Search Results (366291 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43783 1 Linuxfoundation 1 Backstage 2025-01-03 8.5 High
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the injected file however, unless the template is also crafted in a specific way that gives control of the file contents. This vulnerability is fixed in version `0.15.14` of the `@backstage/plugin-scaffolder-backend`. This attack is mitigated by restricting access and requiring reviews when registering or modifying scaffolder templates.
CVE-2024-45816 2 Linuxfoundation, Redhat 2 Backstage, Rhdh 2025-01-03 6.5 Medium
Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-46976 2 Linuxfoundation, Redhat 2 Backstage, Rhdh 2025-01-03 6.5 Medium
Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-0431 1 File Away Project 1 File Away 2025-01-03 5.4 Medium
The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
CVE-2023-2398 1 Icegram 1 Icegram Engage 2025-01-03 6.1 Medium
The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-2568 1 Ays-pro 1 Photo Gallery 2025-01-03 6.1 Medium
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2022-36331 1 Westerndigital 24 My Cloud, My Cloud Dl2100, My Cloud Dl2100 Firmware and 21 more 2025-01-03 10 Critical
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.
CVE-2024-49767 2 Palletsprojects, Redhat 3 Quart, Werkzeug, Openshift Ai 2025-01-03 7.5 High
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.
CVE-2023-38429 1 Linux 1 Linux Kernel 2025-01-03 9.8 Critical
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.
CVE-2017-18017 9 Arista, Canonical, Debian and 6 more 33 Eos, Ubuntu Linux, Debian Linux and 30 more 2025-01-03 9.8 Critical
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
CVE-2023-33568 1 Dolibarr 1 Dolibarr Erp\/crm 2025-01-03 7.5 High
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
CVE-2023-33620 1 Gl-inet 2 Gl-ar750s, Gl-ar750s Firmware 2025-01-03 5.9 Medium
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack.
CVE-2023-33621 1 Gl-inet 2 Gl-ar750s, Gl-ar750s Firmware 2025-01-03 5.9 Medium
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay.
CVE-2023-33695 1 Hutool 1 Hutool 2025-01-03 7.1 High
Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.
CVE-2023-33817 1 Digitaldruid 1 Hoteldruid 2025-01-03 8.8 High
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
CVE-2023-34537 1 Digitaldruid 1 Hoteldruid 2025-01-03 5.4 Medium
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
CVE-2023-34944 1 Chamilo 1 Chamilo Lms 2025-01-03 9.8 Critical
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVE-2023-34965 1 Sspanel-uim Project 1 Sspanel-uim 2025-01-03 5.3 Medium
SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information.
CVE-2023-3218 1 It-novum 1 Openitcockpit 2025-01-03 4.4 Medium
Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.
CVE-2023-3224 1 Nuxt 1 Nuxt 2025-01-03 9.8 Critical
Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.