Search Results (363437 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-29464 1 Rockwellautomation 1 Factorytalk Linx 2024-11-21 8.2 High
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.
CVE-2023-29453 1 Zabbix 1 Zabbix-agent2 2024-11-21 9.8 Critical
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template. Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.
CVE-2023-29452 1 Zabbix 1 Zabbix 2024-11-21 5.5 Medium
Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.
CVE-2023-29446 1 Ptc 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server 2024-11-21 4.7 Medium
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.
CVE-2023-29441 1 Deepsoft 1 Weblibrarian 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert Heller WebLibrarian plugin <= 3.5.8.1 versions.
CVE-2023-29438 1 Simplemodal Contact Form Project 1 Simplemodal Contact Form 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <= 1.2.9 versions.
CVE-2023-29437 1 Connections-pro 1 Connections Business Directory 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Steven A. Zahm Connections Business Directory plugin <= 10.4.36 versions.
CVE-2023-29436 1 Iframe Shortcode Project 1 Iframe Shortcode 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flyn San IFrame Shortcode plugin <= 1.0.5 versions.
CVE-2023-29435 1 Zwaply 1 Cryptocurrency All-in-one 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Zwaply Cryptocurrency All-in-One plugin <= 3.0.19 versions.
CVE-2023-29434 1 Fancythemes 1 Optin Forms 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin <= 1.3.1 versions.
CVE-2023-29430 1 Cththemes 1 Theroof 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof theme <= 1.0.3 versions.
CVE-2023-29427 1 Tms-outsource 1 Amelia 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions.
CVE-2023-29425 1 Plainware 1 Shiftcontroller 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.
CVE-2023-29424 1 Plainware 1 Shiftcontroller 2024-11-21 7.1 High
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plainware ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.
CVE-2023-29423 1 Piwebsolution 1 Cancel Order Request \/ Return Order \/ Repeat Order \/ Reorder For Woocommerce 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin <= 1.3.2 versions.
CVE-2023-29417 1 Bzip3 Project 1 Bzip3 2024-11-21 6.5 Medium
An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.
CVE-2023-29414 1 Schneider-electric 1 Accutech Manager 2024-11-21 7.8 High
A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call.
CVE-2023-29387 1 Juliencrego 1 Manager For Icomoon 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Julien Crego Manager for Icomoon plugin <= 2.0 versions.
CVE-2023-29382 1 Zimbra 1 Collaboration 2024-11-21 9.8 Critical
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
CVE-2023-29381 1 Zimbra 1 Collaboration 2024-11-21 9.8 Critical
An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.