Total
3676 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6395 | 2 Fedoraproject, Rpm-software-management | 3 Extra Packages For Enterprise Linux, Fedora, Mock | 2024-11-21 | N/A | 6.7 MEDIUM |
| The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server. | |||||
| CVE-2023-6288 | 2 Apple, Devolutions | 2 Macos, Remote Desktop Manager | 2024-11-21 | N/A | 7.8 HIGH |
| Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. | |||||
| CVE-2023-6051 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.7 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag. | |||||
| CVE-2023-5800 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2024-11-21 | N/A | 5.4 MEDIUM |
| Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-5677 | 1 Axis | 22 M3024-lve, M3024-lve Firmware, M3025-ve and 19 more | 2024-11-21 | N/A | 6.3 MEDIUM |
| Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-5623 | 1 Tenable | 1 Nessus Network Monitor | 2024-11-21 | N/A | 7.0 HIGH |
| NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location | |||||
| CVE-2023-5604 | 1 Asgaros | 1 Asgaros Forum | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution. | |||||
| CVE-2023-5540 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 4.7 MEDIUM |
| A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | |||||
| CVE-2023-5539 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 4.7 MEDIUM |
| A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | |||||
| CVE-2023-5512 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.8 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI. | |||||
| CVE-2023-5500 | 1 Frauscher | 1 Frauscher Diagnostic System 102 | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device. | |||||
| CVE-2023-5221 | 1 Foru Cms Project | 1 Foru Cms | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5044 | 1 Kubernetes | 1 Ingress-nginx | 2024-11-21 | N/A | 7.6 HIGH |
| Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | |||||
| CVE-2023-52251 | 1 Provectus | 1 Ui | 2024-11-21 | N/A | 8.8 HIGH |
| An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. | |||||
| CVE-2023-51820 | 1 Blurams | 2 Lumi Security Camera A31c, Lumi Security Camera A31c Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. | |||||
| CVE-2023-51801 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages. | |||||
| CVE-2023-51797 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame | |||||
| CVE-2023-51784 | 1 Apache | 1 Inlong | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329 | |||||
| CVE-2023-51770 | 2024-11-21 | N/A | N/A | ||
| Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. | |||||
| CVE-2023-51420 | 1 Soft8soft | 1 Verge3d | 2024-11-21 | N/A | 9.1 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | |||||