Skip to main content
CVE-2023-2228 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF Modoboa
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-2220 MEDIUM POC This Month

A vulnerability was found in Dream Technology mica up to 3.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mica
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2216 MEDIUM POC This Month

A vulnerability classified as problematic was found in Campcodes Coffee Shop POS System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Coffee Shop Pos System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1998 MEDIUM POC PATCH This Month

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. Rated medium severity (CVSS 5.6). Public exploit code available.

Code Injection Linux Linux Kernel Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
5.6
EPSS
1.4%
CVE-2023-29575 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29020 MEDIUM PATCH This Month

@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Passport
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-2202 MEDIUM PATCH This Month

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Rosariosis
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2139 MEDIUM This Month

A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Delmia Apriso
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26100 MEDIUM This Month

In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Flowmon Os
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2219 MEDIUM This Month

A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as problematic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Task Reminder System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2118 MEDIUM This Month

Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2226 MEDIUM This Month

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Velociraptor
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-29917 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29916 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29915 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29914 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29913 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29912 MEDIUM This Month

H3C Magic R200 R200V100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29911 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29910 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29909 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29908 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29907 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29906 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29905 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy