CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: August 16, 2024. 11:01:01 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2013-6371 | The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. | September 25, 2023. 02:30:00 | [secunia.com][bugzilla.redhat.com] |
| CVE-2022-42965 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method | September 25, 2023. 02:29:00 | [research.jfrog.com] |
| CVE-2022-32190 | JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. | September 25, 2023. 02:29:00 | [go.dev][groups.google.com] |
| CVE-2019-9017 | DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name. | September 25, 2023. 02:29:00 | [www.binaryworld.it][www.exploit-db.com] |
| CVE-2022-3962 | A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed. | September 25, 2023. 01:35:00 | [bugzilla.redhat.com][access.redhat.com] |
| CVE-2023-41874 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions. | September 25, 2023. 01:35:00 | [patchstack.com] |
| CVE-2023-41948 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions. | September 25, 2023. 01:35:00 | [patchstack.com] |
| CVE-2023-41949 | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions. | September 25, 2023. 01:35:00 | [patchstack.com] |
| CVE-2020-21047 | The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks. | September 23, 2023. 20:15:00 | [sourceware.org][sourceware.org] |
| CVE-2023-42261 | ** DISPUTED ** Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server. | September 23, 2023. 04:15:00 | [github.com][github.com] |
| CVE-2023-41027 | Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint. | September 23, 2023. 03:46:00 | [blog.exodusintel.com] |
| CVE-2023-41029 | Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint. | September 23, 2023. 03:46:00 | [blog.exodusintel.com] |
| CVE-2023-41031 | Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint. | September 23, 2023. 03:46:00 | [blog.exodusintel.com] |
| CVE-2023-43129 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters. | September 23, 2023. 03:46:00 | [github.com][www.dlink.com.cn] |
| CVE-2023-43130 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. | September 23, 2023. 03:46:00 | [github.com][www.dlink.com.cn] |
| CVE-2023-43338 | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. | September 23, 2023. 03:46:00 | [github.com] |
| CVE-2023-43495 | Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter. | September 23, 2023. 03:45:00 | [www.jenkins.io][www.openwall.com] |
| CVE-2023-43496 | Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. | September 23, 2023. 03:45:00 | [www.jenkins.io][www.openwall.com] |
| CVE-2023-43497 | In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. | September 23, 2023. 03:45:00 | [www.jenkins.io][www.openwall.com] |
| CVE-2023-43498 | In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. | September 23, 2023. 03:45:00 | [www.jenkins.io][www.openwall.com] |
Page 784 of 1338
