CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: October 3, 2023. 03:20:14 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-28372 | A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock. | October 2, 2023. 23:15:00 | [support.purestorage.com] |
| CVE-2023-31042 | A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols. | October 2, 2023. 23:15:00 | [support.purestorage.com] |
| CVE-2023-36627 | A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. | October 2, 2023. 23:15:00 | [support.purestorage.com] |
| CVE-2023-43980 | Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | October 2, 2023. 23:15:00 | [security.friendsofpresta.org][www.presto-changeo.com] |
| CVE-2023-43891 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. | October 2, 2023. 22:15:00 | [github.com] |
| CVE-2023-43892 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload. | October 2, 2023. 22:15:00 | [github.com] |
| CVE-2023-43893 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. | October 2, 2023. 22:15:00 | [github.com] |
| CVE-2023-44011 | An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. | October 2, 2023. 22:15:00 | [github.com] |
| CVE-2023-44012 | Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component. | October 2, 2023. 22:15:00 | [github.com] |
| CVE-2023-43267 | A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. | October 2, 2023. 21:15:00 | [gist.github.com][github.com] |
| CVE-2023-43268 | Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. | October 2, 2023. 21:15:00 | [github.com][hzya.anlu169.com] |
| CVE-2023-43297 | An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | October 2, 2023. 21:15:00 | [github.com] |
| CVE-2023-43361 | Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. | October 2, 2023. 21:15:00 | [github.com][github.com] |
| CVE-2023-43836 | There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | October 2, 2023. 21:15:00 | [gist.github.com][github.com] |
| CVE-2023-44008 | File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. | October 2, 2023. 21:15:00 | [github.com] |
| CVE-2023-44009 | File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function. | October 2, 2023. 21:15:00 | [www.mojoportal.com][github.com] |
| CVE-2023-44273 | Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval. | October 2, 2023. 21:06:00 | [github.com][github.com] |
| CVE-2023-38873 | The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both. | October 2, 2023. 20:48:00 | [github.com][www.economizzer.org] |
| CVE-2022-47187 | There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file. | October 2, 2023. 20:45:00 | [www.incibe-cert.es][www.generex.de] |
| CVE-2023-44080 | An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. | October 2, 2023. 20:30:00 | [gist.github.com][github.com] |
Page 1 of 623
