The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2007-5421 | ** REJECT ** Multiple stack-based buffer overflows in Cisco IOS 12.x and IOS XR allow attackers to execute arbitrary code, as demonstrated via the "Bind Shell", "Reverse Shell", and "Two byte rootshell (Tiny Shell)" attacks. NOTE: the vendor and researcher agree that this issue does not cross privilege boundaries, saying they do not "represent a vulnerability." The disclosure was intended to demonstrate techniques for exploitation, which is not covered by CVE. | REJECT | Dec 31, 2099 |
| CVE-2008-0188 | DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a Unchanged security issue. Notes: none. | REJECT | Dec 31, 2099 |
| CVE-2008-0189 | DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a Unchanged security issue. Notes: none. | REJECT | Dec 31, 2099 |
| CVE-2008-0886 | * REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-0882. Reason: This candidate is a duplicate of CVE-2008-0882. Notes: All CVE users should reference CVE-2008-0882 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | REJECT | Dec 31, 2099 |
| CVE-2008-0929 | DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | REJECT | Dec 31, 2099 |
| CVE-2008-6426 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6426. Reason: This candidate is a duplicate of CVE-2007-6426. Notes: All CVE users should reference CVE-2007-6426 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | REJECT | Dec 31, 2099 |
| CVE-2023-5992 | Marvin: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC | -- | Dec 1, 2023 |
| CVE-2023-49735 | ** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the \'tiles-test\' application shipped with Tiles. This issue affects Apache Tiles from version 2 onwards. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | -- | Nov 30, 2023 |
| CVE-2023-49733 | Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | -- | Nov 30, 2023 |
| CVE-2023-49701 | Memory Corruption in SIM management while USIMPhase2init | -- | Nov 30, 2023 |
| CVE-2023-49700 | Security best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large. | -- | Nov 30, 2023 |
| CVE-2023-49699 | Memory Corruption in IMS while calling VoLTE Streamingmedia Interface | -- | Nov 30, 2023 |
| CVE-2023-49694 | A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM. | -- | Nov 30, 2023 |
| CVE-2023-49693 | NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code. | -- | Nov 30, 2023 |
| CVE-2023-49620 | Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability | -- | Nov 30, 2023 |
| CVE-2023-49097 | ZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicious site in the email, the secret code can be retrieved and used to reset the users password and take over his account. Accounts with MFA or Passwordless enabled can not be taken over by this attack. This issue has been patched in versions 2.41.6, 2.40.10 and 2.39.9. | -- | Nov 30, 2023 |
| CVE-2023-49095 | nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2. | -- | Nov 30, 2023 |
| CVE-2023-49094 | Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if they have an account on Sentry instance. The issue has been fixed in the release 23.11.2. | -- | Nov 30, 2023 |
| CVE-2023-49087 | xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP\'s canonicalization function) manages to manipulate the canonicalized version\'s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13. | -- | Nov 30, 2023 |
| CVE-2023-49077 | Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can send a carefully crafted email containing malicious JavaScript code. This issue has been patched in version 2023-11. | -- | Nov 30, 2023 |
| CVE-2023-49076 | Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5. | -- | Nov 30, 2023 |
| CVE-2023-49052 | File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. | -- | Nov 30, 2023 |
| CVE-2023-48964 | Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. | -- | Nov 30, 2023 |
| CVE-2023-48963 | Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. | -- | Nov 30, 2023 |
| CVE-2023-48952 | An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 |
| CVE-2023-48951 | An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 |
| CVE-2023-48950 | An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 |
| CVE-2023-48949 | An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 |
| CVE-2023-48948 | An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 |
| CVE-2023-48947 | An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 |
| CVE-2023-48946 | An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | Nov 30, 2023 |
| CVE-2023-48914 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. | -- | Nov 30, 2023 |
| CVE-2023-48913 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete. | -- | Nov 30, 2023 |
| CVE-2023-48912 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. | -- | Nov 30, 2023 |
| CVE-2023-48894 | Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function. | -- | Nov 30, 2023 |
| CVE-2023-48812 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 |
| CVE-2023-48811 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 |
| CVE-2023-48810 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 |
| CVE-2023-48808 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 |
| CVE-2023-48807 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 |
| CVE-2023-48806 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 |
| CVE-2023-48805 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 |
| CVE-2023-48804 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 |
| CVE-2023-48803 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 |
| CVE-2023-48802 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | -- | Nov 30, 2023 |
| CVE-2023-48754 | Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6. | -- | Nov 30, 2023 |
| CVE-2023-48752 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms: from n/a through 1.25.9. | -- | Nov 30, 2023 |
| CVE-2023-48749 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Theme nectar Salient Core allows Stored XSS.This issue affects Salient Core: from n/a through 2.0.2. | -- | Nov 30, 2023 |
| CVE-2023-48748 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Theme nectar Salient Core allows Reflected XSS.This issue affects Salient Core: from n/a through 2.0.2. | -- | Nov 30, 2023 |
| CVE-2023-48746 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Reflected XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.6.0. | -- | Nov 30, 2023 |
