Total
2256 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37462 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 10 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable. See the linked GHSA for instructions on testing an installation. This issue has been patched in XWiki 14.4.8, 14.10.4 and 15.0-rc-1. Users are advised to upgrade. The fix commit `d9c88ddc` can also be applied manually to the impacted document `SkinsCode.XWikiSkinsSheet` and users unable to upgrade are advised to manually patch their installations. | ||||
| CVE-2023-36830 | 1 Sqlfluff | 1 Sqlfluff | 2024-11-21 | 6.3 Medium |
| SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via macros. For many users who use SQLFluff in the context of an environment where all users already have fairly escalated privileges, this may not be an issue - however in larger user bases, or where SQLFluff is bundled into another tool where developers still wish to give users access to supply their on rule configuration, this may be an issue. The 2.1.2 release offers the ability for the `library_path` argument to be overwritten on the command line by using the `--library-path` option. This overrides any values provided in the config files and effectively prevents this route of attack for users which have access to the config file, but not to the scripts which call the SQLFluff CLI directly. A similar option is provided for the Python API, where users also have a greater ability to further customise or override configuration as necessary. Unless `library_path` is explicitly required, SQLFluff maintainers recommend using the option `--library-path none` when invoking SQLFluff which will disable the `library-path` option entirely regardless of the options set in the configuration file or via inline config directives. As a workaround, limiting access to - or otherwise validating configuration files before they are ingested by SQLFluff will provides a similar effect and does not require upgrade. | ||||
| CVE-2023-36260 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 7.5 High |
| An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about code provided by the Craft CMS product; it is only a report about the Feed Me plugin. NOTE: a third-party report states that commit b5d6ede51848349bd91bc95fec288b6793f15e28 has "nothing to do with security." | ||||
| CVE-2023-36250 | 1 Gnome | 1 Gnome-time Tracker | 2024-11-21 | 7.8 High |
| CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record. | ||||
| CVE-2023-36188 | 1 Langchain | 1 Langchain | 2024-11-21 | 9.8 Critical |
| An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. | ||||
| CVE-2023-35895 | 1 Ibm | 1 Informix Jdbc | 2024-11-21 | 6.3 Medium |
| IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116. | ||||
| CVE-2023-33242 | 1 Lindell17 Project | 1 Lindell17 | 2024-11-21 | 9.6 Critical |
| Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature. | ||||
| CVE-2023-33241 | 2 Gg18 Project, Gg20 Project | 2 Gg18, Gg20 | 2024-11-21 | 9.6 Critical |
| Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signatures or more fully exfiltrate the other parties' private key shares. | ||||
| CVE-2023-33234 | 1 Apache | 1 Airflow Cncf Kubernetes | 2024-11-21 | 7.2 High |
| Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner. Operators should upgrade to provider version 7.0.0 which has removed the vulnerability. | ||||
| CVE-2023-32786 | 1 Langchain | 1 Langchain | 2024-11-21 | 7.5 High |
| In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. | ||||
| CVE-2023-31209 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | 8.8 High |
| Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | ||||
| CVE-2023-31025 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | 6.5 Medium |
| NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure. | ||||
| CVE-2023-29050 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 7.6 High |
| The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known. | ||||
| CVE-2023-27533 | 5 Fedoraproject, Haxx, Netapp and 2 more | 15 Fedora, Curl, Active Iq Unified Manager and 12 more | 2024-11-21 | 8.8 High |
| A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. | ||||
| CVE-2023-26148 | 1 Ithewei | 1 Libhv | 2024-11-21 | 5.4 Medium |
| All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent. | ||||
| CVE-2023-26142 | 1 Crowcpp | 1 Crow | 2024-11-21 | 6.5 Medium |
| All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content. | ||||
| CVE-2023-26138 | 1 Drogon | 1 Drogon | 2024-11-21 | 5.4 Medium |
| All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent. | ||||
| CVE-2023-25613 | 1 Apache | 1 Identity Backend | 2024-11-21 | 9.8 Critical |
| An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. | ||||
| CVE-2023-24040 | 1 Opengroup | 1 Common Desktop Environment | 2024-11-21 | 7.1 High |
| dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-22522 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | 8.8 High |
| This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | ||||