CVE-2023-36651 - Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials.
Published: December 11, 2023; 8:15:10 PM -0500

V3.1: 7.2 HIGH

CVE-2023-42476 - SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful ex... read CVE-2023-42476
Published: December 11, 2023; 8:15:10 PM -0500

V3.1: 6.8 MEDIUM

CVE-2023-36647 - A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
Published: December 11, 2023; 8:15:10 PM -0500

V3.1: 7.5 HIGH

CVE-2023-42481 - In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerc... read CVE-2023-42481
Published: December 11, 2023; 8:15:11 PM -0500

V3.1: 8.1 HIGH

CVE-2023-36650 - A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.
Published: December 11, 2023; 8:15:10 PM -0500

V3.1: 7.2 HIGH

CVE-2023-36648 - Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kaf... read CVE-2023-36648
Published: December 11, 2023; 8:15:10 PM -0500

V3.1: 8.2 HIGH

CVE-2023-42874 - This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard.
Published: December 11, 2023; 8:15:11 PM -0500

V3.1: 2.4 LOW

CVE-2023-42478 - SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.
Published: December 11, 2023; 8:15:10 PM -0500

V3.1: 7.6 HIGH

CVE-2023-42898 - The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution.
Published: December 11, 2023; 8:15:11 PM -0500

V3.1: 5.5 MEDIUM

CVE-2023-6679 - A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.
Published: December 11, 2023; 2:15:09 PM -0500

V3.1: 5.5 MEDIUM

CVE-2023-6194 - In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML ... read CVE-2023-6194
Published: December 11, 2023; 9:15:31 AM -0500

V3.1: 7.1 HIGH

CVE-2023-5500 - This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device.
Published: December 11, 2023; 2:15:07 AM -0500

V3.1: 8.8 HIGH

CVE-2023-6656 - ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads... read CVE-2023-6656
Published: December 10, 2023; 4:15:07 PM -0500

V3.1: 7.5 HIGH

CVE-2023-5480 - Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)
Published: November 01, 2023; 2:15:09 PM -0400

V3.1: 6.1 MEDIUM

CVE-2023-5482 - Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Published: November 01, 2023; 2:15:09 PM -0400

V3.1: 8.8 HIGH

CVE-2023-5849 - Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: November 01, 2023; 2:15:10 PM -0400

V3.1: 8.8 HIGH

CVE-2023-5850 - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
Published: November 01, 2023; 2:15:10 PM -0400

V3.1: 4.3 MEDIUM

CVE-2023-5851 - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
Published: November 01, 2023; 2:15:10 PM -0400

V3.1: 4.3 MEDIUM

CVE-2023-5852 - Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Published: November 01, 2023; 2:15:10 PM -0400

V3.1: 8.8 HIGH

CVE-2023-5853 - Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
Published: November 01, 2023; 2:15:10 PM -0400

V3.1: 4.3 MEDIUM