Skip to main content
CVE-2023-31426 MEDIUM This Month

The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4053 MEDIUM This Month

A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-4052 MEDIUM This Month

The Firefox updater created a directory writable by non-privileged users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox Firefox Esr
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-34869 MEDIUM This Month

PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Catering System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-33564 MEDIUM This Month

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Time Slots Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33560 MEDIUM This Month

There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Time Slots Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23548 MEDIUM This Month

Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Checkmk
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4049 MEDIUM This Month

Race conditions in reference counting code were found through code inspection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Mozilla Information Disclosure Firefox Debian Linux
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-38559 MEDIUM PATCH This Month

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service Ghostscript Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31429 MEDIUM This Month

Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38560 MEDIUM PATCH This Month

An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Denial Of Service Ghostscript
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4054 MEDIUM This Month

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37496 MEDIUM This Month

HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Verse
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-4046 MEDIUM This Month

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-4045 MEDIUM This Month

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Debian Linux
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-20583 MEDIUM This Month

A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-3738 MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy