CVE Vulnerabilities in 2023

Videolan Vlc Media Player Nov 7, 2023

Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.

CVE-2023-47359

Videolan Vlc Media Player Nov 7, 2023

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.

CVE-2023-5443

E-Invoice Project E-Invoice Oct 27, 2023

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1.

CVE-2023-5807

Trteksolutions Education Portal Oct 27, 2023

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: before 3.2023.29.

CVE-2023-5570

Inohom Home Manager Gateway Oct 27, 2023

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting. This issue affects Home Manager Gateway: before v.1.27.12.

CVE-2023-46136

8.0 high

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by c

Palletsprojects Werkzeug Oct 25, 2023

CVE-2023-5046

Biltay Procost Oct 12, 2023

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Procost: before 1390.

CVE-2023-5045

Biltay Kayisi Oct 12, 2023

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Kayisi: before 1286.

CVE-2023-36565

7.0 high

Microsoft Office Graphics Elevation of Privilege Vulnerability

Microsoft Office Oct 10, 2023

CVE-2023-45199

Trustedfirmware Mbed Tls Oct 7, 2023

Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.

CVE-2023-43615

Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

Arm Mbed Tls Oct 7, 2023

CVE-2023-4530

Turnatasarim Advertising Administration Panel Oct 6, 2023

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection. This issue affects Advertising Administration Panel: before 1.1.

CVE-2023-4934

8.8 high

Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass. This issue affects AYBS: before 1.0.3.

Usta Aybs Sep 27, 2023

CVE-2023-4737

Hedeftakip Admin Portal Sep 27, 2023

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection. This issue affects Admin Panel: before 1.2.

CVE-2023-35071

Mrv Logging Administration Panel Sep 27, 2023

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection. This issue affects Logging Administration Panel: before 20230915 .

CVE-2023-41325

7.4 high

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify

Trustedfirmware Op-Tee Sep 15, 2023

CVE-2023-4835

Petroleum Management Software Application Project Petroleum Management Software Application Sep 15, 2023

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection. This issue affects Oil Management Software: before 20230912 .

CVE-2023-4833

Besttem Network Marketing Project Besttem Network Marketing Sep 15, 2023

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection. This issue affects Network Marketing Software: before 1.0.2309.6.

CVE-2023-4665

8.8 high

Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.

CVE-2023-4664

8.8 high

Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.

CVE-2023-4663

6.1 medium

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS. This issue affects Saphira Connect: before 9.

CVE-2023-4662

Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. This issue affects Saphira Connect: before 9.

CVE-2023-4661

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection. This issue affects Saphira Connect: before 9.

CVE-2023-4670