CVE-2023-45799
In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files.
Source: CVE-2023-45799
CVE-2023-45799
In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files.
Source: CVE-2023-45799
CVE-2023-45746
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.
Source: CVE-2023-45746
CVE-2023-44141
Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file.
Source: CVE-2023-44141
CVE-2023-46866
In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes.
Source: CVE-2023-46866
CVE-2021-25736
Kube-proxy
on Windows can unintentionally forward traffic to local processes
listening on the same port (“spec.ports[*].port�) as a LoadBalancer
Service when the LoadBalancer controller
does not set the “status.loadBalancer.ingress[].ip� field. Clusters
where the LoadBalancer controller sets the
“status.loadBalancer.ingress[].ip� field are unaffected.
Source: CVE-2021-25736
CVE-2023-46867
In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference.
Source: CVE-2023-46867
CVE-2023-5842
Cross-site Scripting (XSS) – Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
Source: CVE-2023-5842
CVE-2023-46865
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
Source: CVE-2023-46865
CVE-2023-44002
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: CVE-2023-44002
CVE-2023-46863
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.
Source: CVE-2023-46863