CVE-2023-37627

Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc.

Source: CVE-2023-37627

CVE-2023-37456

The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.

Source: CVE-2023-37456

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2 and Firefox ESR < 115.0.2.

Source: CVE-2023-3600

CVE-2023-20185

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic.

This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites.

Cisco has not released and will not release software updates that address this vulnerability.

Source: CVE-2023-20185

CVE-2023-37455

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.

Source: CVE-2023-37455

CVE-2023-20207

A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.

This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text.

Source: CVE-2023-20207

CVE-2023-20210

A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device.

The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.

Source: CVE-2023-20210

CVE-2023-38069

In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases

Source: CVE-2023-38069

CVE-2023-38063

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

Source: CVE-2023-38063

CVE-2023-3595

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* Ethernet/IP communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.

Source: CVE-2023-3595