.
CVE ID: CVE-2023-1465 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-05-05 or later, address all of these issues.
Insufficient access control vulnerability has been discovered in Moxa MiiNePort E1. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.
CVE ID: CVE-2023-28697 (Critical)
Deserialization of Untrusted Data vulnerability has been discovered in aEnrich Technology a+HRD. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.
CVE ID: CVE-2023-20853 (Critical)
Stack-based buffer overflow vulnerability has been discovered in Tenda AC15. The affected version is Tenda AC15 V15.03.05.19.
CVE ID: CVE-2023-30378 (Critical)
Incorrect Access Control vulnerability has been discovered in PowerJob that allows for remote code execution. The affected version is PowerJob V4.3.1.
CVE ID: CVE-2023-29924 (Critical)
Weak Password Requirements vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository modoboa/modoboa prior to 2.1.0.
CVE ID: CVE-2023-2160 (Critical)
Insufficient Verification of Data Authenticity vulnerability has been discovered in AMI MegaRAC. The affected versions are AMI MegaRAC SPx12 and SPx13.
CVE ID: CVE-2023-28863 (Critical)
Multiple vulnerabilities such as Binding to an Unrestricted IP Address, and Execution with Unnecessary Privileges have been discovered in Illumina's Equipment- Universal Copy Service (UCS). Successful exploitation of these vulnerabilities can allow an attacker to take any action at the operating system level.
CVE ID: CVE-2023-1968 (Critical), CVE-2023-1966 (High)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel, and OpenSSL-ibmca. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
CVE ID: CVE-2023-1829 (High)
Multiple vulnerabilities have been discovered in Intel products that affects multiple Mitsubishi Electric FA products. These vulnerabilities allow a malicious attacker to enable escalation of privilege, disclose parameter information in the affected products, and cause a Denial-of-Service (DoS) condition.
CVE ID: CVE-2020-24512 (Low), CVE-2022-0002 (Medium), CVE-2021-0086 (Medium), CVE-2021-0089 (Medium), CVE-2021-0127 (Medium), CVE-2021-33150 (Medium), CVE-2021-33150 (Medium), CVE-2021-0127 (Medium), CVE-2021-0146 (High), CVE-2020-8670 (High), CVE-2020-24489 (High)
Google has released Dev channel 114.0.5735.6 for Mac and Linux, windows, Beta channel OS version: 15393.38.0 Browser version: 113.0.5672.67 for most ChromeOS devices, Chrome Dev 114 (114.0.5735.7) for Android, LTS channel 108.0.5359.230 (Platform Version: 15183.93.0) for most ChromeOS devices, and Chrome Beta 113 (113.0.5672.67) for iOS.
CVE ID: CVE-2023-1532 (High), CVE-2023-1811 (High), CVE-2023-2136 (High), CVE-2023-2033 (High), CVE-2023-0266 (High), CVE-2022-2196 (High), CVE-2023-26083 (High), CVE-2023-1281 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.
Cross-Site Scripting vulnerability has been discovered in the web-based management interface of Cisco Prime Collaboration Deployment that can allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The affected versions are Cisco Prime Collaboration Deployment 14 and earlier.
CVE ID: CVE-2023-20060 (Medium)
Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are WP BrowserUpdate plugin, Logo Scheduler plugin, Simple Giveaways plugin, Integration for Contact Form 7 HubSpot plugin, Easy Bet plugin, and WooCommerce Multivendor Marketplace-REST API plugin. Security updates & patches are available for some plugins.
CVE ID: CVE-2023-31078 (Medium), CVE-2023-28690 (Medium), CVE-2023-30875 (Medium), CVE-2023-31086 (Medium), CVE-2023-31095 (Medium), CVE-2023-31092 (High), CVE-2023-2275 (Medium)
Google has released Chrome 113 (113.0.5672.61/62) for Android, Chrome Beta 113 (113.0.5672.62) for Android, Stable channel 113.0.5672.63 for Windows and Mac, and Beta channel 113.0.5672.63 for Windows, Linux and Mac.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Schneider Electric is aware of a publicly available exploit affecting KNX home and building automation systems. The products used in these systems may come from a variety of different vendors, including Schneider Electric spaceLYnk, Wiser for KNX, and FellerLYnk products. The exploit consists of direct access to product functions and brute force attacks on the panel, which can lead to unauthorized access to product features.
CVE ID: CVE-2020-7525 (High), CVE-2022-22809 (Medium)
Deserialization of Untrusted Data vulnerability has been discovered in Keysight's Equipment- N8844A Data Analytics Web Service that lead to remote code execution. The affected versions are N8844A Data Analytics Web Service 2.1.7351 and prior.
CVE ID: CVE-2023-1967 (Critical)
VMware has released security updates to address multiple vulnerabilities in VMware Workstation and Fusion. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20869 (Critical), CVE-2023-20870 (Medium), CVE-2023-20871 (High), CVE-2023-20872 (High)
Multiple vulnerabilities have been discovered in several Hitachi Energy products. An attacker can exploit these vulnerabilities to take control of an affected system. The workarounds/mitigations are available.
CVE ID: CVE-2022-40674 (Critical), CVE-2022-43680 (High), CVE-2023-0286 (High), CVE-2022-4304 (Medium), CVE-2022-23937 (High), CVE-2022-0778 (High), CVE-2021-3711 (Critical), CVE-2021-3712 (High), CVE-2021-43298 (Critical), CVE-2020-15688 (High), CVE-2019-16645 (High), CVE-2019-12822 (High), CVE-2018-15504 (High), CVE-2018-15505 (High), CVE-2021-41615 (Critical), CVE-2023-23916 (High)
A vulnerability has been discovered in Service Location Protocol (SLP) that allows an unauthenticated remote attacker to register arbitrary services. This can allow an attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.
CVE ID: CVE-2023-29552
Scada-LTS has released security update to address Cross-site Scripting vulnerability in its equipment- Scada-LTS that allow loss of sensitive information and execution of arbitrary code. The affected versions are Scada-LTS Versions 2.7.4 and prior.
CVE ID: CVE-2015-1179 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Microsoft has released Microsoft Edge Stable Channel (Version 109.0.1518.100) to resolve multiple vulnerabilities.
CVE ID: CVE-2023-2033, CVE-2023-2136
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Heap-based buffer overflow vulnerability has been discovered in OMRON CX-Drive. The affected versions are CX-Drive V3.01 and earlier.
CVE ID: CVE-2023-27385 (High)
Cross-site scripting vulnerability has been discovered in 'Appointment and Event Booking Calendar for WordPress - Amelia' WordPress plugin. The affected versions are Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76.
CVE ID: CVE-2023-27918 (Medium)
Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are Formilla Live Chat plugin, Formilla Edge plugin, Modal Dialog plugin and Formilla Chat and Marketing Automation plugin. Security updates & patches are available.
Command injection vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK X18 V9.1.0cu.2024_B20220329.
CVE ID: CVE-2023-29801 (Critical)
Authentication Bypass by Primary Weakness vulnerability has been discovered in DTS Electronics Redline Router firmware that allows Authentication Bypass. The affected versions are Redline Router before 7.17.
CVE ID: CVE-2023-1833 (Critical)
Authentication Bypass by Alternate Name vulnerability has been discovered in DTS Electronics Redline Router firmware that allows Authentication Bypass. The affected versions are Redline Router before 7.17.
CVE ID: CVE-2023-1803 (Critical)
Directory Traversal vulnerability has been discovered in T-ME Studios Change Color of Keypad that allows a remote attacker to execute arbitrary code via the dex file in the internal storage. The affected version is T-ME Studios Change Color of Keypad v.1.275.1.277.
CVE ID: CVE-2023-27648 (Critical)
It has been discovered that Diasoft File Replication Pro allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that is executed as LocalSystem. The affected version is Diasoft File Replication Pro 7.5.0.
CVE ID: CVE-2023-26918 (Critical)
Debian has released a security update to resolve multiple vulnerabilities in curl, redis, and connman.
CVE ID: CVE-2023-27533 (High), CVE-2023-27535 (High), CVE-2023-27536 (Critical), CVE-2023-27538 (Medium), CVE-2023-28488 (Medium), CVE-2023-28856 (Medium)
A code injection vulnerability has been discovered in DedeCMS that affects the function GetSystemFile of the file module_main.php. The affected versions are DedeCMS up to 5.7.87.
CVE ID: CVE-2023-2056 (Critical)
A SQL injection vulnerability has been discovered in Eskom Computer Water Metering Software that allows command line execution. The affected versions are Water Metering Software: before 23.04.06.
CVE ID: CVE-2023-1863 (Critical)
A Denial of Service (DoS) vulnerability has been discovered in DUALSPACE Super Security. The affected version is DUALSPACE Super Security v.2.3.7.
CVE ID: CVE-2023-27192 (Critical)
Google has released Stable channel 109.0.5414.141 for Windows Server 2012 and Windows Server 2012 R2, Dev channel 114.0.5720.4 for Windows, Mac and Linux, and Chrome Dev 114 (114.0.5720.3) for Android.
A buffer overflow vulnerability has been discovered in SNIProxy that can lead to arbitrary code execution. The affected versions are SNIProxy 0.6.0-2 and the master branch.
CVE ID: CVE-2023-25076 (Critical)
An OS command injection vulnerability has been discovered in INEA's Equipment- ME RTU that can allow Remote Code Execution (RCE). The affected versions are ME RTU prior to 3.36.
CVE ID: CVE-2023-2131 (Critical)
VMware has released security updates to address deserialization and command injection vulnerabilities in VMware Aria Operations for Logs. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20864 (Critical), CVE-2023-20865 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A Cross Site Request Forgery (CSRF) vulnerability has been discovered in LIQUID SPEECH BALLOON WordPress plugin. The affected versions are LIQUID SPEECH BALLOON versions prior to 1.2.
CVE ID: CVE-2023-27889 (Medium)
Cisco has released security updates to address command injection and file permissions vulnerabilities in Cisco Industrial Network Director (IND). An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20036 (Critical), CVE-2023-20039 (Medium)
An authentication bypass vulnerability has been discovered in Cisco Modeling Labs that can allow an unauthenticated, remote attacker to access the web interface with administrative privileges. The mitigation and workaround are available.
CVE ID: CVE-2023-20154 (Critical)
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20046 (High), CVE-2023-20125 (High), CVE-2023-20051 (Medium), CVE-2023-20098 (Medium), CVE-2023-20004 (Medium), CVE-2023-20090 (Medium), CVE-2023-20091 (Medium), CVE-2023-20092 (Medium), CVE-2023-20093 (Medium), CVE-2023-20094 (Medium)
Google has released Stable channel 112.0.5615.134 (Platform version: 15359.58.0) for most ChromeOS devices, Beta channel 113.0.5672.53 for Windows, Mac and Linux, Chrome Beta 113 (113.0.5672.54) for iOS, Chrome Beta 113 (113.0.5672.51) for Android and Chrome Stable 112 (112.0.5615.70) for iOS.
NVIDIA has released a security update for NVIDIA DGX-1 firmware to address arbitrary code execution, Denial of Service (DoS), escalation of privileges, information disclosure, data tampering, and SecureBoot bypass vulnerabilities. The affected products & versions are DGX-1, all BMC versions prior to 3.39.3 and DGX-1, all SBIOS prior to S2W_3A13.
CVE ID: CVE-2023-0209 (High), CVE-2023-25505 (High), CVE-2023-25506 (High), CVE-2023-25507 (High), CVE-2023-25508 (Medium), CVE-2023-25509 (Medium)
Foxit has released updated Foxit PDF Reader 12.1.2 and Foxit PDF Editor 12.1.2 to resolve multiple vulnerabilities in Foxit PDF Reader 12.1.1.15289 & earlier, Foxit PDF Editor 12.1.1.15289 & all previous 12.x versions, 11.2.5.53785 & all previous 11.x versions and 10.1.11.37866 and earlier.
GitLab has released Community Edition and Enterprise Edition version 15.8.6 to resolve a number of regressions and bugs in the 15.8 release and prior versions.
Google has released Chrome 112 (112.0.5615.135/.136) for Android, Beta channel OS version: 15393.27.0, Browser version: 113.0.5672.46 for most ChromeOS devices, and Chrome Stable 112 (112.0.5615.69) for iOS and Stable and extended stable channel 112.0.5615.137/138 for Windows and 112.0.5615.137 for Mac and 112.0.5615.165 for Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2023-2133 (High), CVE-2023-2134 (High), CVE-2023-2135 (High), CVE-2023-2136 (High), CVE-2023-2137 (Medium)
NVIDIA has released security updates to resolve multiple vulnerabilities in NVIDIA ConnectX firmware that lead to Denial of Service (DoS). The affected versions are NVIDIA ConnectX Firmware prior to 35.1012.
CVE ID: CVE?2023?0204 (Medium), CVE?2023?0203 (Medium), CVE?2023?0205 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM and Ubuntu 14.04 ESM.
Missing authentication for critical function vulnerability has been discovered in Omron's Equipment- SYSMAC CS/CJ Series that allow to access sensitive information in the file system and memory.
CVE ID: CVE-2022-45794 (High)
Oracle has released its critical patch update for April 2023 to address 433 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Stored Cross-Site Scripting (XSS) and Cross Site Request Forgery (CSRF) vulnerabilities have been discovered in SEIKO EPSON printers/network interface Web Config.
CVE ID: CVE-2023-23572 (Medium), CVE-2023-27520 (Medium)
Multiple vulnerabilities in Factory Interface Network Service ( FINS ) are affecting Omron Programmable Logic Controller (PLC) used in Factory Automation (FA) networks built with Omron products. The affected products are all versions of SYSMAC CS-series CPU Units, SYSMAC CJ-series CPU Units, SYSMAC CP-series CPU Units, SYSMAC NJ-series CPU Units, SYSMAC NX1P-series CPU Units & SYSMAC NX102-series CPU Units and version 1.16 or later of SYSMAC NX7 Database Connection CPU Units.
CVE ID: CVE-2023-23572 (Medium), CVE-2023-27520 (Medium)
WordPress has released security updates to resolve the Reflected Cross-Site Scripting (XSS) vulnerability in the LearnPress - Export/Import Courses plugin. The affected versions are LearnPress - Export/Import Courses plugin versions up to, and including, 4.0.2.
CVE ID: CVE-2023-30487 (Medium)
WordPress has released security updates to resolve Stored Cross-Site Scripting (XSS) vulnerability via the plugin's shortcode(s) in the Locatoraid Store Locator plugin. The affected versions are Locatoraid Store Locator plugin versions up to, and including, 3.9.14.
CVE ID: CVE-2023-2031 (Medium)
WordPress has released security updates to resolve Reflected Cross-Site Scripting (XSS) vulnerability via the search_term parameter in the Responsive Filterable Portfolio plugin. The affected versions are Responsive Filterable Portfolio plugin versions up to, and including, 1.0.19.
CVE ID: CVE-2023-2119 (Medium)
WordPress has released security updates to resolve Reflected Cross-Site Scripting vulnerability via the search_term parameter in the Thumbnail carousel slider plugin. The affected versions are Thumbnail carousel slider plugin versions up to, and including, 1.1.9.
CVE ID: CVE-2023-2120 (Medium)
Google has released LTS channel 108.0.5359.228 (Platform Version: 15183.90.0) for most ChromeOS devices, and Dev channel 114.0.5714.0 for Windows, Mac and Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2023-1529 (High), CVE-2023-1528 (High), CVE-2023-1533 (High), CVE-2023-1534 (High), CVE-2023-1530 (High)
Netgear has released security updates to address the post-authentication buffer overflow vulnerability in RAX30. The affected versions are RAX30 firmware prior to version 1.0.9.92.
A vulnerability in exception sanitization of vm2 has been discovered that allows to bypass the sandbox protection to gain remote code execution rights on the host running the sandbox. The affected versions are vm2 3.9.16 and below.
CVE ID: CVE-2023-30547 (Critical)
A vulnerability has been discovered in the source code transformer of vm2 that allows to bypass and leak unsanitized host exceptions. The affected versions are vm2 3.9.16 and below.
CVE ID: CVE-2023-29199 (Critical)
An authentication bypass vulnerability has been discovered in the ZM Ajax Login & Register plugin for WordPress. The affected versions are ZM Ajax Login & Register plugin before 2.0.2.
CVE ID: CVE-2023-2027 (Critical)
Multiple Cross-Site Scripting (XSS) vulnerabilities have been discovered in Contact Form to DB plugin, and Vimeotheque plugin for WordPress. Security updates & patches are available.
Google has released Chrome 112 (112.0.5615.100/.101) for Android, and Stable & extended stable channel 112.0.5615.121 for Windows, Mac & Linux to resolve vulnerability.
CVE ID: CVE-2023-2033 (High)
Cyber Security agencies commonly release guidelines for technology manufacturers to ensure security of products named "Shifting the Balance of Cybersecurity Risk: Security-by-Design and Default". This guide represents an international effort to reduce exploitable vulnerabilities in technology used by the government and private sector organizations.
Multiple vulnerabilities have been discovered in Datakit's Equipment- CrossCAD/Ware_x64 library that allow to disclose sensitive information or execute arbitrary code. All versions of CrossCAD/Ware_x64 library prior to 2023.1 are affected.
CVE ID: CVE-2023-22295 (Low), CVE-2023-22321 (Low), CVE-2023-22354 (Low), CVE-2023-22846 (Low), CVE-2023-23579 (High)
Palo Alto Networks has released security updates to resolve exposure of sensitive information and local file deletion vulnerabilities in its products.
CVE ID: CVE-2023-0004 (Medium), CVE-2023-0006 (Medium), CVE-2023-0005 (Medium)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2023-30513 (Medium), CVE-2023-30514 (Medium), CVE-2023-30515 (Medium), CVE-2023-30516 (Medium), CVE-2023-30517 (Medium), CVE-2023-30518 (Medium), CVE-2023-30519 (Medium), CVE-2023-30520 (High), CVE-2023-30521 (Medium), CVE-2023-30522 (Medium), CVE-2023-30523 (Medium), CVE-2023-30524 (Medium), CVE-2023-30525 (Medium), CVE-2023-30526 (Medium), CVE-2023-30527 (Low), CVE-2023-30528 (Low), CVE-2023-30529 (Medium), CVE-2023-30530 (Medium), CVE-2023-30531 (Medium), CVE-2023-30532 (Medium)
Juniper has released security updates to address multiple vulnerabilities in its products and third-party components. An attacker can exploit these vulnerabilities to take control of an affected system.
Juniper has released security updates to address a vulnerability in Apache Commons Text, third party software component, that affects Juniper Secure Analytics (JSA). The affected versions are Juniper Networks Security Threat Response Manager (STRM) versions prior to 7.5.0UP4 on JSA Series.
CVE ID: CVE-2022-42889 (Critical)
Multiple vulnerabilities have been discovered in the Forminator plugin and the AI ChatBot plugin for WordPress. Security updates & patches are available.
Microsoft has released updates to address multiple vulnerabilities in its software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-28250 (Critical), CVE-2023-21554 (Critical)
Microsoft has released security updates to address the Remote Code Execution (RCE) vulnerability in Microsoft Message Queuing.
CVE ID: CVE-2023-21554 (Critical)
Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the Operating System (OS) and recommends updating to the latest versions.
CVE ID: CVE-2020-28895 (High), CVE-2020-35198 (Critical)
Siemens has released security updates to resolve a command injection vulnerability in CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 that allow to perform Remote Code Execution (RCE).
CVE ID: CVE-2023-28489 (Critical)
Siemens has released a security update to resolve multiple vulnerabilities in the third-party components cURL, BusyBox, libtirpc, Expat & Linux Kernel used in SCALANCE XCM332 devices. Successful exploitation of vulnerabilities can impact confidentiality, integrity and availability of devices.
CVE ID: CVE-2021-46828 (High), CVE-2022-1652 (High), CVE-2022-1729 (High), CVE-2022-30065 (High), CVE-2022-32205 (Medium), CVE-2022-32206 (Medium), CVE-2022-32207 (Critical), CVE-2022-32208 (Medium), CVE-2022-35252 (High), CVE-2022-40674 (Critical)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2021-40359 (Critical), CVE-2020-28895 (High), CVE-2020-35198 (Critical), CVE-2022-32207 (Critical), CVE-2022-32208 (Medium), CVE-2022-35252 (High), CVE-2022-40674 (Critical), CVE-2023-28489 (Critical), CVE-2022-26649 (Critical), CVE-2021-37208 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
Microsoft has released security updates to address the Remote Code Execution (RCE) vulnerability in Windows Point-to-Point Tunneling Protocol.
CVE ID: CVE-2023-28232 (High)
Microsoft has released security updates to address an elevation of privilege vulnerability in Windows Common Log File System Driver.
CVE ID: CVE-2023-28252 (High)
Trellix has released a security update to address an improper privilege management vulnerability in Trellix Threat Intelligence Exchange (TIE). The affected versions are Trellix Threat Intelligence Exchange 4.0.0 and earlier.
CVE ID: CVE-2023-22809 (High)
A missing authentication for critical function vulnerability has been discovered in FortiPresence infrastructure server that may allow to access the Redis and MongoDB instances via crafted authentication requests. The affected products are FortiPresence 1.2 all versions, FortiPresence 1.1 all versions and FortiPresence 1.0 all versions. Security updates are available.
CVE ID: CVE-2022-41331 (Critical)
A path traversal vulnerability has been discovered in FANUC's Equipment- ROBOGUIDE-HandlingPRO that allows to read and/or overwrite files on the system running the affected software. The affected versions are ROBOGUIDE-HandlingPRO: Versions 9 Rev.ZD and prior. Security updates are available.
CVE ID: CVE-2023-1864 (Medium)
Microsoft has released guidance against threat actor's BlackLotus campaign which is exploiting secure boot security feature bypass vulnerability (CVE-2022-21894) via a Unified Extensible Firmware Interface (UEFI) bootkit. Adversary uses CVE-2022-21894, also known as Baton Drop, to bypass Windows Secure Boot and subsequently deploy malicious files to the EFI System Partition (ESP) that are launched by the UEFI firmware. Microsoft guidance covers techniques to determine if devices in an organization are infected and recovery & prevention strategies to protect the environment.
WordPress has released security updates to resolve the sandbox bypass vulnerability in the JS webpack package. The affected versions are JS package webpack package versions up to, and including, 5.75.0.
CVE ID: CVE-2023-28154 (High)
WordPress has released security updates to resolve stored Cross-Site Scripting (XSS) vulnerability in PowerPress plugin. The affected versions are PowerPress plugin versions up to, and including, 10.0.
CVE ID: CVE-2023-1917 (Medium)
Schneider Electric has released security updates to resolve multiple vulnerabilities in APC and Schneider Electric-branded Easy UPS Online Monitoring Software. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-29410 (High), CVE-2022-4224 (High), CVE-2023-28355 (High), CVE-2022-4046 (High), CVE-2023-27976 (High), CVE-2023-1548 (Medium), CVE-2023-29411 (Critical), CVE-2023-29412 (Critical), CVE-2023-29413 (High), CVE-2023-25619 (High), CVE-2023-25620 (Medium), CVE-2022-34755 (Medium), CVE-2022-45788 (High), CVE-2022-0221 (Medium)
SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-27267 (Critical), CVE-2022-41272 (Critical), CVE-2023-28765 (Critical), CVE-2023-27269 (Critical), CVE-2023-29186 (High)
Red Hat has released security updates to address multiple vulnerabilities in several products.
CVE ID: CVE-2023-1748 (Critical), CVE-2023-1749 (Medium), CVE-2023-1750 (High), CVE-2023-1751 (High), CVE-2023-1752 (High)
Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Hikvision has released security update to resolve an access control vulnerability in Hikvision Hybrid SAN/Cluster Storage products that can be used to obtain the admin permission.
CVE ID: CVE-2023-28808 (Critical)
Ubuntu has released a security update to address a vulnerability in the irssi package. The affected product is Ubuntu 22.10.
CVE ID: CVE-2023-29132 (High)
Multiple vulnerabilities have been discovered in various WordPress plugins. The affected plugins are tencentcloud-cos plugin, MC Woocommerce Wishlist plugin, a3 Portfolio plugin and Better Search plugin. Security updates & patches are available for MC Woocommerce Wishlist plugin, a3 Portfolio plugin and Better Search plugin.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released security updates to resolve multiple vulnerabilities in lldpd and udisks2.
CVE ID: CVE-2020-27827 (High), CVE-2021-43612 (High), CVE-2021-3802 (Medium)
Red Hat has released security updates to address multiple vulnerabilities in several products.
CVE ID: CVE-2023-1748 (Critical), CVE-2023-1749 (Medium), CVE-2023-1750 (High), CVE-2023-1751 (High), CVE-2023-1752 (High)
Apple has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-28205, CVE-2023-28206
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
External Control of File Name or Path vulnerability has been discovered in Industrial Control Links' Equipment- ScadaFlex II SCADA Controllers. Successful exploitation of this vulnerability may allow an authenticated attacker to overwrite, delete, or create files. CVE ID: CVE-2022-25359 (Critical)
OS Command Injection vulnerability has been discovered in mySCADA Technologies' Equipment- mySCADA myPRO. Successful exploitation of this vulnerability may allow an authenticated user to inject arbitrary operating system commands. The affected versions are myPRO: versions 8.26.0 and prior.
CVE ID: CVE-2023-28400 (Critical), CVE-2023-28716 (Critical), CVE-2023-28384 (Critical), CVE-2023-29169 (Critical), CVE-2023-29150 (Critical)
Google has released Stable channel 112.0.5615.62 (Platform version: 15359.45.0) for most ChromeOS devices, Dev channel 114.0.5696.0 for Windows, Linux and Mac, Chrome Dev 114 (114.0.5696.0) for Android, Beta channel OS version: 15393.12.0 Browser version: 113.0.5672.21 for most ChromeOS devices, Chrome 113.0.5672.24 for Windows, Mac and Linux, and Chrome Beta 113 (113.0.5672.24) for Android.
JTEKT ELECTRONICS CORPORATION has released security updates to address out of bounds read, out of bounds write, and use after free vulnerabilities in its equipment- Screen Creator Advance 2. The affected version is JTEKT ELECTRONICS Screen Creator Advance 2: Ver0.1.1.4 Build01.
CVE ID: CVE-2023-22345 (High), CVE-2023-22346 (High), CVE-2023-22347 (High), CVE-2023-22349 (High), CVE-2023-22350 (High), CVE-2023-22353 (High), CVE-2023-22360 (High)
JTEKT ELECTRONICS CORPORATION has released security updates to address out of bounds read and use after free vulnerabilities in its equipment- Kostac PLC Programming Software. The affected versions are JTEKT ELECTRONICS Kostac PLC Programing Software: Versions 1.6.9.0 and earlier.
CVE ID: CVE-2023-22419 (High), CVE-2023-22421 (High), CVE-2023-22424 (High)
Multiple vulnerabilities have been discovered in Korenix's Equipment- Jetwave that can allow to gain full access to the underlying operating system of the device or cause a Denial of Service (DoS) condition.
CVE ID: CVE-2023-23294 (High), CVE-2023-23295 (High), CVE-2023-23296 (Medium)
Microsoft has released Microsoft Edge Stable Channel (Version 112.0.1722.34) to resolve multiple vulnerabilities.
CVE ID: CVE-2023-28284 (Medium), CVE-2023-24935 (Low), CVE-2023-28301 (Medium)
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker may exploit these vulnerabilities to take control of an affected system.
An elevation of privilege vulnerability has been discovered in Yokogawa CENTUM Authentication Mode because of cleartext storage of sensitive information. The mitigation is available.
CVE ID: CVE-2023-26593 (Medium)
Multiple vulnerabilities have been discovered in Nexx's Equipment- Garage Door Controller, Smart Plug and in Smart Alarm that can allow to receive sensitive information, execute Application Programmable Interface (API) requests, or can hijack devices. The affected versions are Nexx Garage Door Controller (NXG-100B, NXG-200): nxg200v-p3-4-1 and prior, Nexx Smart Plug (NXPG-100W): nxpg100cv4-0-0 and prior, and Nexx Smart Alarm (NXAL-100): nxal100v-p1-9-1and prior. CVE ID: CVE-2023-1748 (Critical), CVE-2023-1749 (Medium), CVE-2023-1750 (High), CVE-2023-1751 (High), CVE-2023-1752 (High)
Google has released Dev channel OS version: 15393.12.0 Browser version: 113.0.5672.21 for most ChromeOS devices, Chrome Dev 113 (113.0.5672.24) & Chrome 112 (112.0.5615.47/.48) for Android, Chrome Stable 112 (112.0.5615.46) for iOS, and Dev channel 113.0.5672.24 for Windows, Linux and Mac and Chrome 112.0.5615.49 (Linux and Mac) & 112.0.5615.49/50( Windows) tor resolve multiple vulnerabilities.
CVE ID: CVE-2023-1810 (High), CVE-2023-1811 (High), CVE-2023-1812 (Medium), CVE-2023-1813 (Medium), CVE-2023-1814 (Medium), CVE-2023-1815 (Medium), CVE-2023-1816 (Medium), CVE-2023-1817 (Medium), CVE-2023-1818 (Medium), CVE-2023-1819 (Medium), CVE-2023-1820 (Medium), CVE-2023-1821 (Low), CVE-2023-1822 (Low), CVE-2023-1823 (Low)
It has been discovered that Rorschach ransomware is targeting Palo Alto Networks Products by using the DLL side-loading technique. The updates are available.
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-04-05 or later, address all of these issues.
Trellix has released security updates to address improper preservation of permissions and heap based buffer overflow vulnerabilities in Trellix Agent. The affected versions are Trellix Agent IS 5.7.8 and earlier.
CVE ID: CVE-2023-0975 (High), CVE-2023-0977 (Medium)
A vulnerability has been discovered in the IEEE 802.11 implementation of SonicWall which allows to spoof the MAC address of a device on the network and send power-saving frames to access points, forcing them to start queuing frames destined for the target.
CVE ID: CVE-2022-47522 (Low)
Vulnerability has been discovered in 3CX DesktopApp's Electron Windows App. The affected versions are Electron Mac App version numbers 18.11.1213 shipped with Update 6, and 18.12.402, 18.12.407 & 18.12.416 in Update 7.
Samba has released security updates to address multiple vulnerabilities in its products. All versions of Samba since 4.0 prior to 4.16.10, 4.17.7, 4.18.1 are affected.
CVE ID: CVE-2023-0225 (Medium), CVE-2023-0922 (Medium), CVE-2023-0614 (High)
Multiple vulnerabilities have been discovered in Hitachi Energy's MicroSCADA System Data Manager SDM600 products. The affected versions are: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291), and All SDM600 versions prior to version 1.3.0 (Build Nr. 1.3.0.1339). The updates & mitigations are available.
CVE ID: CVE-2022-3682 (Critical), CVE-2022-3683 (High), CVE-2022-3684 (High), CVE-2022-3685 (High), CVE-2022-3686 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 16.04 ESM.
Dell has released a security update to address a broken or risky cryptographic algorithm vulnerability in Dell CloudLink that can lead to information disclosure. The affected versions are Dell CloudLink 7.1.2 and prior.
CVE ID: CVE-2023-28082 (Medium)
Mozilla has released a security update to address a Denial of Service (DoS) vulnerability in Thunderbird 102.9.1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-28427 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A vulnerability has been discovered that can be exploited by providing a modified firmware update image in OMICRON StationGuard and OMICRON StationScout allows to gain root access to the system. The affected versions are OMICRON StationGuard and OMICRON StationScout before 2.21.
CVE ID: CVE-2023-28610 (Critical)
A command injection vulnerability has been discovered in TP-Link MR3020 that allows to execute arbitrary commands via a crafted request to the tftp endpoint. The affected version is TP-Link MR3020 v.1_150921.
CVE ID: CVE-2023-27078 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, and Ubuntu 22.10.
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in WordPress TH Side Cart and Menu Cart plugin. The affected versions are TH Side Cart and Menu Cart plugin versions up to, and including, 1.1.1.
Apple has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-27965, CVE-2023-27932, CVE-2023-27954, CVE-2023-23541, CVE-2023-27961, CVE-2023-23543, CVE-2023-27936, CVE-2023-23537, CVE-2023-27956, CVE-2023-27928, CVE-2023-27946, CVE-2023-23535, CVE-2023-27941, CVE-2023-27969, CVE-2023-27949, CVE-2023-28182, CVE-2023-27963, CVE-2023-27954, CVE-2023-23529, CVE-2023-23541, CVE-2023-23540, CVE-2023-27959, CVE-2023-27970, CVE-2023-23532, CVE-2023-23527, CVE-2023-27931, CVE-2023-23494, CVE-2023-27955, CVE-2023-23528, CVE-2023-28181, CVE-2023-27968, CVE-2023-27951, CVE-2023-23534, CVE-2023-0433 CVE-2023-0512
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released a security update to resolve multiple vulnerabilities in runc package.
CVE ID: CVE-2019-16884 (High), CVE-2019-19921 (High), CVE-2021-30465 (High), CVE-2022-29162 (High), CVE-2023-27561 (High)
A vulnerability has been discovered in NginxProxyManager that allows to execute arbitrary code via a lua script to the configuration file. The affected version is NginxProxyManager v.2.9.19.
CVE ID: CVE-2023-27224 (Critical)
It has been discovered that baserCMS allows an authenticated user to upload arbitrary files. The affected versions are baserCMS prior to 4.7.5.
CVE ID: CVE-2023-25655 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released a security update to resolve multiple vulnerabilities in libreoffice package, which can lead to arbitrary script execution, improper certificate validation, and weak encryption of password storage in the user’s configuration database.
CVE ID: CVE-2021-25636 (High), CVE-2022-3140 (Medium), CVE-2022-26305 (High), CVE-2022-26306 (High), CVE-2022-26307 (High)
A SQL injection vulnerability has been discovered in IBM Security Guardium Key Lifecycle Manager, which can allow to view, add, modify or delete information in the back-end database. The affected versions are IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1.
CVE ID: CVE-2023-25684 (Critical)
A SQL injection vulnerability has been discovered in eo_tags package for PrestaShop. The affected versions are eo_tags package before 1.4.19 for PrestaShop.
CVE ID: CVE-2023-27570 (Critical)
A SQL injection vulnerability has been discovered in eo_tags package for PrestaShop via an HTTP User-Agent or Referer header. The affected versions are eo_tags package before 1.3.0 for PrestaShop.
CVE ID: CVE-2023-27569 (Critical)
A SQL injection vulnerability via the `q` parameter has been discovered in Soko. The affected versions are Soko prior to 1.0.2.
CVE ID: CVE-2023-28424 (Critical)
An out-of-bounds write vulnerability has been discovered in the BLE L2CAP module of the Contiki-NG operating system. The affected versions are Contiki-NG 4.8 and prior.
CVE ID: CVE-2023-28116 (Critical)
It has been discovered that Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function, which can lead to Remote Code Execution (RCE). The affected versions are Snappy prior to 1.4.2.
CVE ID: CVE-2023-28115 (Critical)
A vulnerability has been discovered in Cilium that can cause disruption to newly established connections during a short period when Cilium eBPF programs are not attached to the host due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement. The affected version is Cilium 1.13.0.
CVE ID: CVE-2023-27595 (Critical)
An improper authorisation implementation vulnerability has been discovered in Exynos baseband that allows incorrect handling of unencrypted messages. The affected version is Exynos baseband prior to SMR Mar-2023 Release 1.
CVE ID: CVE-2023-21455 (Critical)
It has been discovered that a lack of rate limiting on the password reset endpoint of Chamberlain allows to compromise user accounts via a bruteforce attack. The affected version is Chamberlain myQ v5.222.0.32277 (on iOS).
CVE ID: CVE-2023-24080 (Critical)
Google has released Chrome Beta 112 (112.0.5615.40) for iOS, Dev channel 113.0.5668.0 for Windows, Linux and Mac, and LTS-108 LTS channel 108.0.5359.224 (Platform Version: 15183.86.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-0941 (Critical), CVE-2023-1215 (High), CVE-2023-1218 (High), CVE-2023-1219 (High), CVE-2023-1220 (High), CVE-2023-0931 (high)
WordPress has released security updates to resolve XSS Bypass vulnerability in SVG Sanitizer library. The affected versions are SVG Sanitizer library versions up to, and including, 0.15.4.
CVE ID: CVE-2023-28426 (high)
Microsoft has released Microsoft Edge Stable Channel (Version 111.0.1661.54) to resolve multiple vulnerabilities.
CVE ID: CVE-2023-28286 (Medium), CVE-2023-28261 (Medium)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.
CVE ID: CVE-2023-0767 (High), CVE-2023-0804 (Medium), CVE-2023-23931 (Medium), CVE-2023-24329 (High), CVE-2023-24807 (High)
Ubuntu has released security updates to address several vulnerabilities in Graphviz package. The affected products are Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 14.04 ESM.
CVE ID: CVE-2019-11023 (High), CVE-2018-10196 (Medium), CVE-2020-18032 (High)
It has been discovered that WAB-MAT registers its windows service executable with an unquoted file path, which can allow malicious executable be placed on a certain path, & executed with the privilege of the Windows service. The affected versions are WAB-MAT Ver.5.0.0.8 and earlier.
CVE ID: CVE-2023-22282 (High)
An incorrect permission assignment for critical resource vulnerability has been discovered in RoboDK's Equipment- RoboDK that can allow to escalate privileges. The affected versions are RoboDK v5.5.3 and prior.
CVE ID: CVE-2023-1516 (High)
An insufficiently protected credentials vulnerability has been discovered in CP Plus' Equipment- KVMS Pro that can allow to retrieve sensitive credentials and control the entire CCTV system. The affected versions are CP Plus KVMS Pro V2.01.0.T.190521 and prior.
CVE ID: CVE-2023-1518 (High)
Multiple vulnerabilities have been discovered in SAUTER's Equipment- EY-modulo 5 Building Automation Stations that can lead to privilege escalation, unauthorized execution of actions, a Denial of Service (DoS) condition, or retrieval of sensitive information. The affected version is EY-modulo 5 Building Automation Stations: EY-AS525F001 with moduWeb.
CVE ID: CVE-2023-2865 (High), CVE-2023-28655 (High), CVE-2023-22300 (High), CVE-2023-27927 (High), CVE-2023-28652 (Medium)
Multiple vulnerabilities have been discovered in ABB Pulsar Plus Controller that can allow to take control of the product or execute arbitrary code. The affected products are ABB Infinity DC Power Plant – H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415 and ABB Pulsar Plus System Controller – NE843_S – comcode 150042936.
CVE ID: CVE-2022-1607 (Medium), CVE-2022-26080 (Medium)
An authentication bypass vulnerability has been discovered in WooCommerce Payments plugin. The affected versions are WooCommerce Payments plugin versions up to, and including, 5.6.1.
Google has released Dev channel OS version: 15389.0.0 Browser version: 113.0.5650.0 for most ChromeOS devices, Chrome Dev 113 (113.0.5668.0) for Android, Beta channel is being updated to ChromeOS version: 15359.31.0 and Browser version: 112.0.5615.37 for most devices, Beta channel 112.0.5615.39 for Windows, Linux and Mac, and Chrome Beta 112 (112.0.5615.37) for iOS.
NVIDIA has released released a firmware security update for NVIDIA DGX-2 server, DGX A100 server, and DGX Station A100 to address code execution, Denial of Service (DoS), escalation of privileges, loss of data integrity, information disclosure, or data tampering vulnerabilities.
CVE ID: CVE-2022-42274 (High), CVE-2022-42280 (High), CVE-2022-42282 (Medium), CVE-2022-42283 (Medium), CVE-2022-42286 (Medium), CVE-2022-42287 (Medium), CVE-2022-42289 (High), CVE-2022-42290 (High), CVE-2023-0200 (High), CVE-2023-0201 (Medium), CVE-2023-0202 (High), CVE-2023-0206 (High), CVE-2023-0207 (High)
Multiple vulnerabilities have been discovered in Orbi WiFi Systems, and RBR750 Orbi WiFi 6 Router. Security updates are available for Orbi WiFi Systems.
Multiple Vulnerabilities have been discovered in ProPump and Controls Inc.'s Equipment- Osprey Pump Controller, which can allow to gain unauthorized access, retrieve sensitive information, modify data, cause a Denial of Service (DoS), and/or gain administrative control. The affected version is Osprey Pump Controller version 1.01.
CVE ID: CVE-2023-28395 (High), CVE-2023-28375, CVE-2023-28654 (Critical), CVE-2023-27886 (Critical), CVE-2023-27394 (Critical), CVE-2023-28648 (High), CVE-2023-28398 (Critical), CVE-2023-28718 (High), CVE-2023-28712 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Cisco has released security updates to address several vulnerabilities in multiple Cisco products. An attacker may exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20027 (High), CVE-2023-20065 (High), CVE-2023-20035 (High), CVE-2023-20072 (High), CVE-2023-20080 (High), CVE-2023-20067 (High), CVE-2023-20055 (High), CVE-2023-20082 (High), CVE-2023-20112 (High), CVE-2023-20066 (Medium), CVE-2023-20113 (Medium), CVE-2023-20029 (Medium), CVE-2023-20059 (Medium), CVE-2023-20100 (Medium), CVE-2023-20081 (Medium), CVE-2023-20107 (Medium), CVE-2023-20056 (Medium), CVE-2023-20097 (Medium)
A vulnerability has been discovered in Flatpak when it runs on a Linux virtual console. The affected versions are Flatpak prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4.
CVE ID: CVE-2023-28100 (Critical)
A SQL Injection vulnerability has been discovered in Kirin Fortress Machine that allows attackers to execute arbitrary code. The affected version is Kirin Fortress Machine v.1.7-2020-0610.
CVE ID: CVE-2023-26784 (Critical)
A command execution vulnerability has been discovered in JHR-N916R router. The affected version is JHR-N916R router firmware version 21.11.1.1483 and prior.
CVE ID: CVE-2023-24795 (Critical)
A code execution vulnerability has been discovered in SA-WR915ND router. The affected version is SA-WR915ND router firmware v17.35.1.
CVE ID: CVE-2023-23150 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2023-28668 (Medium), CVE-2023-28669 (High), CVE-2023-28670 (High), CVE-2023-28671 (Medium), CVE-2023-28672 (High), CVE-2023-28673 (Medium), CVE-2023-28674 (Medium), CVE-2023-28675 (Medium), CVE-2023-28676 (High), CVE-2023-28677 (High), CVE-2023-28678 (High), CVE-2023-28679 (High), CVE-2023-28680 (High), CVE-2023-28681 (High), CVE-2023-28682 (High), CVE-2023-28683 (High), CVE-2023-28684 (High), CVE-2023-28685 (High)
Deserialization of untrusted data vulnerability has been discovered in Keysight Technologies' Equipment- N6854A Geolocation Sever, which can allow to escalate privileges in the affected device’s default configuration, resulting in Remote Code Execution (RCE) or deleting system files and folders. The affected versions are Keysight N6854A Geolocation Server versions 2.4.2 and prior.
CVE ID: CVE-2023-1399 (High)
A Time-of-check Time-of-use (TOCTOU) race condition vulnerability has been discovered in Siemens' equipment- RUGGEDCOM APE1808 product family that can lead to system crashing or escalation of privileges.
CVE ID: CVE-2022-32469 (High), CVE-2022-32470 (High), CVE-2022-32471 (High), CVE-2022-32475 (High), CVE-2022-32477 (High), CVE-2022-32953 (High), CVE-2022-32954 (High)
An infinite loop vulnerability has been discovered in Siemens' Equipment- RADIUS client of SIPROTEC 5 devices. The workarounds and mitigation are available.
CVE ID: CVE-2022-38767 (High)
An improper restriction of XML external entity reference vulnerability has been discovered in VISAM's Equipment- VBASE, that can allow an attacker to obtain sensitive information from the target device. The mitigation is available.
CVE ID: CVE-2022-41696 (Medium), CVE-2022-43512 (Medium), CVE-2022-45121 (Medium), CVE-2022-45468 (Medium), CVE-2022-45876 (Medium), CVE-2022-46286 (Medium), CVE-2022-46300 (Medium)
Multiple vulnerabilities have been discovered in various third-party components used in Siemens's SCALANCE W-700 devices, which can cause a Denial of Service (DoS) condition or disclose sensitive data. The mitigation is available.
CVE ID: CVE-2018-12886 (High), CVE-2018-25032 (High), CVE-2021-42373 (Medium), CVE-2021-42374 (Medium), CVE-2021-42375 (Medium), CVE-2021-42376 (Medium), CVE-2021-42377 (Medium), CVE-2021-42378 (Medium), CVE-2021-42379 (Medium), CVE-2021-42380 (Medium), CVE-2021-42381 (Medium), CVE-2021-42382 (Medium), CVE-2021-42383 (Medium), CVE-2021-42384 (Medium), CVE-2021-42385 (Medium), CVE-2021-42386 (Medium), CVE-2022-23395 (Medium)
WordPress has released security updates to resolve multiple vulnerabilities in the Open Graphite plugin. The affected versions are Open Graphite plugin versions up to, and including, 1.6.0.
CVE ID: CVE-2022-47439 (Medium)
Google has released Chrome 111 (111.0.5563.115/.116) for Android, Chrome Stable 111 (111.0.5563.101) for iOS, Extended Stable channel 110.0.5481.208 for Windows and Mac, Stable channel OS version: 15329.52.0 Browser version: 111.0.5563.100 for most ChromeOS devices, and Stable channel has been updated to 111.0.5563.110 for Mac and Linux and 111.0.5563.110/.111 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2023-1528 (High), CVE-2023-1529 (High), CVE-2023-1530 (High), CVE-2023-1531 (High), CVE-2023-1532 (High), CVE-2023-1533 (High), CVE-2023-1534 (High)
A vulnerability has been discovered in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. The updates are available.
CVE ID: CVE-2023-0464 (Low)
An OS command injection vulnerability has been discovered in D-Link that allows to escalate privileges to root via a crafted payload. The affected version is D-Link DIR820LA1_FW105B03.
CVE ID: CVE-2023-25280 (Critical)
An authentication bypass vulnerability has been discovered in Netgear RAX30 (AX2400) that allows to gain administrative access to the device's web management interface by resetting the admin password. The affected versions are Netgear RAX30 (AX2400) prior to version 1.0.6.74.
CVE ID: CVE-2023-1327 (Critical)
An OS command injection vulnerability has been discovered in Altenergy Power Control Software. The affected version is Altenergy Power Control Software C1.2.5.
CVE ID: CVE-2023-28343 (Critical)
Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment- ThinManager ThinServer that can allow to perform Remote Code Execution (RCE) on the target system/device or crash the software. The mitigations are available.
CVE ID: CVE-2023-27855 (Critical), CVE-2023-27856 (High), CVE-2023-27857 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that a reset password token is generated without any randomness parameter in Combodo iTop that can lead to account takeover. The affected versions are Combodo iTop prior to versions 2.7.8 and 3.0.2-1.
CVE ID: CVE-2022-39216 (Critical)
Multiple vulnerabilities have been discovered in various WordPress plugins. Security updates & patches are available for some plugins.
CVE ID: CVE-2023-1470 (Medium), CVE-2023-1471 (High), CVE-2023-1472 (Medium), CVE-2023-1469 (Medium), CVE-2023-1172 (High)
Directory traversal vulnerability has been discovered in SAP NetWeaver AS. The affected versions are SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791.
CVE ID: CVE-2023-27501 (Critical)
OS Command injection vulnerability has been discovered in D-Link DIR-867 that allows allows attackers to execute arbitrary commands. The affected version is D-Link DIR-867 DIR_867_FW1.30B07.
CVE ID: CVE-2023-24762 (Critical)
It has been discovered that Webpack 5 does not avoid cross-realm object access. The affected versions are Webpack 5 before 5.76.0.
CVE ID: CVE-2023-28154 (Critical)
TP-Link has released security update to address SSH host keys vulnerability in T2600G-28SQ. The affected versions are T2600G-28SQ firmware versions prior to T2600G-28SQ(UN)_V1_1.0.6 Build 20230227.
CVE ID: CVE-2023-28368 (Medium)
It has been observed that in recent campaign Lockbit 3.0 ransomware is using multiple technique to gain initial access into the victim’s network, such as brute-force attacks against user credentials to compromise internet-facing Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) access , use of purchased or stolen credentials from initial access brokers, phishing attacks to obtain user credentials and exploitation of known vulnerabilities in software and security misconfigurations.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability has been discovered in Rockwell Automation's Equipment- Modbus TCP Server Add-On Instruction (AOI) that allow an unauthorized user to read the connected device’s Modbus TCP Server AOI information. The affected versions are Rockwell Automation Modbus TCP Server AOI 2.00 and 2.03.
CVE ID: CVE-2023-0027 (Medium)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.
CVE ID: CVE-2023-0240 (High), CVE-2023-0751 (Medium), CVE-2023-24580 (High), CVE-2023-26545 (High)
Multiple vulnerabilities such as Command Injection, Use of Insufficiently Random Values, and Missing Authentication for Critical Function have been discovered in Honeywell's Equipment- OneWireless Wireless Device Manager (WDM). All versions of OneWireless WDM up to R322.1 are affected.
CVE ID: CVE-2022-46361 (Critical), CVE-2022-43485 (Medium), CVE-2022-4240 (High)
AVEVA has released security updates to address multiple vulnerabilities in its equipment- InTouch Access Anywhere, Plant SCADA Access Anywhere that can allow an unauthenticated user to read files on the system, execute arbitrary code, or create a denial-of-service condition. The affected versions are InTouch Access Anywhere: 2023 and prior, and Plant SCADA Access Anywhere: 2020 R2 and prior.
CVE ID: CVE-2022-23854 (High), CVE-2021-3711 (Critical), CVE-2020-11022 (Medium)
Google has released Chrome Dev 113 (113.0.5651.0) for Android, dev channel 113.0.5653.0 for Windows, Linux and Mac, and Beta channel ChromeOS version: 15359.24.0 and Browser version: 112.0.5615.29 for most devices.
SQL injection vulnerability has been discovered in E-Commerce System. The affected version is E-Commerce System v1.0.
CVE ID: CVE-2023-27052 (Critical)
OS Command injection vulnerability has been discovered in D-Link that allows attackers to escalate privileges to root via a crafted payload. The affected version is D-Link DIR820LA1_FW105B03.
CVE ID: CVE-2023-25279 (Critical)
SQL injection vulnerability has been discovered in 10Web Map Builder for Google Maps WordPress plugin that does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users. The affected versions are 10Web Map Builder for Google Maps WordPress plugin before 1.0.73.
CVE ID: CVE-2023-0037 (Critical)
Buffer overflow vulnerability has been discovered in Tenda that allows attackers to cause a Denial of Service (DoS) via a crafted request. The affected version is Tenda V15V1.0 V15.11.0.14(1521_3190_1058).
CVE ID: CVE-2023-27063 (Critical)
Buffer overflow vulnerability has been discovered in Tenda that allows attackers to cause a Denial of Service (DoS) via a crafted request. The affected version is Tenda V15V1.0 V15.11.0.14(1521_3190_1058).
CVE ID: CVE-2023-27061 (Critical)
Buffer overflow vulnerability has been discovered in NETGEAR Nighthawk WiFi6 Router that can allow an attacker to execute arbitrary code on the device. The affected versions are NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94.
CVE ID: CVE-2023-27853 (Critical)
Buffer overflow vulnerability has been discovered in NETGEAR Nighthawk WiFi6 Router that can allow an attacker to execute arbitrary code on the device. The affected versions are NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94.
CVE ID: CVE-2023-27852 (Critical)
SQL Injection vulnerability has been discovered in Saysis Starcities. The affected versions are Starcities through 1.3.
CVE ID: CVE-2023-1198 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Microsoft has released updates to address multiple vulnerabilities in its software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Google has released Dev channel OS version: 15378.0.0 Browser version: 113.0.5635.0 for most ChromeOS devices, Chrome Beta 112 (112.0.5615.29) for iOS, Chrome Beta 112 (112.0.5615.29) for Android, and Beta channel 112.0.5615.29 for Windows, Linux and 112.0.5615.28 for Mac.
It has been discovered that threat actors are exploiting a .NET deserialization vulnerability in Progress Telerik User Interface (UI) for ASP.NET AJAX, located in Microsoft Internet Information Services (IIS) web server which can cause Remote Code Execution (RCE). The affected versions are Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114).
CVE ID: CVE-2019-18935 (Critical)
An uncontrolled search path element vulnerability has been discovered in the Trend Micro Apex One Server installer that can allow Remote Code Execution (RCE) state on affected products.
CVE ID: CVE-2023-25143 (Critical)
An authentication bypass vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository froxlor/froxlor prior to 2.0.13.
CVE ID: CVE-2023-1307 (Critical)
An XML External Entity injection (XXE) vulnerability has been discovered in ENOVIA Live Collaboration that allows remote file inclusions. The affected version is ENOVIA Live Collaboration V6R2013xE.
CVE ID: CVE-2023-1288 (Critical)
An XSL template vulnerability has been discovered in ENOVIA Live Collaboration that allows Remote Code Execution (RCE). The affected version is ENOVIA Live Collaboration V6R2013xE.
CVE ID: CVE-2023-1287 (Critical)
A SQL injection vulnerability has been discovered in Akinsoft Wolvox. The affected versions are Akinsoft Wolvox before 8.02.03.
CVE ID: CVE-2023-1251 (Critical)
Multiple vulnerabilities have been discovered in several Zoom products. The affected versions are Zoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5, Zoom Rooms (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5, Zoom VDI Windows Meeting clients before version 5.13.10, Zoom Client for Meetings for IT Admin macOS installers before version 5.13.5, Zoom Client for Meetings for IT Admin Windows installers before version 5.13.5, Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.3, and Zoom VDI for Windows clients before 5.13.1.
CVE ID: CVE-2023-28597 (High), CVE-2023-28596 (Medium), CVE-2023-22883 (High), CVE-2023-22881 (Medium), CVE-2023-22882 (Medium), CVE-2023-22880 (Medium)
Path traversal vulnerability has been discovered in Fortinet FortiOS. The affected versions are Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11.
CVE ID: CVE-2022-41328 (High)
A vulnerability has been discovered in Hitachi Energy's Data Dynamics ActiveBar (ActBar) ActiveX Controls component, that affects the SYS600 products. The affected versions are SYS600 9.4 FP2 Hotfix 5 and earlier, and SYS600 10.1.1 and earlier. The updates & mitigations are available.
CVE ID: CVE-2011-1207 (Medium)
Multiple vulnerabilities have been discovered in Autodesk's Equipment- FBX SDK that can lead to code execution or a Denial of Service (DoS) condition. The affected products are Autodesk FBX SDK versions 2020 and prior, and Luxion KeyShot version 11.3 and prior. The updates are available.
CVE ID: CVE-2022-41302 (High), CVE-2022-41303 (High), CVE-2022-41304 (High)
A code injection vulnerability has been discovered in GE Digital Equipment- iFIX that can cause privilege escalation and full control of the system. The affected versions are GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5.
CVE ID: CVE-2023-0598 (High)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel. The affected products are Ubuntu 22.10, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.
Mozilla has released security updates to resolve multiple vulnerabilities in Thunderbird 102.9, Firefox ESR 102.9, and Firefox 111. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-28159 (High), CVE-2023-25748 (High), CVE-2023-25749 (High), CVE-2023-25750 (High), CVE-2023-25751 (High), CVE-2023-28160 (Medium), CVE-2023-28164 (Medium), CVE-2023-28161 (Medium), CVE-2023-28162 (Medium), CVE-2023-25752 (Medium), CVE-2023-28163 (Medium), CVE-2023-28176 (High), CVE-2023-28177 (High)
Multiple improper certificate validation vulnerabilities have been discovered in NPort 6000 Series and Windows driver manager. The affected versions are NPort 6000 Series Firmware version 2.2 or lower, Windows Driver Manager Series Software version 3.4 or lower, and Windows Driver Manager Series Software version 4.0 or lower. Security updates are available for NPort 6000 Series.
CVE ID: CVE-2022-43993, CVE-2022-43994
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2015-8011 (Critical), CVE-2020-27827 (High), CVE-2023-25957 (Critical), CVE-2022-34819 (Critical), CVE-2022-34820 (High), CVE-2022-34821 (High), CVE-2022-0547 (Critical), CVE-2022-1292 (Critical), CVE-2021-37208 (Critical)
Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Internet Control Message Protocol (ICMP).
CVE ID: CVE-2023-23415 (Critical)
AVEVA has released security updates to address an improper authorization vulnerability in AVEVA Plant SCADA and AVEVA Telemetry Server. The affected versions are AVEVA Plant SCADA 2023, AVEVA Plant SCADA 2020R2 Update 10 and all prior versions, and AVEVA Telemetry Server 2020 R2 SP1 and all prior versions.
CVE ID: CVE-2023-1256 (Critical)
Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-28003 (Medium), CVE-2023-28004 (Critical), CVE-2023-27977 (High), CVE-2023-27978 (High), CVE-2023-27979 (High), CVE-2023-27980 (High), CVE-2023-27981 (High), CVE-2023-27982 (High), CVE-2023-27983 (Medium), CVE-2023-27984 (Medium), CVE-2022-45789 (High), CVE-2023-22610 (Critical), CVE-2023-22611 (High)
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-26359 (Critical), CVE-2023-26360 (High), CVE-2023-26361 (Medium), CVE-2023-25908 (High)
Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Remote Procedure Call Runtime.
CVE ID: CVE-2023-21708 (Critical)
A code injection vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository builderio/qwik prior to 0.21.0.
CVE ID: CVE-2023-1283 (Critical)
Use of hard-coded credentials vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE ID: CVE-2023-1269 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in SmartBear Zephyr Enterprise. The affected versions are SmartBear Zephyr Enterprise through 7.15.0.
CVE ID: CVE-2023-22889 (Critical)
A SQL injection vulnerability has been discovered in Varisicte matrix-gui that allows to execute arbitrary code. The affected version is Varisicte matrix-gui v.2.
CVE ID: CVE-2023-26922 (Critical)
A command injection vulnerability has been discovered in TOTOlink A7100RU router. The affected version is TOTOlink A7100RU V7.4cu.2313_B20191024 router.
CVE ID: CVE-2023-25395 (Critical)
A SQL injection vulnerability has been discovered in Ulkem Company PtteM Kart. The affected versions are PtteM Kart before 2.1.
CVE ID: CVE-2023-1267 (Critical)
An improper access control vulnerability has been discovered in Omron's Equipment- CJ1M PLC that allow to bypass user memory protections by writing to a specific memory address. The affected products are all versions of Omron CJ1M: SYSMAC CJ-series, SYSMAC CS-series, and SYSMAC CP-series.
CVE ID: CVE-2023-0811 (Critical)
It has been discovered that from 14 March 2023 it will no longer be possible to disable the Microsoft DCOM hardening patch applicable. This can result in the disruption of critical communications between ICS/SCADA/OT devices.
CVE ID: CVE-2021-26414 (Medium)
Microsoft has released Microsoft Edge Stable Channel (Version 111.0.1661.41) & Microsoft Edge Extended Stable Channel (Version 110.0.1587.69) to resolve multiple vulnerabilities.
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in WordPress Solidres plugin. The affected versions are Solidres plugin versions up to, and including, 0.9.4.
CVE ID: CVE-2023-1374 (Medium)
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in WordPress WH Testimonials plugin. The affected versions are WH Testimonials plugin versions up to, and including, 3.0.0.
CVE ID: CVE-2023-1372 (High)
SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-25616 (Critical), CVE-2023-23857 (Critical), CVE-2023-27269 (Critical), CVE-2023-27500 (Critical), CVE-2023-25617 (Critical)
An arbitrary file upload vulnerability has been discovered in onekeyadmin that allows attackers to execute arbitrary code via a crafted PHP file. The affected version is onekeyadmin v1.3.9.
CVE ID: CVE-2023-26949 (Critical)
An arbitrary file upload vulnerability has been discovered in PMB that allows attackers to execute arbitrary code via a crafted image file. The affected version is PMB v7.4.6.
CVE ID: CVE-2023-24734 (Critical)
A use of hard-coded credentials vulnerability has been discovered in SS1 and Rakuraku PC Cloud Agent that may allow to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.The affected versions are SS1 Ver.13.0.0.40 and earlier, and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier.
CVE ID: CVE-2023-22344 (Critical)
A path traversal vulnerability has been discovered in SS1 and Rakuraku PC Cloud Agent that may allow to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. The affected versions are SS1 Ver.13.0.0.40 and earlier, and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier.
CVE ID: CVE-2023-22336 (Critical)
It has been discovered that Docker based datastores for IBM Instana do not currently require authentication that allow an attacker within the network to access the datastores with read/write access. The affected versions are IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0.
CVE ID: CVE-2023-27290 (Critical)
It has been discovered that ShadowsocksX-NG signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. The affected version is ShadowsocksX-NG 1.10.0.
CVE ID: CVE-2023-27574 (Critical)
A vulnerability has been discovered in XWiki Commons that allow any user to edit their own profile and inject code, which is going to be executed with programming right. The affected version is are XWiki Commons 3.1-milestone-1.
CVE ID: CVE-2023-26055 (Critical)
Wolt has released security updates to address hard-coded API key vulnerability in Android App "Wolt Delivery: Food and more". The affected products are Android App "Wolt Delivery: Food and more" version 4.27.2 and earlier.
CVE ID: CVE-2023-22429 (Medium)
Debian has released a security update to resolve multiple vulnerabilities in ruby-sidekiq, and libapache2-mod-auth-mellon.
CVE ID: CVE-2021-30151 (Medium), CVE-2022-23837 (High), CVE-2019-13038 (Medium), CVE-2021-3639 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Deserialization vulnerability has been discovered in CleverStupidDog yf-exam, which can lead to remote code execution (RCE). The affected version is CleverStupidDog yf-exam v 1.8.0.
CVE ID: CVE-2023-26779 (Critical)
Cross-Site WebSocket Hijacking (CSWSH) vulnerability has been discovered in Gitpod that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim's credentials. The affected versions are Gitpod prior to release- 2022.11.2.16.
CVE ID: CVE-2023-0957 (Critical)
A vulnerability has been discovered in XWiki Platform that inject arbitrary wiki syntax. The affected versions are XWiki Platform 6.3-rc-1 and 6.2.4.
CVE ID: CVE-2023-26477 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
B&R Industrial Automation has released security update to address a Cross-site Scripting vulnerability in its equipment- Systems Diagnostics Manager (SDM). The affected versions are System Diagnostics Manager: runtime versions 3.00 and later, and System Diagnostics Manager: runtime versions C4.93 and prior.
CVE ID: CVE-2022-4286 (Medium)
Step Tools Inc. has released security update to address a Null Pointer Dereference vulnerability in its equipment- STEPTools ifcmesh library. The affected version is STEPTools v18SP1 ifcmesh library (v18.1).
CVE ID: CVE-2023-0973 (Low)
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.
CVE ID: CVE-2023-27522, CVE-2023-25690
Google has released ChromeOS LTS 108, 108.0.5359.221 (Platform Version: 15183.8240), for most ChromeOS devices, Stable channel OS version: 15329.44.0 Browser version: 111.0.5563.71 for most ChromeOS devices, Chrome Dev 113 (113.0.5637.4) for Android, Beta channel ChromeOS version: 15359.15.0 and Browser version: 112.0.5615.18 for some devices, dev channel 113.0.5638.0 for Windows, Linux and Mac, Chrome 112 Beta channel for Windows, Mac and Linux, Chrome Beta 112 (112.0.5615.18) for Android, and Chrome Stable 111 (111.0.5563.72) for iOS.
GitLab has released Community Edition and Enterprise Edition version 15.9.3 to resolve a number of regressions and bugs in the 15.9 release and prior versions.
Blind SQL injection vulnerability has been discovered in PrestaShop e-commerce platform. Versions upto 4.5.5 are affected by the flaw.
CVE ID: CVE-2023-23315 (Critical)
Relative path traversal vulnerability has been discovered in Drag and Drop Multiple File Upload Contact Form. The affected version is 7 5.0.6.1.
CVE ID: CVE-2023-1112 (Critical)
Multiple vulnerabilities such as command injection and stack-based buffer overflow have been discovered in Aruba products.
CVE ID: CVE-2023-22747 (Critical), CVE-2023-22748 (Critical), CVE-2023-22749 (Critical), CVE-2023-22750 (Critical)
Relative Path Traversal vulnerability has been discovered in ForgeRock Access Management Java Policy Agent that allows Authentication Bypass. All versions of Access Management Java Policy Agent up to 5.10.1 are affected.
CVE ID: CVE-2023-0511 (Critical)
Relative Path Traversal vulnerability has been discovered in ForgeRock Access Management Java Policy Agent that allows Authentication Bypass. All versions of Access Management Java Policy Agent up to 5.10.1 are affected.
CVE ID: CVE-2023-0339 (Critical)
SQL injection vulnerability has been discovered in SPIP that allows attackers to execute arbitrary code via a crafted POST request. The affected versions are SPIP v4.1.5 and earlier.
CVE ID: CVE-2023-24258 (Critical)
Multiple vulnerabilities have been discovered in Akuvox's Equipment- E11. Successful exploitation of these vulnerabilities can cause loss of sensitive information, unauthorized access, and grant full administrative control to an attacker. All versions of Akuvox E11 are affected.
CVE ID: CVE-2023-0343 (Medium), CVE-2023-0355 (Medium), CVE-2023-0354 (Critical), CVE-2023-0353 (High), CVE-2023-0352 (Critical), CVE-2023-0351 (High), CVE-2023-0350 (Medium), CVE-2023-0349 (High), CVE-2023-0348 (High), CVE-2023-0347 (High), CVE-2023-0346 (High), CVE-2023-0345 (Critical), CVE-2023-0344 (Critical)
Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products.
CVE ID: CVE-2023-20049 (High), CVE-2023-20064 (Medium)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2023-27898 (High), CVE-2023-27899 (High), CVE-2023-24998 (Medium), CVE-2023-27900 (Medium), CVE-2023-27901 (Medium), CVE-2023-27902 (Medium), CVE-2023-27903 (Low), CVE-2023-27904 (Low), CVE-2023-27905 (Medium)
Moxa has released security updates to resolve command injection and use of Hard-coded credentials vulnerabilities in Moxa MXsecurity Series. The affected versions are MXsecurity Series Software v1.0.
Google has released Dev channel 112.0.5615.20 for Windows, Linux & Mac, Dev channel OS version: 15373.0.0, Browser version: 113.0.5624.0 for most ChromeOS devices, and Chrome Beta 112 (112.0.5615.20) for iOS.
Foxit has released updated Foxit PDF Editor 11.2.5 to resolve multiple vulnerabilities in Foxit PDF Editor 11.2.4.53774 and all previous 11.x versions, 10.1.10.37854 and earlier.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Apple has released security updates to resolve vulnerability in macOS Ventura, iOS & iPadOS that allow an app to execute arbitrary code out of its sandbox or with certain elevated privileges. The affected versions are in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3.
CVE ID: CVE-2023-23531 (Critical)
Phoenix Contact has released security updates to resolve arbitrary command injection and arbitrary file upload/removal vulnerabilities in TC Router and Cloud Client Series. The affected versions are TC Router 4000 series and Cloud Client 2000 series up to firmware version 4.5.7x.107.
CVE ID: CVE-2023-0861 (High), CVE-2023-0862 (High)
Apache has released security updates to address HTTP Request Smuggling attack, and HTTP Response Smuggling vulnerabilities in Apache HTTP Server. The affected versions are Apache HTTP Server: 2.4.0 through 2.4.55, and Apache HTTP Server: 2.4.30 through 2.4.55.
CVE ID: CVE-2023-25690, CVE-2023-27522
A vulnerability affects the IEC 68070-5-104 (IEC-104) protocol stack of ABB Substation Management Unit COM600 that allow attackers to cause a denial-of-service attack against the COM600 product. The affected versions are ABB COM600 product firmware 2.x, 3.x, 4.x and 5.x.
CVE ID: CVE-2022-29492 (Medium)
Multiple vulnerabilities have been discovered in several Fortinet products. Security updates are available.
CVE ID: CVE-2023-25610 (Critical), CVE-2023-25611 (High), CVE-2023-23776 (Medium), CVE-2023-25605 (High)
Apple has released security updates to address multiple vulnerabilities in GarageBand for macOS 10.4.8. An attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-27960, CVE-2023-27938
WordPress has released security updates to resolve multiple vulnerabilities in CMP Coming Soon & Maintenance plugin. The affected versions are CMP Coming Soon & Maintenance plugin versions up to, and including, 4.1.6.
CVE ID: CVE-2023-1263 (Medium)
Trellix has released security update to address a command injection vulnerability in Intelligent Sandbox CLI that allows a local user to obtain root access. The affected versions are Intelligent Sandbox IS 5.2, 5.0, and ATD 4.x.
CVE ID: CVE-2023-0978 (Medium)
A SQL injection vulnerability has been discovered in Domotica Labs srl Ikon Server. The affected versions are Domotica Labs srl Ikon Server before v2.8.6.
CVE ID: CVE-2023-24253 (Critical)
An execution of arbitrary code vulnerability has been discovered in ASUS ASMB8 iKVM firmware. The affected versions are ASUS ASMB8 iKVM firmware through 1.14.51.
CVE ID: CVE-2023-26602 (Critical)
A SQL injection vulnerability has been discovered in BMC Control-M that allows to execute arbitrary SQL commands via the memname JSON field. The affected versions are BMC Control-M before 9.0.20.214.
CVE ID: CVE-2023-26550 (Critical)
ZoneMinder has released a security update to address a SQL Injection vulnerability in it. The affected versions are ZoneMinder prior to 1.36.33 and 1.37.33.
CVE ID: CVE-2023-26037 (Critical)
ZoneMinder has released a security update to address a Local File Inclusion (Untrusted Search Path) vulnerability in it. The affected versions are ZoneMinder prior to 1.36.33 and 1.37.33.
CVE ID: CVE-2023-26036 (Critical)
ZoneMinder has released a security update to address an Unauthenticated Remote Code Execution via Missing Authorization vulnerability in it. The affected versions are ZoneMinder prior to 1.36.33 and 1.37.33.
CVE ID: CVE-2023-26035 (Critical)
Gradio has released a security update to address an Use of Hard-coded Credentials vulnerability in it. The affected versions are Gradio prior to 3.13.1.
CVE ID: CVE-2023-25823 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.
CVE ID: CVE-2023-24998 (High), CVE-2023-25139 (Critical), CVE-2021-0187 (Low), CVE-2022-26343 (High), CVE-2022-26837 (High), CVE-2022-30539 (High), CVE-2022-30704 (High), CVE-2022-32231 (High), CVE-2022-33972 (Medium)
Multiple vulnerabilities have been discovered in BUFFALO INC network devices. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2023-26588 (Low), CVE-2023-24544 (Medium), CVE-2023-24464 (Medium)
Mitsubishi Electric has released security updates to resolve multiple OpenSSL Denial of Service vulnerabilities that affect the BACnet secure connect function of GENESIS64.
CVE ID: CVE-2022-3602 (Medium), CVE-2022-3786 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
WordPress has released security updates to resolve multiple vulnerabilities in Paytium: Mollie payment forms & donations plugin. The affected versions are Paytium: Mollie payment forms & donations plugin versions up to, and including, 4.3.7.
Google has released Chrome 111 (111.0.5563.57/58) for Android, Stable channel 111.0.5563.64 for Windows & Mac, Beta channel 111.0.5563.64 for Windows, Mac & Linux, and Chrome Beta 111 (111.0.5563.58) for Android.
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-03-05 or later, address all of these issues.
SPIP has released security updates to address Remote Code Execution (RCE) vulnerability in it. The affected versions are SPIP before 4.2.1.
CVE ID: CVE-2023-27372 (Critical)
A permission bypass vulnerability has been discovered in onStart of BluetoothSwitchPreferenceController.java that can lead to remote escalation of privileges in Bluetooth settings with no additional execution privileges needed. The affected products are Android-11, Android-12, Android-12L, and Android-13.
CVE ID: CVE-2023-20946 (Critical)
IVM Development Group has released a security update to address multiple vulnerabilities in pg_ivm module. The affected versions are pg_ivm prior to 1.5.1.
CVE ID: CVE-2023-22847 (Medium), CVE-2023-23554 (Medium)
WordPress has released security updates to resolve a reflected Cross-Site Scripting (XSS) vulnerability in Watu Quiz plugin. The affected versions are Watu Quiz plugin versions up to and including 3.3.9.
CVE ID: CVE-2023-0968 (Medium)
WordPress has released security updates to resolve an unauthorized admin notice dismissal vulnerability in WP Meteor Page Speed Optimization Topping plugin. The affected versions are WP Meteor Page Speed Optimization Topping plugin versions up to and including 3.1.4.
A buffer overflow vulnerability has been discovered in Tenda AC500. The affected version is Tenda AC500 V2.0.1.9(1307).
CVE ID: CVE-2023-25234 (Critical)
A buffer overflow vulnerability has been discovered in Tenda AC500. The affected version is Tenda AC500 V2.0.1.9(1307).
CVE ID: CVE-2023-25233 (Critical)
A buffer overflow vulnerability has been discovered in Tenda Router. The affected version is Tenda Router W30E V1.0.1.25(633).
CVE ID: CVE-2023-25231 (Critical)
It has been discovered that Cerebrate does not properly consider organisation_id during creation of API keys. The affected version is Cerebrate 1.12.
CVE ID: CVE-2023-26468 (Critical)
A Remote code execution (RCE) vulnerability has been discovered in Clash for Windows, which can be exploited via overwriting the configuration file. The affected version is Clash for Windows v0.20.12.
CVE ID: CVE-2023-24205 (Critical)
An unauthenticated insecure deserialization vulnerability has been discovered in BuddyForms WordPress plugin. The affected versions are BuddyForms WordPress plugin prior to 2.7.8.
CVE ID: CVE-2023-26326 (Critical)
A cleartext transmission of sensitive information vulnerability has been discovered in Curl that can cause HSTS functionality to fail when multiple URLs are requested serially. The affected versions are Curl prior to v7.88.0.
CVE ID: CVE-2023-23914 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel. The affected products are Ubuntu 14.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS.
JTEKT ELECTRONICS CORPORATION has released security updates to address out of bounds read and use after free vulnerabilities in Kostac PLC Programming Software. The affected versions are Kostac PLC Programming Software 1.6.9.0 and earlier.
CVE ID: CVE-2023-22419 (High), CVE-2023-22421 (High), CVE-2023-22424 (High)
SonicWall has released security updates to address stack-based buffer overflow, and improper restriction of excessive MFA attempts vulnerabilities in SonicOS and SonicOS SSLVPN respectively.
CVE ID: CVE-2023-0656 (High), CVE-2023-1101 (Medium)
It has been discovered that Edgecross Basic Software for Windows contains multiple vulnerabilities that may cause the Denial of Service (DoS) condition.
CVE ID: CVE-2022-0778 (High), CVE-2022-29862 (High), CVE-2022-29864 (High)
Royal ransomware is using various TTPs for initial access such as phishing emails, compromising RDP , exploiting public-facing applications & may leverage brokers to gain initial access and source traffic by harvesting Virtual Private Network (VPN) credentials from stealer logs. After gaining access, exfiltrate data to Command & Control (C2) server and then encrypts systems with its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.
Baicells has released security updates to address a command injection vulnerability in its equipment- Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430.
CVE ID: CVE-2023-0776 (Critical)
An improper access control vulnerability has been discovered in Rittal's Equipment- CMC III. Successful exploitation can allow to open control cabinets secured with Rittal locks.
CVE ID: CVE-2022-40633 (Medium)
Medtronic has released security update to address an unverified password change vulnerability in its equipment- Micros Clinician (A51200) app and InterStim X Clinician (A51300) app.
CVE ID: CVE-2023-25931 (Medium)
Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products.
CVE ID: CVE-2023-20011 (High), CVE-2023-20088 (Medium), CVE-2022-20952 (Medium)
WordPress has released security updates to resolve a reCaptcha bypass vulnerability in Metform Elementor Contact Form Builder plugin. The affected versions are Metform Elementor Contact Form Builder plugin versions up to, and including, 3.2.1.
CVE ID: CVE-2023-0085 (Medium)
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Cost Calculator plugin for WordPress. The affected versions are Cost Calculator plugin versions up to, and including, 1.8.
CVE ID: CVE-2023-1155 (Medium)
Google has released Chrome Beta 112 (112.0.5615.9) for iOS, Beta channel OS version: 15329.37.0, Browser version 111.0.5563.54 for most ChromeOS devices, Dev channel 112.0.5615.12 for Windows, Linux and Mac and LTS 102.0.5005.197 (Platform Version: 14695.187.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-0931 (High), CVE-2023-0128 (High), CVE-2022-4139 (High), CVE-2022-4378 (High), CVE-2022-45934 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.
A privileges elevation vulnerability has been discovered in ThingsBoard because hard-coded service credentials are stored in an insecure format. The affected version is ThingsBoard 3.4.1.
CVE ID: CVE-2023-26462 (Critical)
A Remote code execution (RCE) vulnerability via install.php has been discovered in typecho. The affected version is typecho 1.1/17.10.30.
CVE ID: CVE-2023-24114 (Critical)
Misskey has released a security update to address a SQL injection vulnerability in its products. The affected versions are Misskey prior to 13.3.3.
CVE ID: CVE-2023-24812 (Critical)
An access control vulnerability has been discovered in H3C A210-G that allows attackers to authenticate without a password. The affected version is H3C A210-G A210-GV100R005.
CVE ID: CVE-2023-24093 (Critical)
Sequelize has released a security update to address a SQL injection vulnerability in it. The affected versions are Sequelize prior to 6.19.1.
CVE ID: CVE-2023-25813 (Critical)
It has been discovered that MvcTools contains a code execution backdoor via the request package that allows to access sensitive user information and execute arbitrary code. The affected version is MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737.
CVE ID: CVE-2023-24108 (Critical)
A path traversal vulnerability has been discovered in a GitHub repository. The affected versions are GitHub repository flatpressblog/flatpress prior to 1.3.
CVE ID: CVE-2023-0947 (Critical)
A SQL Injection vulnerability has been discovered in GeoTools when executing OGC Filters with JDBCDataStore implementations. Security updates and mitigations are available.
CVE ID: CVE-2023-25158 (Critical)
An information disclosure vulnerability due to plaintext storage of password has been discovered in Mitsubishi Electric's Equipment- MELSEC iQ-F Series which can allows to login into FTP server or Web server by obtaining plaintext credentials stored in project files.
CVE ID: CVE-2023-0457 (High)
Baicells has released a security update to address an improper code exploitation via HTTP GET command injections in Baicells EG7035-M11 devices. The affected versions are Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8.
CVE ID: CVE-2023-1097
NVIDIA has released security updates for NVIDIA CUDA Toolkit software that address vulnerabilities that can lead to Denial of Service (DoS) or information disclosure. All versions prior to 12.1 for Linux and Windows are affected.
CVE ID: CVE-2023-0193 (Medium), CVE-2023-0196 (Low)
Versionn has released a security update to address a command injection vulnerability in it. All versions of Versionn prior to 1.1.0 are affected.
CVE ID: CVE-2023-25805 (Critical)
A LDAP injection vulnerability has been discovered in LdapIdentityBackend for Apache Kerby. The affected versions are LdapIdentityBackend of Apache Kerby before 2.0.3.
CVE ID: CVE-2023-25613 (Critical)
SQL Injection vulnerability has been discovered in SourceCodester Online Pizza Ordering System. The affected version is SourceCodester Online Pizza Ordering System 1.0.
CVE ID: CVE-2023-0910 (Critical)
Missing Authentication vulnerability has been discovered in SourceCodester Online Pizza Ordering System. The affected version is SourceCodester Online Pizza Ordering System 1.0.
CVE ID: CVE-2023-0906 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Git, and Firefox packages. The affected products are Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.
Multiple vulnerabilities have been discovered in the web-based management interface of Cisco IP Phones that can allow to execute arbitrary code or can cause a Denial of Service (DoS) condition. The affected products are Cisco IP Phone 6800, 7800, 7900, & 8800 Series, Unified IP Phone 7900 Series, Unified IP Conference Phone 8831 and Unified IP Conference Phone 8831 with Multiplatform Firmware. Updates are available for some products.
CVE ID: CVE-2023-20078 (Critical), CVE-2023-20079 (High)
Versionn has released a security update to address a command injection vulnerability in it. All versions of Versionn prior to 1.1.0 are affected.
CVE ID: CVE-2023-25805 (Critical)
A LDAP injection vulnerability has been discovered in LdapIdentityBackend for Apache Kerby. The affected versions are LdapIdentityBackend of Apache Kerby before 2.0.3.
CVE ID: CVE-2023-25613 (Critical)
SQL Injection vulnerability has been discovered in SourceCodester Online Pizza Ordering System. The affected version is SourceCodester Online Pizza Ordering System 1.0.
CVE ID: CVE-2023-0910 (Critical)
Missing Authentication vulnerability has been discovered in SourceCodester Online Pizza Ordering System. The affected version is SourceCodester Online Pizza Ordering System 1.0.
CVE ID: CVE-2023-0906 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Git, and Firefox packages. The affected products are Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.
Multiple vulnerabilities have been discovered in the web-based management interface of Cisco IP Phones that can allow to execute arbitrary code or can cause a Denial of Service (DoS) condition. The affected products are Cisco IP Phone 6800, 7800, 7900, & 8800 Series, Unified IP Phone 7900 Series, Unified IP Conference Phone 8831 and Unified IP Conference Phone 8831 with Multiplatform Firmware. Updates are available for some products.
CVE ID: CVE-2023-20078 (Critical), CVE-2023-20079 (High)
Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products.
CVE ID: CVE-2023-20104 (Medium), CVE-2023-20088 (Medium), CVE-2023-20061 (Medium), CVE-2023-20062 (Medium), CVE-2023-20069 (Medium)
WordPress has released security updates to resolve a Cross-Site Request Forgery ( vulnerability in Maspik plugin. The affected versions are Maspik plugin versions up to and including 0.7.8.
CVE ID: CVE-2023-24008 (Medium)
WordPress has released security updates to resolve an unauthorized shortcode injection vulnerability in WoodMart theme. The affected versions are WoodMart theme versions up to, and including, 7.1.1.
CVE ID: CVE-2023-25790 (Medium)
Dell has released security updates to address Apache Tomcat version disclosure & RabbitMQ version disclosure vulnerabilities in Dell NetWorker. The affected versions are Dell NetWorker, NVE 19.5 and earlier.
CVE ID: CVE-2023-25544 (High), CVE-2023-24567 (High)
Google has released Chrome 111 (111.0.5563.48/49) for Android, Chrome Beta 111 (111.0.5563.49) for Android, Stable channel 111.0.5563.50 for Windows and Mac, and Beta channel 111.0.5563.50 for Windows, Mac and Linux.
Huawei has released a security update to address an out-of-bounds write vulnerability in Huawei sound box product that can cause buffer overflow. The affected version is FLMG-10 10.0.1.0(H100SP22C00).
CVE ID: CVE-2022-48330 (High)
The Trusted Computing Group (TCG) has released an update to address multiple buffer overflow vulnerabilities in the Trusted Platform Module (TPM) that allows either read-only access to sensitive data or overwriting of normally protected data. The affected version is Trusted Platform Module (TPM) 2.0 reference library specification.
CVE ID: CVE-2023-1017, CVE-2023-1018
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released a security update to resolve integer overflow and buffer out-of-bounds vulnerabilities in syslog-ng package, which can cause Denial of Service (DoS) via crafted syslog input.
CVE ID: CVE-2022-38725 (High)
Mozilla has released a security update to address a use after free vulnerability in Firefox for Android 110.1.0. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-25747 (High)
Multiple Cross Site Scripting (XSS) vulnerabilities have been discovered in EC-CUBE that can cause execution of arbitrary scripts on the web browser. The affected products are EC-CUBE 4 series, EC-CUBE 3 series, and EC-CUBE 2 series. The security updates and workarounds are available.
CVE ID: CVE-2023-22438 (Medium), CVE-2023-25077 (Medium), CVE-2023-22838 (Medium)
An open redirect vulnerability has been discovered in web2py admin development tool that may be redirected to an arbitrary website by accessing a specially crafted URL results in a phishing attack. The affected versions are web2py prior to 2.23.1.
CVE ID: CVE-2023-22432 (Medium)
VMware has released a security update to address a passcode bypass vulnerability in VMware Workspace ONE Content. All versions of VMware Workspace ONE Content running on Android are affected whereas all versions of VMware Workspace ONE Content running on iOS are unaffected.
CVE ID: CVE-2023-20857 (Medium)
WordPress has released security updates to resolve a reflected Cross-Site Scripting (XSS) vulnerability in the GN Publisher plugin. The affected versions are GN Publisher plugin versions up to, and including 1.5.5.
CVE ID: CVE-2023-1080 (Medium)
Dell has released security updates and workarounds to address multiple vulnerabilities in Dell PowerScale OneFS that can be exploited by malicious users to compromise the affected system.
An update package validation vulnerability has been discovered in Hitachi Energy’s Equipment- Relion 670, 650 and SAM600-IO Series products. Successful exploitation of this vulnerability can cause the IED to restart, causing a temporary Denial of Service (DoS).
CVE ID: CVE-2022-3864 (Medium)
Hibernate query language (HQL) injection vulnerability has been discovered in Liima. The affected versions are Liima before 1.17.28.
CVE ID: CVE-2023-26093 (Critical)
Server-side template injection vulnerability has been discovered in TOTOLINK A720R. The affected version is TOTOLINK A720R V4.1.5cu.532_ B20210610.
CVE ID: CVE-2023-23064 (Critical)
SQL injection vulnerability has been discovered in SourceCodester Music Gallery Site. The affected version is SourceCodester Music Gallery Site 1.0.
CVE ID: CVE-2023-1054 (Critical)
SQL injection vulnerability has been discovered in SourceCodester Music Gallery Site. The affected version is SourceCodester Music Gallery Site 1.0.
CVE ID: CVE-2023-1053 (Critical)
WordPress has released security update to resolve a privilege escalation vulnerability in Houzez theme. The affected versions are Houzez theme versions up to, and including, 2.7.1.
CVE ID: CVE-2023-26540 (Critical)
Server-side template injection vulnerability has been discovered in Liima. The affected versions are Liima before 1.17.28.
CVE ID: CVE-2023-26092 (Critical)
Ubuntu has released security updates to address several vulnerabilities in OpenJDK. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
CVE ID: CVE-2023-21830 (Medium), CVE-2023-21843 (Low), CVE-2023-21835 (Medium)
Red Hat has released security updates to address multiple vulnerabilities in service-binding-operator-bundle-container and service-binding-operator-container for for OpenShift Developer Tools and Services for OCP 4.9.s.
Ubuntu has released security updates to address an integer overflow vulnerability in Apache Portable Runtime (APR) that can result in memory corruption. The affected products are Ubuntu 22.10, and Ubuntu 22.04 LTS.
CVE ID: CVE-2022-24963 (Critical)
SQL injection vulnerability has been discovered in SourceCodester Online Graduate Tracer System. The affected version is SourceCodester Online Graduate Tracer System 1.0.
CVE ID: CVE-2023-1040 (Critical)
SQL injection vulnerability has been discovered in SourceCodester Best POS Management System. The affected version is SourceCodester Best POS Management System 1.0.
CVE ID: CVE-2023-0946 (Critical)
SQL injection vulnerability has been discovered in SourceCodester Music Gallery Site. The affected version is SourceCodester Music Gallery Site 1.0.
CVE ID: CVE-2023-0938 (Critical)
An unserialized user input vulnerability has been discovered in ShopLentor WordPress plugin, which can lead to PHP Object Injection. The affected versions are ShopLentor WordPress plugin before 2.5.4.
CVE ID: CVE-2023-0232 (Critical)
Out-of-bounds Read vulnerability has been discovered in Gluster GlusterFS. The affected version is Gluster GlusterFS 11.0.
CVE ID: CVE-2023-26253 (Critical)
An unrestricted upload vulnerability has been discovered in codeprojects Pharmacy Management System. The affected version is codeprojects Pharmacy Management System 1.0.
CVE ID: CVE-2023-0918 (Critical)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
WordPress has released a security update to resolve a Cross-Site Request Forgery vulnerability in Download Read More Excerpt Link plugin. The affected versions are Download Read More Excerpt Link plugin versions up to, and including, 1.6.0.
CVE ID: CVE-2023-1068 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
It has been discovered that vulnerable TigerVNC versions are being used in B&R products. Successful exploitation of these vulnerabilities may allow an attacker to insert and run arbitrary code in an affected B&R product. Security updates are available for some products.
CVE ID: CVE-2019-15691 (High), CVE-2019-15692 (High), CVE-2019-15693 (High), CVE-2019-15694 (High), CVE-2019-15695 (High)
Debian has released security updates to resolve several vulnerabilities in spip, and python-werkzeug packages. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-23934 (Low), CVE-2023-25577 (High)
Debian has released security updates to resolve several vulnerabilities in php7.3, and nodejs package. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-31631 (Medium), CVE-2023-0567 (Medium), CVE-2023-0568 (Critical), CVE-2023-0662 (High), CVE-2022-43548 (High), CVE-2023-23920
GitLab has released Community Edition and Enterprise Edition version 15.9.1 to resolve a number of regressions and bugs in the 15.9 release and prior versions.
Command injection vulnerability has been discovered in TOTOlink. The affected version is TOTOlink A7100RU(V7.4cu.2313_B20191024).
CVE ID: CVE-2023-24238 (Critical)
Command injection vulnerability has been discovered in TOTOlink. The affected version is TOTOlink A7100RU(V7.4cu.2313_B20191024).
CVE ID: CVE-2023-24236 (Critical)
Improper attribute filtering vulnerability has been discovered in Sequalize js library that can allow an attacker to perform SQL injections.
CVE ID: CVE-2023-22578 (Critical)
It has been discovered that in PHP the core path resolution function allocate buffer one byte too small, which can lead to unauthorized data access or modification. The affected versions are PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3.
CVE ID: CVE-2023-0568 (Critical)
A vulnerability has been discovered in Netgear that can lead to command injection. The affected version is Netgear WNDR3700v2 1.0.1.14.
CVE ID: CVE-2023-0849 (Critical)
Remote code execution vulnerability has been discovered in Kardex Mlog. The affected version is Kardex Mlog MCC 5.7.12+0-a203c2a213-master.
CVE ID: CVE-2023-22855 (Critical)
It has been discovered that parameter manipulation on an unspecified end-point of Priority Web can allow authentication bypass. The affected version is Priority Web version 19.1.0.68.
CVE ID: CVE-2023-23460 (Critical)
WordPress has released a security update to resolve a Stored Cross-Site Scripting vulnerability in All in One SEO Pack plugin. The affected versions are All in One SEO Pack plugin versions up to, and including, 4.2.9.
CVE ID: CVE-2023-0586 (Medium)
WordPress has released a security update to resolve a Stored Cross-Site Scripting vulnerability in All in One SEO Pack plugin. The affected versions are All in One SEO Pack plugin versions up to, and including, 4.2.9.
CVE ID: CVE-2023-0585 (Medium)
WordPress has released a security update to resolve a Cross-Site Request Forgery vulnerability in WP Meta SEO plugin. The affected versions are WP Meta SEO plugin versions up to, and including, 4.5.3.
CVE ID: CVE-2023-1029 (Medium)
WordPress has released a security update to resolve a Stored Cross-Site Scripting vulnerability in Spotify Play Button for WordPress plugin. The affected versions areSpotify Play Button for WordPress plugin versions up to, and including, 2.05.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities such as Improper Validation of Array Index, Integer Overflow or Wraparound have been discovered in PTC's Equipment- ThingWorx Edge. Successful exploitation of these vulnerabilities can allow an attacker to crash the device or could allow remote code execution.
CVE ID: CVE-2023-0755 (Critical), CVE-2023-0754 (Critical)
HAProxy has released security updates to address a bypass of access control vulnerability in the HTTP header parsers. The affected versions are HAProxy before 2.7.3.
CVE ID: CVE-2023-25725 (Critical)
A vulnerability has been discovered in ?ConnectWise Control through 22.9.10032 that allows to escalate privileges, or execute arbitrary commands.
CVE ID: CVE-2023-25718 (Critical)
An arbitrary file upload vulnerability has been discovered in Food Ordering System that allows attackers to execute arbitrary code via a crafted PHP file. The affected version is Food Ordering System v2.0.
CVE ID: CVE-2023-24646 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Ruckus Wireless Admin via an unauthenticated HTTP GET Request. The affected versions are Ruckus Wireless Admin through 10.4.
CVE ID: CVE-2023-25717 (Critical)
A command injection vulnerability has been discovered in a GitHub repository. The affected versions are GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE ID: CVE-2023-0789 (Critical)
A code Injection vulnerability has been discovered in a GitHub repository. The affected versions are GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE ID: CVE-2023-0788 (Critical)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel (AWS). The affected product is Ubuntu 16.04 ESM.
CVE ID: CVE-2023-0045 (Low), CVE-2023-23559 (High), CVE-2022-41858 (High), CVE-2021-4155 (Medium), CVE-2022-42895 (Medium), CVE-2022-20566 (High)
Google has released Stable channel 110.0.5481.181 (Platform version: 15278.72.0) for most ChromeOS devices, Beta channel 111.0.5563.41 for Windows, Mac and Linux, Chrome Dev 112 (112.0.5610.0) for Android and LTC-108, 108.0.5359.221 (Platform Version: 15183.8240) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-0128 (High), CVE-2023-0129 (High), CVE-2022-4139 (High), CVE-2022-4378 (High), CVE-2022-45934 (High)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available for some products.
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple ClamAV vulnerabilities allow remote attackers to execute arbitrary code or local users to obtain sensitive information via a susceptible version of Antivirus Essential, Synology Mail Server, and Synology MailPlus Server. Security updates are available for some products.
CVE ID: CVE-2023-20032 (Critical), CVE-2023-20052 (Medium)
Multiple Cross Site Scripting (XSS) vulnerabilities have been discovered in SHIRASAGI. The affected versions are SHIRASAGI v1.16.2 and earlier. Security update is available.
CVE ID: CVE-2023-22425 (Medium), CVE-2023-22427 (Medium)
Ubuntu has released security updates to address several vulnerabilities in Linux kernel (HWE), and MariaDB. The affected products are Ubuntu 16.04 ESM, Ubuntu 22.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS.
Dell has released a security update to address the OpenSSL vulnerability in Dell PowerVault ME5. The affected products are ME5012, ME5024, & ME5084 using versions before ME5.1.1.0.5.
CVE ID: CVE-2022-0778 (High)
Multiple vulnerabilities have been discovered in BIG-IP (all modules), F5OS, NGINX and several products of F5.
CVE ID: CVE-2022-41622 (Medium), CVE-2022-36760 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A command injection vulnerability has been discovered in TOTOLINK CA300-PoE. The affected version is TOTOLINK CA300-PoE V6.2c.884.
CVE ID: CVE-2023-24161 (Critical)
A command injection vulnerability has been discovered in TOTOLINK CA300-PoE. The affected version is TOTOLINK CA300-PoE V6.2c.884.
CVE ID: CVE-2023-24160 (Critical)
A command injection vulnerability has been discovered in TOTOLINK CA300-PoE. The affected version is TOTOLINK CA300-PoE V6.2c.884.
CVE ID: CVE-2023-24159 (Critical)
A Structured Exception Handler (SEH) based buffer overflow vulnerability has been discovered in cache validation service of COMOS which can cause execute arbitrary code & Denial of Service (DoS) condition. The affected versions are COMOS V10.2, COMOS V10.3.3.1, COMOS V10.3.3.2, COMOS V10.3.3.3, COMOS V10.3.3.4, COMOS V10.4.0.0, COMOS V10.4.1.0, COMOS V10.4.2.0.
CVE ID: CVE-2023-24482 (Critical)
A vulnerability has been discovered in Tenda AC23 that leads to out-of-bounds write. The affected version is Tenda AC23 16.03.07.45.
CVE ID: CVE-2023-0782 (Critical)
A code injection vulnerability has been discovered in the GitHub repository pyload. The affected version are pyload prior to 0.5.0b3.dev31.
CVE ID: CVE-2023-0297 (Critical)
Google has released Chrome Beta 111 (111.0.5563.39) for iOS, Chrome Beta 111 (111.0.5563.38) for Android, Stable channel 109.0.5414.129 for Windows Server 2012 & Windows Server 2012 R2, Chrome 110 (110.0.5481.153/.154) for Android, Stable channel 110.0.5481.177 for Mac and Linux and 110.0.5481.177/.178 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2023-0941 (Critical), CVE-2023-0927 (High), CVE-2023-0928 (High), CVE-2023-0929 (High), CVE-2023-0930 (High), CVE-2023-0931 (High), CVE-2023-0932 (High), CVE-2023-0933 (Medium)
Zyxel has released security updates to address a security misconfiguration vulnerability in 4G LTE indoor routers. The affected versions are 4G LTE indoor routers: LTE3202-M437 V1.00(ABWF.1)C0, and LTE3316-M604 V2.00(ABMP.6)C0.
CVE ID: CVE-2023-22920 (Critical)
Multiple Time of Check to Time-of Use (TOCTOU) vulnerabilities have been discovered in the HP BIOS for certain HP PC products that may allow arbitrary code execution, Denial of Service (DoS), and information disclosure.
CVE ID: CVE-2022-27539 (High), CVE-2022-27541 (High), CVE-2022-43777 (High), CVE-2022-43778 (High)
Hitachi's IEC 61850 Communication Stack vulnerability has been discovered in ABB's AC 800PEC and AC 800PEC-based products.
CVE ID: CVE-2022-3353 (Medium)
WordPress has released security updates to resolve a reflected Cross-Site Scripting (XSS) vulnerability in Japanized For WooCommerce plugin. The affected products are Japanized For WooCommerce plugin versions up to, and including 2.5.4.
CVE ID: CVE-2023-0942 (Medium)
Google has released Beta channel OS version: 15329.24.0 Browser version: 111.0.5563.31 for most ChromeOS devices, and Chrome Stable 110 (110.0.5481.114) for iOS.
Foxit has released updated Foxit PDF Reader 12.1.1 and Foxit PDF Editor 12.1.1 to resolve multiple vulnerabilities in Foxit PDF Reader 12.1.0.15250 and earlier, and Foxit PDF Editor 12.1.0.15250 and all previous 12.x versions, 11.2.4.53774 and all previous 11.x versions, 10.1.10.37854 and earlier.
A vulnerability has been discovered in SAP BusinessObjects Business Intelligence Platform that can cause a high impact on confidentiality, integrity and availability of the application. The affected versions are SAP BusinessObjects Business Intelligence Platform (CMC) versions 420, 430.
CVE ID: CVE-2023-24530 (Critical)
An authentication bypass vulnerability has been discovered in DataHub. The affected versions are DataHub prior to 0.8.45.
CVE ID: CVE-2023-25562 (Critical)
It has been discovered that the DataHub proxy does not adequately construct the URL when forwarding data to GMS, which allow to reroute requests from the DataHub Frontend to any arbitrary hosts.
CVE ID: CVE-2023-25557 (Critical)
Debian has released security updates to resolve multiple vulnerabilities in tiff, apr-util, python-cryptography, and amanda packages. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-25147 (Critical), CVE-2023-23931 (Medium), CVE-2022-37704, CVE-2023-0795 (Medium), CVE-2023-0796 (Medium), CVE-2023-0797 (Medium), CVE-2023-0798 (Medium), CVE-2023-0799 (Medium), CVE-2023-0800 (Medium), CVE-2023-0801 (Medium), CVE-2023-0802 (Medium), CVE-2023-0803 (Medium), CVE-2023-0804 (Medium).
VMware has released security updates to address XML External Entity (XXE), and injection vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20858 (Critical), CVE-2023-20855 (High)
Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment: MELSOFT iQ AppPortal. The affected versions are MELSOFT iQ AppPortal SW1DND-IQAPL-M versions 1.00A to 1.29F.
CVE ID: CVE-2022-26377 (High), CVE-2022-31813 (Critical)
Apache Commons FileUpload vulnerability has been discovered in Apache Tomcat which may allow an attacker to trigger DoS with a malicious upload or series of uploads.
CVE ID: CVE-2023-24998
Debian has released security updates to resolve multiple vulnerabilities in python-django, clamav, and openssl packages. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-24580, CVE-2023-20032 (Critical), CVE-2023-20052 (Medium), CVE-2022-2097 (Medium), CVE-2022-4304, CVE-2022-4450 (High), CVE-2023-0215 (High), CVE-2023-0286 (Critical)
Debian has released security updates to resolve multiple vulnerabilities in thunderbird packages. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-46871 (High), CVE-2022-46877 (Medium), CVE-2023-0430, CVE-2023-0616, CVE-2023-0767, CVE-2023-23598, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25744, CVE-2023-25746
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released security updates to resolve multiple vulnerabilities in c-ares, gnutls28, and golang-github-opencontainers-selinux packages. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-4904 (High), CVE-2019-16884 (High), CVE-2023-0361 (High)
Multiple vulnerabilities have been discovered in vSlider Multi Image Slider plugin, and WP Coder add custom html, css and js code plugin for WordPress. Security updates & patches are available for WP Coder add custom html, css and js code plugin.
CVE ID: CVE-2023-0895 (High)
Authentication Bypass vulnerability has been discovered in GitHub repository modoboa. Versions prior to 2.0.4 are affected by the flaw.
CVE ID: CVE-2023-0777 (Critical)
Stack overflow vulnerability has been discovered in D-Link N300 WI-FI Router. The affected version is D-Link N300 WI-FI Router DIR-605L v2.13B01.
CVE ID: CVE-2023-24352 (Critical)
Improper Access Control vulnerability has been discovered in GitHub repository answer. Versions prior to 1.0.4 are affected by the flaw.
CVE ID: CVE-2023-0744 (Critical)
Joomla has released a security update to resolve an incorrect access control vulnerability in Joomla CMS. The affected versions are Joomla CMS versions 4.0.0 to 4.2.7.
CVE ID: CVE-2023-23752 (Critical)
Multiple vulnerabilities have been discovered in several Fortinet products. Security updates are available.
CVE ID: CVE-2022-39952 (Critical), CVE-2021-42756 (Critical)
Multiple vulnerabilities such as Cross-Site Scripting (XSS), SQL injection, and authorization bypass have been discovered in Delta Electronics equipment - DIAEnergie, which allows to inject arbitrary code to retrieve and modify database contents and execute system commands. The affected DIAEnergie versions are version prior to v1.9.01.002, versions prior to v1.9.02.001 and versions prior to v1.9.03.001.
CVE ID: CVE-2022-41701 (High), CVE-2022-40965 (High), CVE-2022-41555 (High), CVE-2022-41702 (High), CVE-2022-41651 (High), CVE-2022-40967 (High), CVE-2022-41133 (High), CVE-2022-41773 (High), CVE-2022-41775 (High), CVE-2022-43447 (High), CVE-2022-43506 (High), CVE-2022-43457 (High), CVE-2022-43452 (High), CVE-2023-0822
Credentials Management Errors vulnerability has been discovered in BD's Equipment- Alaris Infusion Central. The affected versions are Alaris Infusion Central software 1.1 to 1.3.2.
CVE ID: CVE-2022-47376 (High)
Out-of-bounds Write vulnerability has been discovered in Sub-IoT project's Equipment- DASH 7 Alliance Protocol stack implementation. All versions of Sub-IoT DASH 7 Alliance protocol implementation prior to 0.5.0 are affected.
CVE ID: CVE-2023-0847 (Medium)
A SQL injection vulnerability has been discovered in the SourceCodester Medical Certificate Generator App. The affected version is SourceCodester Medical Certificate Generator App 1.0.
CVE ID: CVE-2023-0774 (Critical)
A relative path traversal vulnerability has been discovered in Yugabyte Managed. The affected versions are Yugabyte Managed 2.0 through 2.13.
CVE ID: CVE-2023-0745 (Critical)
A SQL injection vulnerability has been discovered in glorylion JFinalOA. The affected version is glorylion JFinalOA 1.0.2.
CVE ID: CVE-2023-0758 (Critical)
A vulnerability has been discovered in WAGO Unmanaged Switch firmware version 01 that allows to read system information and configure a limited set of parameters.
CVE ID: CVE-2022-3843 (Critical)
A stack overflow vulnerability has been discovered in D-Link N300 WI-FI Router. The affected version is D-Link N300 WI-FI Router DIR-605L v2.13B01.
CVE ID: CVE-2023-24344 (Critical)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 102.8. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-0616 (Low), CVE-2023-25728 (High), CVE-2023-25730 (High), CVE-2023-0767 (High), CVE-2023-25735 (High), CVE-2023-25737 (High), CVE-2023-25738 (High), CVE-2023-25739 (High), CVE-2023-25729 (Medium), CVE-2023-25732 (Medium), CVE-2023-25734 (Medium), CVE-2023-25742 (Low), CVE-2023-25746 (High)
ClamAV has released updated versions 0.103.8, 0.105.2 and 1.0.1 to address multiple vulnerabilities in its products. ClamAV 0.104 has reached end-of-life according to the ClamAV End of Life (EOL) policy and will not be patched.
CVE ID: CVE-2023-20032 (Critical), CVE-2023-20052 (Medium)
A Cross Site Scripting (XSS) vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository answerdev/answer prior to 1.0.4.
CVE ID: CVE-2023-0740 (Critical)
Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products.
CVE ID: CVE-2023-20032 (Critical), CVE-2023-20014 (High), CVE-2023-20009 (Medium), CVE-2023-20075 (Medium), CVE-2023-20052 (Medium), CVE-2022-20952 (Medium), CVE-2023-20053 (Medium), CVE-2023-20085 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
Juniper has released security updates to address Denial of Service (DoS) condition in Juniper Networks Junos OS on MX Series & SRX Series. The affected versions are Junos OS 20.4 versions prior to 20.4R3-S4, 21.1 versions prior to 21.1R3-S3, 21.2 versions prior to 21.2R3-S2, 21.3 versions prior to 21.3R3, 21.4 versions prior to 21.4R3 and 22.1 versions prior to 22.1R2
CVE ID: CVE-2023-22412 (High)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2023-25762 (High), CVE-2023-25761 (High), CVE-2023-25763 (High), CVE-2023-25764 (High), CVE-2023-25765 (High), CVE-2023-25766 (High), CVE-2023-25767 (Medium), CVE-2023-25768 (Medium), CVE-2023-23850 (Medium), CVE-2023-23847 (High), CVE-2023-23848 (High)
Google has released Stable channel 110.0.5481.112 (Platform version: 15278.64.0) for most ChromeOS devices, and Chrome Dev 112 (112.0.5594.1) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A Cross Site Scripting (XSS) vulnerability has been discovered in GitHub repository. The affected versions are GitHub repository answerdev/answer prior to 1.0.4.
CVE ID: CVE-2023-0742 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
The privilege escalation and information disclosure vulnerabilities have been discovered in AMD products. The mitigations are available.
CVE ID: CVE-2022-27677 (High), CVE-2022-27672 (Low)
Intel has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-41614 (Medium), CVE-2022-41314 (Medium), CVE-2021-33104 (Medium), CVE-2022-38090 (Medium)
Multiple vulnerabilities have been discovered in several Hitachi Energy products. An attacker can exploit these vulnerabilities to take control of an affected system. The workarounds/mitigations are available.
GitLab has released updated versions 15.8.2, 15.7.7 and 15.6.8 for GitLab Community Edition (CE) and Enterprise Edition (EE).
CVE ID: CVE-2023-23946 (Critical), CVE-2023-22490 (Critical)
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
A path traversal vulnerability has been discovered in Weintek's Equipment- EasyBuilder Pro. The affected versions are Weintek EasyBuilder Pro: v6.07.01 and prior, v6.07.02.479 and prior, and v6.08.01.349 and prior. The updates are available.
CVE ID: CVE-2023-0104 (Critical)
Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Windows iSCSI Discovery Service.
CVE ID: CVE-2023-21803 (Critical)
Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Microsoft's Protected Extensible Authentication Protocol (PEAP).
CVE ID: CVE-2023-21692 (Critical)
Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Microsoft's Protected Extensible Authentication Protocol (PEAP).
CVE ID: CVE-2023-21690 (Critical)
Microsoft has released security updates to resolve Remote Code Execution (RCE) vulnerability in Microsoft's Protected Extensible Authentication Protocol (PEAP).
CVE ID: CVE-2023-21689 (Critical)
GNU C Library has released a security update to address a buffer overflow vulnerability in Call Graph Monitor component of GNU C Library. The affected version is GNU C Library 2.38.
CVE ID: CVE-2023-0687 (Critical)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2022-1292 (Critical), CVE-2023-24482 (Critical), CVE-2022-37885 (Critical), CVE-2022-37886 (Critical), CVE-2022-37887 (Critical), CVE-2022-37888 (Critical), CVE-2022-37889 (Critical), CVE-2022-37890 (Critical), CVE-2022-37891 (Critical)
WordPress has released a security update to resolve an Authenticated Arbitrary Post Access vulnerability in Ocean Extra plugin. The affected products are Ocean Extra plugin versions up to, and including 2.1.2.
CVE ID: CVE-2023-0749 (Medium)
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
Citrix has released security updates to address multiple vulnerabilities in Citrix Workspace Apps for Windows and Linux, Virtual Apps and Desktops. A local user could exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-24486 (High), CVE-2023-24484 (High), CVE-2023-24485 (High), CVE-2023-24483 (High)
Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR 102.8 and Firefox 110. An attacker can exploit these vulnerabilities to take control of an affected system.
WordPress has released a security update to resolve a sensitive information disclosure vulnerability in Profile Builder - User Profile & User Registration Forms plugin. The affected versions are Profile Builder “ User Profile & User Registration Forms plugin versions up to, and including, 3.9.0.
CVE ID: CVE-2023-0814 (Medium)
SonicWall has released security updates to address a vulnerability in SonicWall Email Security, that allows to access an error page that includes sensitive information about users email addresses. The affected versions are Email Security 10.0.19.7431 and earlier versions.
CVE ID: CVE-2023-0655 (Medium)
SAP has released security updates to address several vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G provided by PLANEX COMMUNICATIONS INC. All versions of Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G are affected.
CVE ID: CVE-2023-22370 (Medium), CVE-2023-22375 (Medium), CVE-2023-22376 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
WordPress has released a security update to resolve a stored Cross-Site Scripting (XSS) vulnerability in Announce from the Dashboard plugin. The affected versions are Announce from the Dashboard plugin versions up to, and including, 1.5.1.
Apple has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-23529, CVE-2023-23514, CVE-2023-23522
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released security updates to resolve several vulnerabilities in Wireshark package. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-4345 (Medium), CVE-2023-0411 (Medium), CVE-2023-0412 (Medium), CVE-2023-0413 (Medium), CVE-2023-0415 (Medium), CVE-2023-0417 (Medium)
A SQL injection vulnerability has been discovered in the SourceCodester Canteen Management System. The affected version is SourceCodester Canteen Management System 1.0.
CVE ID: CVE-2023-0679 (Critical)
vBulletin has released security updates to address an arbitrary code vulnerability via a crafted HTTP request in it. The affected versions are vBulletin before 5.6.9 PL1.
CVE ID: CVE-2023-25135 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released security updates to resolve several vulnerabilities in the snort package. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2020-3299 (Medium), CVE-2020-3315 (Medium), CVE-2021-1223 (High), CVE-2021-1224 (Medium), CVE-2021-1236 (Medium), CVE-2021-1494, CVE-2021-1495 (Medium), CVE-2021-34749 (High), CVE-2021-40114 (High)
A missing authentication for a critical function vulnerability has been discovered in the PC Settings Tool Library contained in the PC Settings Tool. The affected versions are PC Settings Tool Library versions 10.1.26.0 & earlier and versions 11.0.22.0 & earlier.
CVE ID: CVE-2023-25011 (High)
Multiple vulnerabilities have been discovered in Link Juice Keeper plugin, Podlove Podcast Publisher plugin, and Quick Paypal Payments plugin for WordPress. Security updates & patches are available.
Google has released dev channel 112.0.5582.0 for Windows, Linux and Mac, and Beta channel OS version: 15329.13.0 Browser version: 111.0.5563.14 for most ChromeOS devices.
A SQL injection vulnerability has been discovered in Calendar Event Management System. The affected version is Calendar Event Management System 2.3.0.
CVE ID: CVE-2023-0663 (Critical)
Barenboim json-parser has released a security update to address a buffer overFlow vulnerability in Barenboim json-parser master. The affected version is Barenboim json-parser master v1.1.0.
CVE ID: CVE-2023-23088 (Critical)
An unauthenticated SQL injection vulnerability has been discovered in Easy Digital Downloads WordPress Plugin. The affected versions are Easy Digital Downloads WordPress Plugin 3.1.0.2 and 3.1.0.3.
CVE ID: CVE-2023-23489 (Critical)
SolarView Compact has released security updates to address multiple vulnerabilities in it. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-29303 (High), CVE-2022-40881 (High), CVE-2023-23333 (High), CVE-2022-29298 (Critical), CVE-2022-29302 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Zuken Elmic KASAGO has released a security update to address a vulnerability that can cause hijacking of ongoing TCP sessions or spoofing of future TCP sessions. The affected products are KASAGO IPv6/v4 Dual, KASAGO IPv4, KASAGO IPv4 Light and KASAGO mobile IPv6 which are using versions prior to Ver6.0.1.34.
CVE ID: CVE-2022-43501 (Medium)
Microsoft has released Microsoft Edge Stable Channel (Version 110.0.1587.41) to resolve multiple vulnerabilities.
CVE ID: CVE-2023-21794 (Medium), CVE-2023-23374 (High)
Johnson Controls has released security updates to resolve a Cross-Site Scripting (XSS) vulnerability in its Equipment- System Configuration Tool (SCT) that can allow access to cookies and take over the victim's session. The affected versions are all SCT version 14 prior to 14.2.3, and all SCT version 15 prior to 15.0.3.
CVE ID: CVE-2022-21939 (High), CVE-2022-21940 (High)
Horner Automation has released a security update to address multiple vulnerabilities in its equipment- Cscape Envision RV. The affected product is Cscape Envision RV version 4.60.
CVE ID: CVE-2023-0621 (High), CVE-2023-0622 (High), CVE-2023-0623 (High)
WordPress has released a security update to resolve SQL injection vulnerability in My Sticky Elements plugin. The affected products are My Sticky Elements plugin versions up to, and including, 2.0.8.
CVE ID: CVE-2023-0487 (High)
WordPress has released a security update to resolve Cross-Site Request Forgery (CSRF) vulnerability in ImageMagick Engine plugin. The affected products are ImageMagick Engine plugin versions up to, and including 1.7.5.
CVE ID: CVE-2022-3568 (High)
Google has released Chrome 111 Beta channel (111.0.5563.19) for Windows, Mac and Linux, Chrome Dev 112 (112.0.5582.0) for Android, and Chrome Beta 111 (111.0.5563.15) for Android.
A vulnerability has been discovered in MojoJson that allows attackers to execute arbitrary code via the destroy function. The affected version is MojoJson v1.2.3.
CVE ID: CVE-2023-23087 (Critical)
A buffer overFlow vulnerability has been discovered in MojoJson that allows an attacker to execute arbitrary code via the SkipString function. The affected version is MojoJson v1.2.3.
CVE ID: CVE-2023-23086 (Critical)
A command injection vulnerability has been discovered in the function updateWifiInfo of TOTOLINK Technology routers T8 V4.1.5cu that allows to execute arbitrary commands via a crafted MQTT packet.
CVE ID: CVE-2023-24157 (Critical)
A command injection vulnerability has been discovered in the function recvSlaveUpgstatus of TOTOLINK Technology routers T8 V4.1.5cu that allows to execute arbitrary commands via a crafted MQTT packet.
CVE ID: CVE-2023-24156 (Critical)
A command injection vulnerability has been discovered via the slaveIpList parameter in the function setUpgradeFW of TOTOLINK Technology routers T8 V4.1.5cu.
CVE ID: CVE-2023-24154 (Critical)
A buffer overflow vulnerability has been discovered in sprintf of GNU C Library (glibc). The affected version is GNU C Library (glibc) 2.37.
CVE ID: CVE-2023-25139 (Critical)
OpenSSH has released a security update to address a double-free vulnerability in OpenSSH server (sshd) during options.kex_algorithms handling. The affected version is OpenSSH server (sshd) 9.1.
CVE ID: CVE-2023-25136 (Critical)
Jira Service Management Server and Data Center has released security updates to resolve an authentication vulnerability, which allows an adversary to impersonate another user and gain access to a Jira Service Management instance under certain circumstances.
CVE ID: CVE-2023-22501 (Critical)
A format string vulnerability has been discovered in iControl SOAP of BIG-IP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. The affected versions are BIG-IP 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5.
CVE ID: CVE-2023-22374 (Critical)
It has been discovered that an incorrect handling of '\0' bytes in file uploads in ModSecurity may allow Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall. The affected versions are ModSecurity before 2.9.7.
CVE ID: CVE-2023-24021 (Critical)
A capture-replay vulnerability has been discovered in SAP NetWeaver ABAP Server and ABAP Platform that may allow illegitimate access to the system. The affected versions are SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT.
CVE ID: CVE-2023-0014 (Critical)
It has been discovered that Zoho ManageEngine on-premise products which use Apache xmlsec 1.4.1 are vulnerable to Remote Code Execution (RCE) vulnerability.
CVE ID: CVE-2022-47966 (Critical)
Multiple Git vulnerabilities have been discovered in Jenkins Docker images. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2022-23521 (Critical), CVE-2022-41903 (Critical)
Control By Web has released security updates to address Cross-Site Scripting (XSS), and code injection vulnerabilities in its Web X-400 & Web X-600M. The affected products are Web X-400 prior to 2.8, and Web X-600M prior to 1.16.00.
CVE ID: CVE-2023-23553 (Medium), CVE-2023-23551 (Critical)
Multiple vulnerabilities have been discovered in LS ELECTRIC's Equipment- XBC-DN32U. The affected version is XBC-DN32U: Operating System version 01.80.
CVE ID: CVE-2023-22803 (High), CVE-2023-22804 (Critical), CVE-2023-22805 (Medium), CVE-2023-22806 (High), CVE-2023-22807 (Critical), CVE-2023-0102 (Critical), CVE-2023-0103 (High)
Trend Micro has released security updates to address multiple vulnerabilities in Trend Micro Worry-Free Business Security and Worry-Free Business Security Services (SaaS). The affected versions are Worry-Free Business Security (WFBS) 10.0 SP1, and Worry-Free Business Security Services (WFBSS) SaaS.
CVE ID: CVE-2022-44649 (High), CVE-2022-44650 (High), CVE-2022-44654 (Medium), CVE-2022-45798 (High)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-02-05 or later, address all of these issues.
Dahua has released security updates to address an unauthorized device timestamp modification vulnerability in Dahua embedded products that allows modification in the device system time by sending a specially crafted packet to the vulnerable interface.
CVE ID: CVE-2022-30564 (Medium)
Ubuntu has released security updates to resolve Denial of Service (DoS) vulnerability in Heimdal GSSAPI package. The affected products are Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
CVE ID: CVE-2022-45142
An OS Command injection vulnerability has been discovered in Support Center Plus 11 via Executor in Action when creating new schedules.
CVE ID: CVE-2023-23076 (Critical)
Deserialization of untrusted data vulnerability has been discovered in Apache Software Foundation Apache InLong. The affected versions are Apache InLong 1.1.0 through 1.5.0.
CVE ID: CVE-2023-24997 (Critical)
It has been discovered that URI validation on dompdf can be bypassed on SVG parsing. The affected version is dompdf 2.0.1.
CVE ID: CVE-2023-23924 (Critical)
It has been discovered that SSRF vulnerability can occur because of a lack of input validation in Lexmark products. The affected versions are Lexmark products through 2023-01-12.
CVE ID: CVE-2023-23560 (Critical)
Debian has released security updates to resolve several vulnerabilities in the shim and heimdal package. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-45142
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available for some products.
Huawei has released a security update to address an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00). The affected version is Simba-AL00 1.1.1.274.
CVE ID: CVE-2022-48305 (Medium)
Huawei has released a security update to address an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00). The affected version is Simba-AL00 1.1.1.274.
CVE ID: CVE-2022-48305 (Medium)
Google has released Chrome 110 (110.0.5481.63/.64) & Chrome Dev 111 (111.0.5563.15) for Android, Chrome Stable 110 (110.0.5481.83) for iOS and Chrome 110.0.5481.77/.78 for Windows, 110.0.5481.77 for Mac and Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2023-0696 (High), CVE-2023-0697 (High), CVE-2023-0698 (High), CVE-2023-0699 (Medium), CVE-2023-0700 (Medium), CVE-2023-0701 (Medium), CVE-2023-0702 (Medium), CVE-2023-0703 (Medium), CVE-2023-0704 (Low), CVE-2023-0705 (Low)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
EnOcean Edge Inc. has released a security update to address a use of hard-coded credentials vulnerability in its SmartServer with i.LON Vision equipment. The affected version is EnOcean SmartServer v2.2 SR8/SP8 (4.12.006) with i.LON Vision v2.2 SR8/SP8 (4.12.006).
CVE ID: CVE-2022-3089 (Medium)
A file upload vulnerability has been discovered in Trend Micro Apex One, which allows to upload arbitrary files to the SampleSubmission directory on the server. The affected version is Trend Micro Apex One server build 11110.
CVE ID: CVE-2023-0587 (Critical)
An unauthenticated SQL Injection vulnerability has been discovered in Serenissima Informatica Fast Checkin. The affected version is Serenissima Informatica Fast Checkin version v1.0.
CVE ID: CVE-2022-47770 (Critical)
An arbitrary file write vulnerability has been discovered in Serenissima Informatica Fast Checkin. The affected version is Serenissima Informatica Fast Checkin version v1.0.
CVE ID: CVE-2022-47769 (Critical)
Google has released Chrome 110 (110.0.5481.63/.64) & Chrome Dev 111 (111.0.5563.15) for Android, Chrome Stable 110 (110.0.5481.83) for iOS and Chrome 110.0.5481.77/.78 for Windows, 110.0.5481.77 for Mac and Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2023-0696 (High), CVE-2023-0697 (High), CVE-2023-0698 (High), CVE-2023-0699 (Medium), CVE-2023-0700 (Medium), CVE-2023-0701 (Medium), CVE-2023-0702 (Medium), CVE-2023-0703 (Medium), CVE-2023-0704 (Low), CVE-2023-0705 (Low)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
EnOcean Edge Inc. has released a security update to address a use of hard-coded credentials vulnerability in its SmartServer with i.LON Vision equipment. The affected version is EnOcean SmartServer v2.2 SR8/SP8 (4.12.006) with i.LON Vision v2.2 SR8/SP8 (4.12.006).
CVE ID: CVE-2022-3089 (Medium)
Zyxel has released security updates to address multiple vulnerabilities in its products.
CVE ID: CVE-2022-45854 (Low), CVE-2022-38547 (High), CVE-2022-45441 (High)
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-4728 (Medium), CVE-2022-4729 (Medium), CVE-2022-4730 (Medium), CVE-2022-21619 (Low), CVE-2022-21624 (Low), CVE-2022-21626 (Medium), CVE-2022-21628 (Medium), CVE-2022-39399 (Low), CVE-2023-21835 (Medium), CVE-2023-21843 (Low), CVE-2022-42826, CVE-2023-23517 (High), CVE-2023-23518 (High)
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-4728 (Medium), CVE-2022-4729 (Medium), CVE-2022-4730 (Medium), CVE-2022-21619 (Low), CVE-2022-21624 (Low), CVE-2022-21626 (Medium), CVE-2022-21628 (Medium), CVE-2022-39399 (Low), CVE-2023-21835 (Medium), CVE-2023-21843 (Low), CVE-2022-42826, CVE-2023-23517 (High), CVE-2023-23518 (High)
It has been discovered that Ichiran App is vulnerable to improper server certificate verification that allows Man in the Middle (MITM) attack to eavesdrop on an encrypted communication. The affected products are Ichiran App for iOS versions prior to 3.1.0, and Ichiran App for Android versions prior to 3.1.0.
CVE ID: CVE-2023-22367 (Medium)
Google has released Beta channel OS version: 15278.51.0 Browser version: 110.0.5464.81 for most ChromeOS devices, Chrome Beta 110 (110.0.5481.64) for Android and LTS channel 102.0.5005.196 (Platform Version: 14695.1782.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-0129 (High), CVE-2023-0471 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
An arbitrary file upload vulnerability has been discovered in taocms that allows attackers to execute arbitrary code via a crafted PHP file. The affected version is taocms v3.0.2.
CVE ID: CVE-2022-48006 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Delta Electronics has released security update to address multiple vulnerabilities in its equipment- DIAScreen. Successful exploitation of these vulnerabilities can allow remote code execution. The affected versions are DIAScreen 1.2.1.23 and prior.
CVE ID: CVE-2023-0250 (High), CVE-2023-0251 (High), CVE-2023-0249 (High)
Delta Electronics has released security update to address an OS Command Injection vulnerability in its equipment- DVW-W02W2-E2. The affected version is DVW-W02W2-E2 2.42.
CVE ID: CVE-2022-42139 (Critical)
Delta Electronics has released security update to address OS Command Injection, and Cross-site Scripting vulnerabilities in its equipment- DX-2100-L1-CN. The affected version is DX-2100-L1-CN 1.5.0.10.
CVE ID: CVE-2023-0432 (Critical), CVE-2022-42140 (High)
Baicells Technologies has released security update to address Command Injection vulnerability in its equipment- Nova. The affected versions are Baicells Nova 227, Nova 233, Nova 243 LTE TDD eNodeB devices and Nova 246 with firmware through RTS/RTD 3.6.6.
CVE ID: CVE-2023-24508 (Critical)
VMware has released security update to address an arbitrary file deletion vulnerability in VMware Workstation. A malicious actor with local user privileges on the victim's machine can exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.
CVE ID: CVE-2023-20854 (High)
Multiple vulnerabilities have been discovered in Metform Elementor Contact Form Builder plugin, Cost Calculator plugin, and Real Media Library: Media Library Folder & File Manager plugin for WordPress. The security patches are available for Metform Elementor Contact Form Builder plugin, and Real Media Library: Media Library Folder & File Manager plugin.
CVE ID: CVE-2023-0253 (Medium), CVE-2023-0084 (High)
Dell has released security updates to address multiple vulnerabilities in Dell PowerStore Family, Dell PowerFlex Rack, Dell Avamar Server and Avamar Virtual Edition, and Dell NetWorker. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-42252 (High), CVE-2021-46827 (Medium), CVE-2022-29901 (Medium), CVE-2022-28693, CVE-2022-31681 (Medium), CVE-2022-31696 (High), CVE-2022-31705 (High)
Google has released dev channel 111.0.5563.8 for Windows, Linux and Mac, Chrome Beta 111 (111.0.5563.8) for iOS, and Chrome Dev 111 (111.0.5563.8) for Android.
Mitsubishi Electric has released security updates to resolve multiple vulnerabilities in GOT2000 Series and GT SoftGOT2000. The affected versions are GOT2000 Series: GT27 model 01.14.000 to 01.47.000, GT25 model 01.14.000 to 01.47.000, and GT SoftGOT2000: 1.265B to 1.285X.
CVE ID: CVE-2022-40268 (Medium), CVE-2022-40269 (Medium)
Moxa has released security updates to resolve multiple vulnerabilities in Moxa SDS-3008 Series. The affected versions are SDS-3008 Series Firmware 2.1 or lower.
CVE ID: CVE-2022-40693 (Medium), CVE-2022-40224, CVE-2022-41311, CVE-2022-41312, CVE-2022-41313 (Medium), CVE-2022-40691 (Medium)
Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products.
CVE ID: CVE-2023-20076 (High), CVE-2023-20073 (Medium), CVE-2023-20030 (Medium), CVE-2023-20068 (Medium), CVE-2023-20021 (Medium), CVE-2023-20022 (Medium), CVE-2023-20023 (Medium)
Cross-site Request Forgery vulnerability has been discovered in Login Form of Pulse Connect Secure. The affected versions are Pulse Connect Secure 9.1R12 and below.
Google has released Stable channel 110.0.5481.77 for Windows and Mac, Chrome 110 (110.0.5481.61) for Android, Beta channel 110.0.5481.77 for Windows, Mac and Linux, and Chrome Beta 110 (110.0.5481.61) for Android.
Debian has released security updates to address a Denial of Service (DoS) vulnerability in python-django packages. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-23969
Huawei has released security updates to address multiple vulnerabilities in Huawei whole-home intelligence software. Successful exploitation can allow attackers to access restricted functions.
CVE ID: CVE-2022-48283 (High), CVE-2022-48284 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
A protection bypass vulnerability has been discovered in the Advanced Installer, a third-party component, used by Data Loss Prevention (DLP) for Windows. The affected versions are DLP 11.9.x and earlier.
CVE ID: CVE-2023-0400 (Medium)
GitLab has released updated versions 15.8.1, 15.7.6, and 15.6.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
CVE ID: CVE-2022-3411 (Medium), CVE-2022-4138 (Medium), CVE-2022-3759 (Medium), CVE-2023-0518 (Medium)
It has been discovered that FUJIFILM Business Innovation Corp.'s Driver Distributor contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted. The affected versions are Driver Distributor v2.2.3.1 and earlier.
CVE ID: CVE-2022-43460 (Medium)
Multiple vulnerabilities such as Stack-based Buffer Overflow, and Out-of-bounds Write have been discovered in Delta Electronics' Equipment- DOPSoft. Affected versions are DOPSoft 4.00.16.22 and prior. Delta Electronics recommends users to use DIAScreen instead of DOPSoft.
CVE ID: CVE-2023-0123 (High), CVE-2023-0124 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 18.04 LTS.
VMware has released security update to address a CSRF bypass vulnerability in VMware vRealize Operations (vROps). A malicious user can execute actions on the platform on behalf of the authenticated victim user.
CVE ID: CVE-2023-20856 (Medium)
Unauthenticated Stored Cross-Site Scripting, and Missing Authorization to Settings Update vulnerabilities have been discovered in Beautiful Cookie Consent Banner plugin for WordPress. The security patches are available.
Dell has released security updates to address multiple vulnerabilities in Dell PowerScale OneFS that can be exploited by malicious users to compromise the affected system.
CVE ID: CVE-2023-22575 (High), CVE-2023-22574 (High), CVE-2023-22573 (High), CVE-2023-22572 (High)
Google has released Beta channel OS version: 15278.47.0 Browser version: 110.0.5464.58 for most ChromeOS devices, and LTC-108, 108.0.5359.219 (Platform Version: 15183.82.0) for most ChromeOS devices.
CVE ID: CVE-2023-0471 (High), CVE-2023-0472 (High), CVE-2023-0473 (Medium), CVE-2023-0474 (Medium)
Debian has released security updates to resolve several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in Interactive Geo Maps plugin, RankMath SEO plugin, WP Email Capture plugin, and PrivateContent plugin for WordPress. The security patches are available.
CVE ID: CVE-2023-0581 (Medium)
Dell has released security updates to address multiple vulnerabilities in Dell PowerFlex Appliance, Dell PowerFlex Rack, Dell Unity, Dell UnityVSA, and Dell Unity XT. An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address several vulnerabilities in Linux kernel (Raspberry Pi) and Sudo. The affected products are Ubuntu 22.10, and Ubuntu 14.04 ESM.
CVE ID: CVE-2023-22809 (High), CVE-2022-4378 (High), CVE-2022-42896 (High), CVE-2022-3643 (Critical), CVE-2022-45934 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released security updates to address multiple vulnerabilities in sofia-sip & libzen packages. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-22741 (Critical), CVE-2020-36646 (High)
Multiple vulnerabilities have been discovered in various WordPress plugins. The security patches are available.
CVE ID: CVE-2023-0557 (High), CVE-2023-0555 (High), CVE-2023-0554 (High), CVE-2023-0558 (High), CVE-2023-0553 (Medium), CVE-2023-0550 (High)
Google has released dev channel 111.0.5562.0 for Windows, Linux and Mac, and Stable channel 109.0.5414.125 (Platform version: 15236.80.0) for most ChromeOS devices.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Delta Electronics has released security update to address a Stack-based Buffer Overflow vulnerability in its equipment- CNCSoft. The affected versions are CNCSoft: all versions prior to v1.01.34, and Running ScreenEditor: all versions 1.01.5 and prior.
CVE ID: CVE-2022-4634 (High)
Microsoft has released Microsoft Edge Stable Channel (Version 109.0.1518.70) and Microsoft Edge Extended Stable Channel (Version 108.0.1462.95) to resolve multiple vulnerabilities.
Google has released Chrome Dev 111 (111.0.5557.0) for Android, Dev channel updated to OS version 15324.0.0 & Browser version 111.0.5550.0 for most ChromeOS devices, Chrome Beta 110 (110.0.5481.52) for iOS, Chrome Beta 110 (110.0.5481.50) for Android and Chrome 110.0.5481.52 for Windows, Mac and Linux.
Mitsubishi Electric has released security updates to resolve vulnerability in Pseudo-Random Number Generator (PRNG) affecting MELSEC iQ-F and iQ-R Series products.
CVE ID: CVE-2022-40267
Landis+Gyr has released security update to resolve vulnerability that may cause Denial of Service (DoS) condition in all versions of E850 (ZMQ200) product.
CVE ID: CVE-2022-3083
Rockwell Automation has released security updates to resolve multiple vulnerabilities in several products using GoAhead Web Server.
CVE ID: CVE-2019-5096, CVE-2019-5097
Mitsubishi Electric has released security updates to resolve vulnerability that may allow to gain unauthorized access to a robot controller in MELFA SD/SQ series and F-series Robot Controllers.
CVE ID: CVE-2022-33323
Sierra Wireless has released security updates to resolve multiple vulnerabilities in AirLink Router with ALEOS Software. The affected products are Airlink Router (ES450, GX450) running ALEOS software versions 4.9.7 and prior and Airlink Router (MP70, RV50, RV50x, RV55, LX 40, LX60) running ALEOS software versions prior to 4.16.0.
CVE ID: CVE-2022-46649, CVE-2022-46650
Snap One has released a security update to resolve multiple vulnerabilities in Wattbox WB-300-IP -3 equipment. The affected products are Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior.
CVE ID: CVE-2023-24020, CVE-2023-23582, CVE-2023-22389, CVE-2023-22315
An improper access control and use of weak hash vulnerabilities have been discovered in Econolite equipment EOS all versions. The mitigations are available.
CVE ID: CVE-2023-0451, CVE-2023-0452
CODESYS has released security updates to address an Improper Validation of Consistency within Input vulnerability in CODESYS Control V3 communication server. An authenticated attacker can send a manipulated packet to the PLC and configure an invalid node name to block consecutive logins by node name over the CODESYS communication protocol.
CVE ID: CVE-2022-22508 (Medium)
ISC has released security updates to address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-3094 (High), CVE-2022-3488 (High), CVE-2022-3736 (High), CVE-2022-3924 (High)
NVIDIA has released security updates to resolve a vulnerability in NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, and Jetson AGX Orin series in the NVIDIA JetPack software development kit (SDK) that can lead to escalation of privileges, compromised data integrity and confidentiality, and denial of service.
CVE ID: CVE-2022-42270 (High)
An improper restriction of XML external entity reference (XXE) vulnerability has been discovered in OMRON CX-Motion Pro. The affected versions are OMRON CX-Motion Pro 1.4.6.013 and earlier.
CVE ID: CVE-2023-22322 (Medium)
A directory traversal vulnerability has been discovered in pgAdmin 4. The affected versions are pgAdmin 4 versions prior to v6.19.
CVE ID: CVE-2023-0241 (Low)
A Cross-Site Scripting (XSS) vulnerability has been discovered in EasyMail. The affected versions are EasyMail 2.00.130 and earlier.
CVE ID: CVE-2023-22333 (Medium)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Google has released Beta channel OS version 15278.41.0 Browser version 110.0.5464.46 for most ChromeOS devices, Extended Stable channel 108.0.5359.215 for Windows and Mac, Dev channel OS version 15320.0.0 Browser version 111.0.5544.0 for most ChromeOS devices, Chrome 109 (109.0.5414.117/.118) for Android, Chrome Stable 109 (109.0.5414.112) for iOS and Stable channel 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2023-0471 (High), CVE-2023-0472 (High), CVE-2023-0473 (Medium), CVE-2023-0474 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities such as relative path traversal and uncontrolled search path element have been discovered in XINJE's Equipment- XINJE XD Programing Tool that allow to write arbitrary project files to a Programmable Logic Controller (PLC) and gain code execution privileges. The affected versions are XINJE XD 3.5.1 and prior.
CVE ID: CVE-2021-34605 (High), CVE-2021-34606 (High)
A weak encoding for password vulnerability has been discovered in SOCOMEC's Equipment- MODULYS GP. Successful exploitation can allow to obtain sensitive information on the target system. The affected version is SOCOMEC MODULYS GP Netvision v7.20.
CVE ID: CVE-2023-0356 (Medium)
Ubuntu has released security updates to address a vulnerability in Exuberant ctags that leads to arbitary command execution. The affected products are Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
CVE ID: CVE-2022-4515 (High)
Multiple vulnerabilities have been discovered in Material Design Icons for Page Builders Plugin, Ultimate Addons for Beaver Builder plugin, Stripe Payments For WooCommerce plugin, Customer Reviews for WooCommerce plugin, decode-uri-component plugin, and Parsi Date plugin for WordPress. The security patches are available.
CVE ID: CVE-2023-0080 (High), CVE-2022-38900 (High)
An information disclosure vulnerability has been discovered in watchdog function of Pgpool-II. The affected versions are 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series.
CVE ID: CVE-2023-22332 (Medium)
Apple has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected device.
CVE ID: CVE-2023-23496, CVE-2023-23518, CVE-2023-23517, CVE-2022-42856, CVE-2023-23499, CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35260, CVE-2022-35252, CVE-2023-23513, CVE-2023-23493, CVE-2022-32915, CVE-2023-23507, CVE-2023-23504, CVE-2023-23502, CVE-2023-23497, CVE-2023-23505, CVE-2023-23511, CVE-2023-23508
Debian has released security updates to resolve multiple vulnerabilities in trafficserver. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2021-37150 (High), CVE-2022-25763 (High), CVE-2022-28129 (High), CVE-2022-31780 (High)
SQL injection vulnerability has been discovered in CONPROSYS HMI System (CHS) Web HMI/SCADA software. The affected versions are CONPROSYS HMI System Ver.3.5.0 and earlier.
CVE ID: CVE-2023-22324 (Medium)
Multiple Cross-Site Request Forgery vulnerabilities have been discovered in My Calendar plugin, and Pods plugin for WordPress. The affected versions are My Calendar plugin versions up to, and including, 3.4.3, and Pods plugin versions up to, and including, 2.9.10.2. The security patches are available.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released security updates to resolve several vulnerabilities in Tag Image File Format (TIFF) that leads to denial of service (DoS) and possibly local code execution. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-1354 (Medium), CVE-2022-1355 (Medium), CVE-2022-2056 (Medium), CVE-2022-2057 (Medium), CVE-2022-2058 (Medium), CVE-2022-2867 (Medium), CVE-2022-2868 (Medium), CVE-2022-2869 (Medium), CVE-2022-3570 (Medium), CVE-2022-3597 (Medium), CVE-2022-3598 (Medium), CVE-2022-3599 (Medium), CVE-2022-3626 (Medium), CVE-2022-3627 (Medium), CVE-2022-3970 (High), CVE-2022-34526 (Medium)
SonicWall has released security update to address a Pre-authentication path traversal vulnerability in SMA1000 firmware, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. The affected version is SMA1000 firmware 12.4.2.
CVE ID: CVE-2023-0126 (High)
Ubuntu has released security updates to address several vulnerabilities in multiple products. The affected products are Ubuntu 20.04 LTS, Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
Google has released Beta channel OS version: 15278.36.0 Browser version: 110.0.5464.41 for most ChromeOS devices, dev channel 111.0.5545.3 for Windows, Mac and 111.0.5545.6 for Linux, and Chrome Dev 111 (111.0.5544.3) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in WP Helper Premium plugin, GiveWP plugin, WP eBay Product Feeds plugin, Interactive Polish Map plugin, and Contact Form 7 Dynamic Text Extension plugin for WordPress. The security patches are available.
CVE ID: CVE-2022-4448 (Medium)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 102.7. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-46871 (High), CVE-2023-23598 (High), CVE-2023-23599 (Medium), CVE-2023-23601 (Medium), CVE-2023-23602 (Medium), CVE-2023-23603 (Low), CVE-2022-46877 (Low), CVE-2023-23605 (High)
Multiple vulnerabilities have been discovered in several plugins for WordPress. The security patches are available.
CVE ID: CVE-2023-0385 (Medium), CVE-2023-0333 (Medium)
Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products.
CVE ID: CVE-2023-20010 (High), CVE-2023-20057 (Medium)
Wireshark has released security updates to address multiple vulnerabilities in several products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Huawei has released security updates to address system command injection, misinterpretation of input, and insufficient authentication vulnerabilities in its products.
CVE ID: CVE-2022-48255 (Critical), CVE-2022-48230 (High), CVE-2022-48254 (Medium)
Stack based buffer overflow, and authentication bypass vulnerabilities have been discovered in Netcomm routers. The affected versions are Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035.
CVE ID: CVE-2022-4873, CVE-2022-4874
Side-channel attack, and buffer overflow vulnerabilities have been discovered in TP-Link routers. The affected versions are TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01.
CVE ID: CVE-2022-4498, CVE-2022-4499
GE Digital has released security updates to address multiple vulnerabilities in its equipment- Proficy Historian. Successful exploitation of these vulnerabilities can crash the device after access, cause a buffer overflow condition, and allow remote code execution. The affected versions are Proficy Historian v7.0 and higher versions.
CVE ID: CVE-2022-46732 (Critical), CVE-2022-46660 (High), CVE-2022-43494 (High), CVE-2022-46331 (High), CVE-2022-38469 (High)
Oracle has released its critical patch update for January 2023 to address 327 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
GitLab has released updated versions 15.7.5, 15.6.6, and 15.5.9 for GitLab Community Edition (CE) and Enterprise Edition (EE).
CVE ID: CVE-2022-41903 (Critical), CVE-2022-23521 (Critical)
An authorization bypass vulnerability has been discovered in the WEB server function of Mitsubishi Electric's MELSEC iQ-F/iQ-R Series. An unauthenticated remote attacker can access the WEB server function by guessing the random numbers used for authentication from several used random numbers. Security updates are available for MELSEC iQ-F Series.
CVE ID: CVE-2022-40267 (Medium)
Zyxel has released security update to address cleartext storage of WiFi credentials and improper FTP symbolic links vulnerabilities in AX7501-B0 CPE.
CVE ID: CVE-2022-45439, CVE-2022-45440 (Medium)
Batloader malware arrives via malicious websites that impersonate legitimate software or applications. Victims can be redirected to these websites via malvertising techniques and fake comments on forums containing links that lead to Batloader distribution websites. Based on investigation by researchers, it has been determined that Batloader impersonates a slew of legitimate software and application websites in its campaign.
Collne Inc. has released security updates to address a directory traversal vulnerability in Welcart e-Commerce. The affected versions are Welcart e-Commerce 2.6.0 to 2.8.5.
CVE ID: CVE-2022-4140 (High)
Dell has released security updates to address Certificate Revocation, and Client Desync Attack vulnerability in Dell Cloud Mobility, and Dell PowerVault ME5 respectively. The affected products are Cloud Mobility for Dell Storage versions 1.3.3.X and earlier, Dell PowerVault ME5012 versions before ME5.1.1.0.5, Dell PowerVault ME5024 versions before ME5.1.1.0.5, and Dell PowerVault ME5084 versions before ME5.1.1.0.5.
CVE ID: CVE-2023-23691 (High), CVE-2023-23690 (High)
Apache has released security update to address multiple vulnerabilities in Apache HTTP Server. The affected versions are Apache HTTP Server 2.4.54 and earlier.
CVE ID: CVE-2006-20001, CVE-2022-36760, CVE-2022-37436
Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR 102.7 and Firefox 109. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-46871 (High), CVE-2023-23598 (High), CVE-2023-23599 (Medium), CVE-2023-23601 (Medium), CVE-2023-23602 (Medium), CVE-2023-23603 (Low), CVE-2022-46877 (Low), CVE-2023-23605 (High), CVE-2023-23597 (High), CVE-2023-23600 (Medium), CVE-2023-23604 (Low), CVE-2023-23606 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Skyhigh has released security updates to address a Cross-site Scripting vulnerability in Secure Web Gateway (SWG). The affected versions are SWG 12.0.0 and earlier, SWG 11.2.5 and earlier, and SWG 10.2.16 and earlier.
CVE ID: CVE-2023-0214 (Medium)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Debian has released security updates to resolve several vulnerabilities in node-minimatch, and net-snmp. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2022-3517 (High), CVE-2022-44792 (Medium), CVE-2022-44793 (Medium)
Multiple vulnerabilities have been discovered in Freesoul Deactivate Plugins, Custom 404 Pro plugin, and Launchpad plugin for WordPress. The affected versions are Freesoul Deactivate Plugins 1.9.4.0 and below, Custom 404 Pro plugin 3.7.0 and below, and Launchpad plugin 1.0.13 and below. Security patches are available for Freesoul Deactivate Plugins, and Custom 404 Pro plugin.
Google has released Stable channel 109.0.5414.94 (Platform version: 15236.66.0) for most ChromeOS devices.
CVE ID: CVE-2023-0128 (High), CVE-2023-0137 (Medium)
ASUS has released security updates to address multiple vulnerabilities in ASUS ASMB9-iKVM and ASMB10-iKVM.
CVE ID: CVE-2022-40259 (Critical), CVE-2022-40242 (Critical), CVE-2022-2827 (High)
Ubuntu has released security updates to address multiple vulnerabilities in Linux kernel. An attacker can exploit these vulnerabilities to take control of an affected system. The affected products are Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, Ubuntu 14.04 ESM, Ubuntu 22.10, and Ubuntu 22.04 LTS.
CVE ID: CVE-2022-42896 (High), CVE-2022-43945 (High), CVE-2022-45934 (High), CVE-2022-3643 (Critical), CVE-2022-4378 (High)
A vulnerability has been discovered in the web-based management (WBM) of WAGOs programmable logic controller (PLC) that can allow an unauthenticated remote attacker to retrieve sensitive information.
CVE ID: CVE-2022-3738 (Medium)
Multiple potential product security bypass vulnerabilities have been discovered in McAfee Application and Change Control (ACC). The affected versions are ACC prior to version 8.3.4. It is recommended to install or update to ACC 8.3.4.
CVE ID: CVE-2021-31833 (High), CVE-2023-0221 (Medium)
Multiple vulnerabilities have been discovered in PIX-RT100. The affected versions are PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101. Updates are available.
CVE ID: CVE-2023-22304 (High), CVE-2023-22316 (High)
Multiple vulnerabilities have been discovered in RONDS' equipment- Equipment Predictive Maintenance (EPM). Successful exploitation of these vulnerabilities can allow an unauthorized user to leak login credentials and download files. The affected version is RONDS EPM v1.19.5.
CVE ID: CVE-2022-3091 (High), CVE-2022-2893 (High)
Cross-Site Request Forgery (CSRF) vulnerability has been discovered in Panasonic's equipment- Sanyo CCTV Network Camera. Successful exploitation of this vulnerability can allow attackers to perform actions via HTTP without validity checks. The affected versions are VCC-HD5600P 2.03-06, VDC-HD3300P 2.03-08, VDC-HD3300P 1.02-05, VCC-HD3300 2.03-02, VDC-HD3100P 2.03-00, and VCC-HD2100P 2.03-02.
CVE ID: CVE-2022-4621 (High)
Insufficiently Protected Credentials vulnerability has been discovered in Johnson Controls' equipment- Metasys ADS/ADX/OAS Servers. All versions of Metasys ADS/ADX/OAS 10 and 11 are affected.
CVE ID: CVE-2021-36204 (High)
Google has released Chrome Beta 110 (110.0.5481.32) for iOS, Beta channel OS version: 15278.29.0 Browser version: 110.0.5464.32 for most ChromeOS devices, dev channel 111.0.5532.2 for Windows, Linux and Mac, Chrome Dev 111 (111.0.5531.3) for Android, Chrome 110.0.5481.30 Beta channel for Windows, Mac and Linux, and Chrome Beta 110 (110.0.5481.29) for Android.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Microsoft has released Microsoft Edge Stable Channel (Version 109.0.1518.49) to resolve multiple vulnerabilities.
CVE ID: CVE-2023-21775 (High), CVE-2023-21796 (High)
Multiple vulnerabilities have been discovered in Sewio's equipment- RTLS Studio.The affected versions are RTLS Studio 2.0.0 up to and including version 2.6.2. Security updates/mitigations are available.
CVE ID: CVE-2022-45444 (Critical), CVE-2022-47911 (Critical), CVE-2022-43483 (Critical), CVE-2022-41989 (Critical), CVE-2022-45127 (High), CVE-2022-47395 (High), CVE-2022-47917 (Medium), CVE-2022-46733 (Medium), CVE-2022-43455 (Medium)
Multiple vulnerabilities have been discovered in InHand Networks' equipment- InRouter302, InRouter615.The affected versions are all versions of InRouter 302 prior to IR302 V3.5.56, and all versions of InRouter 615 prior to InRouter6XX-S-V2.3.0.r5542.
CVE ID: CVE-2022-22597 (Medium), CVE-2022-22598 (High), CVE-2022-22599 (High), CVE-2022-22600 (Critical), CVE-2022-22601 (Medium)
It has been discovered that a vulnerability in the login/index.php of Control Web Panel 7 (CWP7) or CentOS Web Panel 7 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. The affected versions are Control Web Panel 7 before 0.9.8.1147.
CVE ID: CVE-2022-44877 (Critical)
GitLab has released Community Edition and Enterprise Edition version 15.7.3 to resolve a number of regressions and bugs in the 15.7 release and prior versions.
Debian has released security updates to resolve several vulnerabilities in viewvc, and exiv2. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-22456 (Medium), CVE-2023-22464 (Medium)
Dell has released security updates to address multiple vulnerabilities in several Dell products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Multiple vulnerabilities have been discovered in several Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system. Updates are available for some products. Cisco Small Business RV016, RV042, RV042G, and RV082 Routers have entered the end-of-life process.
CVE ID: CVE-2023-20025 (Critical), CVE-2023-20026 (Medium), CVE-2023-20018 (High), CVE-2023-20037 (Medium), CVE-2023-20038 (High), CVE-2023-20020 (High), CVE-2023-20007 (Medium), CVE-2023-20045 (Medium), CVE-2023-20040 (Medium), CVE-2023-20047 (Medium), CVE-2023-20058 (Medium), CVE-2023-20019 (Medium), CVE-2023-20002 (Medium), CVE-2023-20008 (Medium), CVE-2023-20043 (Medium), CVE-2023-20044 (Medium)
Multiple vulnerabilities have been discovered in NEC Corporation software's EXPRESSCLUSTER X that may allow overwriting of the existing files on the system, which results in arbitrary code execution. Security updates and workarounds are available.
CVE ID: CVE-2022-34822 (Critical), CVE-2022-34823 (Critical), CVE-2022-34824 (Critical), CVE-2022-34825 (Critical)
Mahoroba Kobo has released security updates to address multiple vulnerabilities in MAHO-PBX NetDevancer series. The affected products are MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00.
CVE ID: CVE-2023-22279 (Critical), CVE-2023-22280 (High), CVE-2023-22286 (Medium), CVE-2023-22296 (Medium)
pgAdmin has released a security update to address an open redirect vulnerability in pgAdmin 4. The affected versions are pgAdmin 4 versions prior to v6.14.
CVE ID: CVE-2023-22298 (Medium)
Ubuntu has released security updates to address a stack-based buffer overflow vulnerability in linux-oem-5.17 & linux-oem-6.0 packages that can cause a Denial of Service (DoS) or execute arbitrary code. The affected product is Ubuntu 22.04 LTS.
CVE ID: CVE-2022-4378
Moxa has released security updates to resolve an use of hard-coded credentials vulnerability in Moxa TN-4900 Series that may allow to gain privileges if an embedded credential is used. The affected versions are TN-4900 Series Firmware v1.1 or lower.
CVE ID: CVE-2008-1160
Zyxel has released security updates to address multiple vulnerabilities in its products.
CVE ID: CVE-2022-43389 (High), CVE-2022-43390 (Medium), CVE-2022-43391 (High), CVE-2022-43392 (High), CVE-2022-43393 (High)
SAP has released security updates to address several vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-0016 (Critical), CVE-2023-0022 (Critical), CVE-2022-41272 (Critical), CVE-2022-41203 (Critical), CVE-2022-41271 (Critical), CVE-2023-0017 (Critical), CVE-2023-0014 (Critical), CVE-2023-0012 (Medium), CVE-2023-0013 (Medium), CVE-2023-0018 (Medium), CVE-2023-0015 (Medium), CVE-2023-0023 (Medium)
National Cyber Security Centre (NCSC), United Kingdom has released guidance to administer organisation's cloud services using Managed Service Providers (MSPs).
NVIDIA has released security updates to resolve a vulnerability in NVIDIA Omniverse Kit affecting several software products that can lead to code execution, information disclosure, data tampering, and Denial of Service (DoS).
CVE ID: CVE-2022-42268 (High)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2022-36323 (Critical), CVE-2022-36324 (High), CVE-2022-36325 (Medium), CVE-2022-46823 (Critical), CVE-2022-2068 (Critical), CVE-2022-2097 (Medium), CVE-2022-2274 (Critical), CVE-2022-32212 (High), CVE-2022-35256 (Critical), CVE-2022-45092 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe Acrobat and Reader, Adobe InDesign, Adobe InCopy and Adobe Dimension. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Black Box has released security updates to address a path traversal vulnerability in its equipment- KVM Switches and Extenders that can allow to read sensitive data on the built-in web servers of the affected devices. The affected products are Black Box KVM ACR1000A-R-R2, Black Box KVM ACR1000A-T-R2, Black Box KVM ACR1002A-T, Black Box KVM ACR1002A-R and Black Box KVM ACR1020A-T of Firmware version v3.4.31307.
CVE ID: CVE-2022-4636 (High)
Intel has released security updates to resolve escalation of privilege vulnerability in Intel® oneAPI Toolkits. The affected products are Intel® oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel® C++ Compiler Classic before version 2021.8.
CVE ID: CVE-2022-40196 (High), CVE-2022-38136 (Medium), CVE-2022-41342 (Medium)
AMD has released security updates to address multiple vulnerabilities in AMD Secure Processor (ASP), AMD System Management Unit (SMU), and other platform components.
CVE ID: CVE-2021-26316 (High), CVE-2021-26346 (Medium), CVE-2021-46795 (Low)
Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Red Hat has released security updates to address multiple vulnerabilities in OpenShift Developer Tools and Services. The affected versions are OpenShift Developer Tools and Services 4.9 x86_64, OpenShift Developer Tools and Services 4.9 s390x, OpenShift Developer Tools and Services 4.9 ppc64le, and OpenShift Developer Tools and Services 4.9 aarch64.
Digital Arts Inc. has released security updates to address an improper authentication vulnerability in m-FILTER. The affected versions are m-FILTER prior to Ver.5.70R01 (Ver.5 Series), and m-FILTER prior to Ver.4.87R04 (Ver.4 Series).
CVE ID: CVE-2023-22278 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in several Zoom products. The affected products are Zoom Rooms for Windows installers before version 5.13.0, Zoom Rooms for Windows clients before version 5.12.7, Zoom for Android clients before version 5.13.0, Zoom Rooms for macOS clients before version 5.11.3, and Zoom Rooms for macOS before version 5.11.4.
CVE ID: CVE-2022-36930 (High), CVE-2022-36929 (High), CVE-2022-36928 (Medium), CVE-2022-36926 (High), CVE-2022-36927 (High), CVE-2022-36925 (Medium)
Synology has released security updates to address multiple vulnerabilities in Synology Router Manager (SRM) that allows remote attackers to execute arbitrary commands, conduct Denial of Service (DoS) attacks, or read arbitrary files. The affected versions are SRM 1.3, and SRM 1.2.
CVE ID: CVE-2022-43932 (High), CVE-2023-0077 (Medium)
Ruby-git has released security update to address multiple code injection vulnerabilities in ruby-git. The affected versions are ruby-git prior to v1.13.0
CVE ID: CVE-2022-46648 (Medium), CVE-2022-47318 (Medium)
Ubuntu has released security updates to address several vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
Google has released Stable channel 108.0.5359.172 (Platform version: 15183.78.0) for most ChromeOS devices, LTC-108 108.0.5359.111 (Platform Version: 15183.69.0) for most ChromeOS devices, Dev channel 110.0.5481.24 for Windows, Linux & Mac, Chrome Dev 110 (110.0.5481.23) for Android and LTS channel 102.0.5005.194 (Platform Version: 14695.173.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2022-4437 (High), CVE-2022-4436 (High), CVE-2022-42720 (High), CVE-2022-41674 (High), CVE-2022-42719 (High)
GitLab has released Community Edition and Enterprise Edition version 15.7.1 to resolve a number of regressions and bugs in the15.7 release and prior versions.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Dell has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
Ubuntu has released security updates to address multiple vulnerabilities in the FreeRADIUS package, that can cause Denial of Service (DoS) . The affected products are Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 ESM.
CVE ID: CVE-2019-17185 (High), CVE-2022-41860, CVE-2022-41861
Google has released Dev channel OS version: 15278.21.0, Browser version: 110.0.5464.21 for most ChromeOS devices, Chrome Beta 109 (109.0.5414.80) for Android, Chrome Beta 110 (110.0.5481.22) for iOS, and Beta channel 109.0.5414.74 for Windows, Mac and Linux.
Synology has released security updates to address an arbitrary command execution vulnerability in Synology VPN Plus Server. The affected versions are VPN Plus Server for SRM 1.3, and VPN Plus Server for SRM 1.2.
CVE ID: CVE-2022-43931 (Critical)
Juniper has released security updates to address multiple vulnerabilities in third party software used in Juniper Networks Cloud Native Contrail Networking. The affected versions are Juniper Networks Cloud Native Contrail Networking after R22.1 and prior to R22.3.
CVE ID: CVE-2007-6755 (Medium), CVE-2019-1543 (High), CVE-2019-1551 (Medium), CVE-2020-28469 (High), CVE-2021-23840 (High), CVE-2021-3712 (High), CVE-2021-3765 (High)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2023-01-05 or later, address all of these issues.
Ubuntu has released security updates to address Denial of Service (DoS) or possibly execute arbitrary code vulnerability in usbredir package. The affected products are Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
CVE ID: CVE-2021-3700 (Medium)
Multiple vulnerabilities have been discovered in several Fortinet products. Security updates are available.
CVE ID: CVE-2022-39947 (High), CVE-2022-45857 (Medium), CVE-2022-41336 (Medium), CVE-2022-35845 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Dell has released security updates to address multiple vulnerabilities in third-party components that affect Dell PowerStore Family. The affected products are Dell PowerStore T operating system and PowerStore X operating system.
CVE ID: CVE-2021-41303 (Critical), CVE-2022-25315 (Critical), CVE-2016-10745 (High), CVE-2021-31535 (Critical), CVE-2021-43527 (Critical), CVE-2021-3712 (High), CVE-2020-14343 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
