Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29518 | 1 Xwiki | 1 Xwiki | 2023-04-28 | N/A | 8.8 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Invitation.InvitationCommon`. This page is installed by default. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-29516 | 1 Xwiki | 1 Xwiki | 2023-04-28 | N/A | 8.8 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on `XWiki.AttachmentSelector` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping in the "Cancel and return to page" button. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-30547 | 1 Vm2 Project | 1 Vm2 | 2023-04-28 | N/A | 10.0 CRITICAL |
| vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade. | |||||
| CVE-2023-29526 | 1 Xwiki | 1 Xwiki | 2023-04-28 | N/A | 8.8 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be executed when viewed providing a code injection vector in the context of the running server. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-29383 | 1 Shadow Project | 1 Shadow | 2023-04-24 | N/A | 3.3 LOW |
| In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. | |||||
| CVE-2023-29374 | 1 Langchain | 1 Langchain | 2023-04-17 | N/A | 9.8 CRITICAL |
| In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. | |||||
| CVE-2023-26919 | 1 Javadelight | 1 Nashorn Sandbox | 2023-04-14 | N/A | 7.2 HIGH |
| delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process. | |||||
| CVE-2023-29389 | 1 Toyota | 2 Rav4, Rav4 Firmware | 2023-04-14 | N/A | 6.8 MEDIUM |
| Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated" messages via CAN Injection, as exploited in the wild in (for example) July 2022. | |||||
| CVE-2023-25616 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2023-04-11 | N/A | 8.8 HIGH |
| In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact the confidentiality, Integrity, and Availability of the system. | |||||
| CVE-2023-28637 | 1 Dataease | 1 Dataease | 2023-04-04 | N/A | 8.8 HIGH |
| DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerability has been fixed in v1.18.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-26493 | 1 Cocos | 1 Cocos-engine | 2023-04-03 | N/A | 8.8 HIGH |
| Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the `web-interface-check.yml` was subject to command injection. The `web-interface-check.yml` was triggered when a pull request was opened or updated and contained the user controllable field `(${{ github.head_ref }} – the name of the fork’s branch)`. This would allow an attacker to take over the GitHub Runner and run custom commands (potentially stealing secrets such as GITHUB_TOKEN) and altering the repository. The workflow has since been removed for the repository. There are no actions required of users. | |||||
| CVE-2022-34773 | 1 Tabit | 1 Tabit | 2023-03-28 | N/A | 9.8 CRITICAL |
| Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 – Injection. | |||||
| CVE-2022-35948 | 1 Nodejs | 1 Undici | 2023-03-28 | N/A | 5.3 MEDIUM |
| undici is an HTTP/1.1 client, written from scratch for Node.js.`=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. Example: ``` import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, }) ``` The above snippet will perform two requests in a single `request` API call: 1) `http://localhost:3000/` 2) `http://localhost:3000/foo2` This issue was patched in Undici v5.8.1. Sanitize input when sending content-type headers using user input as a workaround. | |||||
| CVE-2019-1680 | 1 Cisco | 2 Webex Business Suite, Webex Meetings Online | 2023-03-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user's browser. The attacker could use the content injection to conduct spoofing attacks. Versions prior than 3.0.9 are affected. | |||||
| CVE-2023-27040 | 1 Simple Image Gallery Web App Project | 1 Simple Image Gallery Web App | 2023-03-22 | N/A | 9.8 CRITICAL |
| Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the username parameter. | |||||
| CVE-2021-31402 | 1 Flutterchina | 1 Dio | 2023-03-22 | 5.0 MEDIUM | 7.5 HIGH |
| The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669. | |||||
| CVE-2023-26261 | 1 Ubikasec | 2 Waap Cloud, Waap Gateway | 2023-03-15 | N/A | 9.8 CRITICAL |
| In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15. | |||||
| CVE-2021-21303 | 1 Helm | 1 Helm | 2023-03-13 | 3.5 LOW | 6.8 MEDIUM |
| Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used "as is" without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data. | |||||
| CVE-2023-27635 | 1 Debian | 1 Debmany | 2023-03-13 | N/A | 7.8 HIGH |
| debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.) | |||||
| CVE-2022-42797 | 1 Apple | 1 Xcode | 2023-03-07 | N/A | 7.8 HIGH |
| An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges. | |||||