Total
21356 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-40400 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-09-28 | N/A | 9.8 CRITICAL |
This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution. | |||||
CVE-2022-48565 | 2 Debian, Python | 2 Debian Linux, Python | 2023-09-28 | N/A | 9.8 CRITICAL |
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | |||||
CVE-2020-25216 | 1 Yworks | 1 Yed | 2023-09-28 | 7.5 HIGH | 9.8 CRITICAL |
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet. | |||||
CVE-2020-9406 | 1 Iblsoft | 1 Online Weather | 2023-09-28 | 7.5 HIGH | 9.8 CRITICAL |
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. | |||||
CVE-2021-41326 | 1 Misp | 1 Misp | 2023-09-28 | 7.5 HIGH | 9.8 CRITICAL |
In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. | |||||
CVE-2020-25215 | 1 Yworks | 1 Yed | 2023-09-28 | 7.5 HIGH | 9.8 CRITICAL |
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. | |||||
CVE-2023-33934 | 1 Apache | 1 Traffic Server | 2023-09-28 | N/A | 9.1 CRITICAL |
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | |||||
CVE-2023-44154 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2023-09-28 | N/A | 9.1 CRITICAL |
Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | |||||
CVE-2022-29599 | 2 Apache, Debian | 2 Maven Shared Utils, Debian Linux | 2023-09-28 | 7.5 HIGH | 9.8 CRITICAL |
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | |||||
CVE-2023-3028 | 1 Hopechart | 2 Hqt401, Hqt401 Firmware | 2023-09-28 | N/A | 9.8 CRITICAL |
Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too. Multiple vulnerabilities were identified: - The MQTT backend does not require authentication, allowing unauthorized connections from an attacker. - The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend. - The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's location. - The backend can inject data into a vehicle´s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend. The confirmed version is 201808021036, however further versions have been also identified as potentially impacted. | |||||
CVE-2023-43632 | 1 Linuxfoundation | 1 Edge Virtualization Engine | 2023-09-28 | N/A | 9.9 CRITICAL |
As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication with this server is done using protobuf, and the data is comprised of 2 parts: 1. Header 2. Data When a connection is made, the server is waiting for 4 bytes of data, which will be the header, and these 4 bytes would be parsed as uint32 size of the actual data to come. Then, in the function “handleRequest” this size is then used in order to allocate a payload on the stack for the incoming data. As this payload is allocated on the stack, this will allow overflowing the stack size allocated for the relevant process with freely controlled data. * An attacker can crash the system. * An attacker can gain control over the system, specifically on the “vtpm_server” process which has very high privileges. | |||||
CVE-2023-39007 | 1 Opnsense | 1 Opnsense | 2023-09-28 | N/A | 9.6 CRITICAL |
/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. | |||||
CVE-2022-48337 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2023-09-28 | N/A | 9.8 CRITICAL |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
CVE-2023-44152 | 4 Acronis, Apple, Linux and 1 more | 4 Cyber Protect, Macos, Linux Kernel and 1 more | 2023-09-28 | N/A | 9.1 CRITICAL |
Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | |||||
CVE-2023-3767 | 1 Easyphp | 1 Webserver | 2023-09-27 | N/A | 9.8 CRITICAL |
An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter. | |||||
CVE-2023-44022 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2023-09-27 | N/A | 9.8 CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | |||||
CVE-2023-44023 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2023-09-27 | N/A | 9.8 CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | |||||
CVE-2023-44013 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2023-09-27 | N/A | 9.8 CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function. | |||||
CVE-2023-44019 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2023-09-27 | N/A | 9.8 CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function. | |||||
CVE-2023-44020 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2023-09-27 | N/A | 9.8 CRITICAL |
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. |