CVE-2023-5306
Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The ‘city’ parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.
Source: CVE-2023-5306
CVE-2023-44486
Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The ‘address’ parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.
Source: CVE-2023-44486
CVE-2023-3676
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
Source: CVE-2023-3676
CVE-2023-20886
VMware Workspace ONE UEM console contains an open redirect vulnerability.
A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.
Source: CVE-2023-20886
CVE-2023-3955
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
Source: CVE-2023-3955
CVE-2023-46484
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.
Source: CVE-2023-46484
CVE-2023-46485
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.
Source: CVE-2023-46485
CVE-2023-43295
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.
Source: CVE-2023-43295
CVE-2023-39610
An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.
Source: CVE-2023-39610
CVE-2023-41377
In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.
Source: CVE-2023-41377