RiSec CyberAwareness Logo

CVEs Today

Latest Information on Common Vulnerabilities and Exposures (CVEs)

Last updated: October 3, 2023. 03:20:14 UTC

click on an item for more info;

ID Description Modified References
CVE-2023-28372 A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock. October 2, 2023. 23:15:00 [support.purestorage.com]
CVE-2023-31042 A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols. October 2, 2023. 23:15:00 [support.purestorage.com]
CVE-2023-36627 A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. October 2, 2023. 23:15:00 [support.purestorage.com]
CVE-2023-43980 Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. October 2, 2023. 23:15:00 [security.friendsofpresta.org][www.presto-changeo.com]
CVE-2023-43891 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. October 2, 2023. 22:15:00 [github.com]
CVE-2023-43892 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload. October 2, 2023. 22:15:00 [github.com]
CVE-2023-43893 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. October 2, 2023. 22:15:00 [github.com]
CVE-2023-44011 An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. October 2, 2023. 22:15:00 [github.com]
CVE-2023-44012 Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component. October 2, 2023. 22:15:00 [github.com]
CVE-2023-43267 A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. October 2, 2023. 21:15:00 [gist.github.com][github.com]
CVE-2023-43268 Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. October 2, 2023. 21:15:00 [github.com][hzya.anlu169.com]
CVE-2023-43297 An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. October 2, 2023. 21:15:00 [github.com]
CVE-2023-43361 Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. October 2, 2023. 21:15:00 [github.com][github.com]
CVE-2023-43836 There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information October 2, 2023. 21:15:00 [gist.github.com][github.com]
CVE-2023-44008 File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. October 2, 2023. 21:15:00 [github.com]
CVE-2023-44009 File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function. October 2, 2023. 21:15:00 [www.mojoportal.com][github.com]
CVE-2023-44273 Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval. October 2, 2023. 21:06:00 [github.com][github.com]
CVE-2023-38873 The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both. October 2, 2023. 20:48:00 [github.com][www.economizzer.org]
CVE-2022-47187 There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file. October 2, 2023. 20:45:00 [www.incibe-cert.es][www.generex.de]
CVE-2023-44080 An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. October 2, 2023. 20:30:00 [gist.github.com][github.com]


Page 1 of 623



Discord Invite
View Disclaimer
Powered by NameCheap