ReportizFlow
Filtered by vendor
Subscriptions
Total
4091 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39021 | 1 Wix | 1 Wix Embedded Mysql | 2024-11-21 | 9.8 Critical |
| wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument. | ||||
| CVE-2023-39020 | 1 Stanford | 1 Stanford Parser | 2024-11-21 | 9.8 Critical |
| stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument. | ||||
| CVE-2023-39017 | 1 Softwareag | 1 Quartz | 2024-11-21 | 9.8 Critical |
| quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur. | ||||
| CVE-2023-39016 | 1 Bbossgroups | 1 Bboss | 2024-11-21 | 9.8 Critical |
| bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument. | ||||
| CVE-2023-39015 | 1 Code4craft | 1 Webmagic | 2024-11-21 | 9.8 Critical |
| webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader. | ||||
| CVE-2023-39013 | 1 Larsga | 1 Duke | 2024-11-21 | 9.8 Critical |
| Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. | ||||
| CVE-2023-39010 | 1 Boofcv | 1 Boofcv | 2024-11-21 | 9.8 Critical |
| BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file. | ||||
| CVE-2023-38943 | 1 Shuize 0x727 Project | 1 Shuize 0x727 | 2024-11-21 | 8.8 High |
| ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. | ||||
| CVE-2023-38889 | 1 Alluxio | 1 Alluxio | 2024-11-21 | 9.8 Critical |
| An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). | ||||
| CVE-2023-38877 | 1 Economizzer | 1 Economizzer | 2024-11-21 | 8.8 High |
| A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords. | ||||
| CVE-2023-38860 | 1 Langchain | 1 Langchain | 2024-11-21 | 9.8 Critical |
| An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. | ||||
| CVE-2023-38576 | 2 Elecom, Logitec | 3 Lan-wh300n\/re, Lan-wh300n\/re Firmware, Lan-wh300n Re | 2024-11-21 | 8.0 High |
| Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. | ||||
| CVE-2023-38484 | 2 Arubanetworks, Hewlett Packard Enterprise | 6 9004, 9004-lte, 9012 and 3 more | 2024-11-21 | 8 High |
| Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise. | ||||
| CVE-2023-38408 | 3 Fedoraproject, Openbsd, Redhat | 9 Fedora, Openssh, Devworkspace and 6 more | 2024-11-21 | 9.8 Critical |
| The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | ||||
| CVE-2023-38198 | 1 Acme.sh Project | 1 Acme.sh | 2024-11-21 | 9.8 Critical |
| acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. | ||||
| CVE-2023-37914 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2024-11-21 | 9.9 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability. | ||||
| CVE-2023-37909 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 10 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed. | ||||
| CVE-2023-37659 | 1 Xalpha Project | 1 Xalpha | 2024-11-21 | 9.8 Critical |
| xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE). | ||||
| CVE-2023-37582 | 1 Apache | 1 Rocketmq | 2024-11-21 | 9.8 Critical |
| The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks. | ||||
| CVE-2023-37565 | 1 Elecom | 10 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167febk-s and 7 more | 2024-11-21 | 8.0 High |
| Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. | ||||