Total
1786 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33242 | 1 Lindell17 Project | 1 Lindell17 | 2023-08-25 | N/A | 8.1 HIGH |
| Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature. | |||||
| CVE-2022-24989 | 1 Terra-master | 30 F2-210, F2-221, F2-223 and 27 more | 2023-08-24 | N/A | 9.8 CRITICAL |
| TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used. | |||||
| CVE-2023-35810 | 1 Sugarcrm | 1 Sugarcrm | 2023-08-23 | N/A | 7.2 HIGH |
| An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing input validation. Admin user privileges are required to exploit this vulnerability. Editions other than Enterprise are also affected. | |||||
| CVE-2023-39662 | 1 Llamaindex Project | 1 Llamaindex | 2023-08-22 | N/A | 9.8 CRITICAL |
| An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function. | |||||
| CVE-2023-39659 | 1 Langchain | 1 Langchain | 2023-08-22 | N/A | 9.8 CRITICAL |
| An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. | |||||
| CVE-2023-39661 | 1 Gabrieleventuri | 1 Pandasai | 2023-08-22 | N/A | 9.8 CRITICAL |
| An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function. | |||||
| CVE-2023-38896 | 1 Langchain | 1 Langchain | 2023-08-22 | N/A | 9.8 CRITICAL |
| An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. | |||||
| CVE-2020-28848 | 1 Churchcrm | 1 Churchcrm | 2023-08-17 | N/A | 8.8 HIGH |
| CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. | |||||
| CVE-2020-3561 | 1 Cisco | 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Firepower Threat Defense | 2023-08-16 | 4.3 MEDIUM | 4.7 MEDIUM |
| A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to conduct a CRLF injection attack, adding arbitrary HTTP headers in the responses of the system and redirecting the user to arbitrary websites. | |||||
| CVE-2022-37242 | 1 Altn | 1 Security Gateway For Email Servers | 2023-08-08 | N/A | 9.8 CRITICAL |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. | |||||
| CVE-2022-22360 | 1 Ibm | 2 Partner Engagement Manager, Partner Engagement Manager On Cloud\/saas | 2023-08-08 | N/A | 8.8 HIGH |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782. | |||||
| CVE-2022-22344 | 1 Ibm | 1 Spectrum Copy Data Management | 2023-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038 | |||||
| CVE-2022-37240 | 1 Altn | 1 Security Gateway For Email Servers | 2023-08-08 | N/A | 9.8 CRITICAL |
| MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter. | |||||
| CVE-2022-26205 | 1 Marky Project | 1 Marky | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload. | |||||
| CVE-2021-31249 | 1 Chiyu-tech | 6 Bf-430, Bf-430 Firmware, Bf-431 and 3 more | 2023-08-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components. | |||||
| CVE-2022-34165 | 6 Apple, Hp, Ibm and 3 more | 9 Macos, Hp-ux, Aix and 6 more | 2023-08-08 | N/A | 5.4 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. | |||||
| CVE-2023-36210 | 1 Motocms | 1 Motocms | 2023-08-04 | N/A | 9.8 CRITICAL |
| MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter. | |||||
| CVE-2023-38609 | 1 Apple | 1 Macos | 2023-08-03 | N/A | 7.5 HIGH |
| An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2020-24275 | 1 Swoole | 1 Swoole | 2023-07-31 | N/A | 6.5 MEDIUM |
| A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL. | |||||
| CVE-2023-37473 | 1 Zenstruck | 1 Collection | 2023-07-31 | N/A | 8.8 HIGH |
| zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing _callable strings_ (ie `system`) caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit `f4b1c48820` and included in release version 0.2.1. Users are advised to upgrade. Users unable to upgrade should ensure that user input is not passed to either `EntityRepository::find()` or `query()`. | |||||