Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7076 | 1 Sudo Project | 1 Sudo | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. | |||||
| CVE-2023-45133 | 2 Babeljs, Debian | 9 Babel, Babel-helper-define-polyfill-provider, Babel-plugin-polyfill-corejs2 and 6 more | 2023-10-24 | N/A | 8.8 HIGH |
| Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3. | |||||
| CVE-2018-5968 | 4 Debian, Fasterxml, Netapp and 1 more | 10 Debian Linux, Jackson-databind, E-series Santricity Os Controller and 7 more | 2023-09-13 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. | |||||
| CVE-2023-3374 | 1 Bookreen | 1 Bookreen | 2023-09-08 | N/A | 9.8 CRITICAL |
| Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0. | |||||
| CVE-2023-40037 | 1 Apache | 1 Nifi | 2023-08-23 | N/A | 6.5 MEDIUM |
| Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation. | |||||
| CVE-2023-23844 | 1 Solarwinds | 1 Solarwinds Platform | 2023-08-03 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | |||||
| CVE-2023-2017 | 1 Shopware | 1 Shopware | 2023-04-28 | N/A | 8.8 HIGH |
| Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731. | |||||
| CVE-2018-16863 | 2 Artifex, Redhat | 7 Ghostscript, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-02-12 | 9.3 HIGH | 7.8 HIGH |
| It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7. | |||||
| CVE-2022-34888 | 1 Lenovo | 196 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 193 more | 2023-02-08 | N/A | 4.3 MEDIUM |
| The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect. | |||||
| CVE-2016-6189 | 1 Alinto | 1 Sogo | 2022-12-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. | |||||
| CVE-2022-32763 | 1 Lansweeper | 1 Lansweeper | 2022-12-19 | N/A | 6.1 MEDIUM |
| A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-35962 | 1 Zulip | 1 Zulip | 2022-09-07 | N/A | 5.7 MEDIUM |
| Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190. | |||||
| CVE-2022-38179 | 1 Jetbrains | 1 Ktor | 2022-08-16 | N/A | 6.1 MEDIUM |
| JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack | |||||
| CVE-2018-6383 | 1 Monstra | 1 Monstra | 2022-02-10 | 6.5 MEDIUM | 8.8 HIGH |
| Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048. | |||||
| CVE-2021-31370 | 1 Juniper | 15 Ex4600, Ex4600-vc, Ex4650 and 12 more | 2021-10-25 | 3.3 LOW | 6.5 MEDIUM |
| An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the network to be dropped. This will impact control protocols (including but not limited to routing-protocols) and lead to a Denial of Service (DoS). Continued receipt of this specific multicast traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX5000 and EX4600 Series: All versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. | |||||
| CVE-2021-25737 | 1 Kubernetes | 1 Kubernetes | 2021-10-07 | 4.9 MEDIUM | 4.8 MEDIUM |
| A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. | |||||
| CVE-2021-25631 | 1 Libreoffice | 1 Libreoffice | 2021-05-12 | 9.3 HIGH | 8.8 HIGH |
| In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type. | |||||
| CVE-2020-5253 | 1 Nethack | 1 Nethack | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. | |||||
| CVE-2017-7540 | 1 Safemode Project | 1 Safemode | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation. | |||||
| CVE-2017-2602 | 1 Jenkins | 1 Jenkins | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358). | |||||