CVE-2023-40685
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116.
Source: CVE-2023-40685
CVE-2023-43041
IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808.
Source: CVE-2023-43041
CVE-2023-46858
** DISPUTED ** Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses … admins and teachers can post XSS-capable content, but students can not."
Source: CVE-2023-46858
CVE-2023-5838
Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.
Source: CVE-2023-5838
CVE-2023-5839
Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.
Source: CVE-2023-5839
CVE-2023-5840
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg/linkstack prior to v4.2.9.
Source: CVE-2023-5840
CVE-2023-40686
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM X-Force ID: 264114.
Source: CVE-2023-40686
CVE-2023-5836
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243800.
Source: CVE-2023-5836
CVE-2023-46854
Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.
Source: CVE-2023-46854
CVE-2023-5837
A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243802 is the identifier assigned to this vulnerability.
Source: CVE-2023-5837