ReportizFlow
Filtered by vendor
Subscriptions
Total
4091 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26436 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-11-21 | 7.1 High |
| Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processing the request. A check has been introduced to restrict processing of legal and expected classes for this API. We now log a warning in case there are attempts to inject illegal classes. No publicly available exploits are known. | ||||
| CVE-2023-26145 | 1 Derrickgilland | 1 Pydash | 2024-11-21 | 7.4 High |
| This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects. **Note:** The pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied: 1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible) 2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method) The pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function. | ||||
| CVE-2023-26119 | 1 Htmlunit | 1 Htmlunit | 2024-11-21 | 9.8 Critical |
| Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. | ||||
| CVE-2023-26107 | 1 Ebay | 1 Sketchsvg | 2024-11-21 | 6.9 Medium |
| All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string. | ||||
| CVE-2023-26060 | 1 Nokia | 1 Netact | 2024-11-21 | 6.8 Medium |
| An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | ||||
| CVE-2023-25953 | 1 Worksmobile | 1 Drive Explorer | 2024-11-21 | 9.8 Critical |
| Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges. | ||||
| CVE-2023-25910 | 1 Siemens | 3 Simatic Pcs 7, Simatic S7-pm, Simatic Step 7 | 2024-11-21 | 10 Critical |
| A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server. | ||||
| CVE-2023-25717 | 1 Ruckuswireless | 61 E510, H320, H350 and 58 more | 2024-11-21 | 9.8 Critical |
| Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. | ||||
| CVE-2023-25657 | 1 Networktocode | 1 Nautobot | 2024-11-21 | 7.5 High |
| Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no active exploits of this vulnerability are known this change has been made as a preventative measure to protect against any potential remote code execution attacks utilizing maliciously crafted template code. This change forces the Jinja2 template engine to use a `SandboxedEnvironment` on all new installations of Nautobot. This addresses any potential unsafe code execution everywhere the helper function `nautobot.utilities.utils.render_jinja2` is called. Additionally, the documentation that had previously suggesting the direct use of `jinja2.Template` has been revised to suggest `render_jinja2`. Users are advised to upgrade to Nautobot 1.5.7 or newer. For users that are unable to upgrade to the latest release of Nautobot, you may add the following setting to your `nautobot_config.py` to apply the sandbox environment enforcement: `TEMPLATES[1]["OPTIONS"]["environment"] = "jinja2.sandbox.SandboxedEnvironment"` After applying this change, you must restart all Nautobot services, including any Celery worker processes. **Note:** *Nautobot specifies two template engines by default, the first being “django” for the Django built-in template engine, and the second being “jinja” for the Jinja2 template engine. This recommended setting will update the second item in the list of template engines, which is the Jinja2 engine.* For users that are unable to immediately update their configuration such as if a Nautobot service restart is too disruptive to operations, access to provide custom Jinja2 template values may be mitigated using permissions to restrict “change” (write) actions to the affected object types listed in the first section. **Note:** *This solution is intended to be stopgap until you can successfully update your `nautobot_config.py` or upgrade your Nautobot instance to apply the sandboxed environment enforcement.* | ||||
| CVE-2023-25550 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-21 | 7.2 High |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | ||||
| CVE-2023-25549 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-21 | 7.2 High |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | ||||
| CVE-2023-25363 | 2 Redhat, Webkitgtk | 2 Enterprise Linux, Webkitgtk | 2024-11-21 | 8.8 High |
| A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | ||||
| CVE-2023-25362 | 2 Redhat, Webkitgtk | 2 Enterprise Linux, Webkitgtk | 2024-11-21 | 8.8 High |
| A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | ||||
| CVE-2023-25361 | 2 Redhat, Webkitgtk | 2 Enterprise Linux, Webkitgtk | 2024-11-21 | 8.8 High |
| A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | ||||
| CVE-2023-25360 | 2 Redhat, Webkitgtk | 2 Enterprise Linux, Webkitgtk | 2024-11-21 | 8.8 High |
| A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | ||||
| CVE-2023-25358 | 3 Fedoraproject, Redhat, Webkitgtk | 3 Fedora, Enterprise Linux, Webkitgtk | 2024-11-21 | 8.8 High |
| A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | ||||
| CVE-2023-25054 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6. | ||||
| CVE-2023-24835 | 1 Softnext | 1 Spam Sqr | 2024-11-21 | 7.2 High |
| Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service. | ||||
| CVE-2023-24805 | 4 Debian, Fedoraproject, Linuxfoundation and 1 more | 8 Debian Linux, Fedora, Cups-filters and 5 more | 2024-11-21 | 8.8 High |
| cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime. | ||||
| CVE-2023-24709 | 1 Paradox | 2 Ipr512, Ipr512 Firmware | 2024-11-21 | 7.5 High |
| An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters. | ||||