CVE-2023-34834

A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint.

Source: CVE-2023-34834

CVE-2023-34831

The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form ("id" and "title" HTTP POST parameters) where the students submit their reports for similarity/plagiarism checks.

Source: CVE-2023-34831

CVE-2023-37237

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.

Source: CVE-2023-37237

CVE-2023-2982

The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.

Source: CVE-2023-2982

CVE-2022-46407

Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile� where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability

Source: CVE-2022-46407

CVE-2022-26899

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Source: CVE-2022-26899

CVE-2023-1602

The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the ‘comment’ parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Source: CVE-2023-1602

CVE-2023-36476

calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves.

Source: CVE-2023-36476

CVE-2022-29147

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Source: CVE-2022-29147

CVE-2022-29146

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Source: CVE-2022-29146