National Vulnerability Database – Page 16

CVE-2023-31416 (apm_server, elastic_cloud_on_kubernetes)

Posted on October 26, 2023 by National Vulnerability Database

Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment. Continue reading CVE-2023-31416 (apm_server, elastic_cloud_on_kubernetes)→

CVE-2023-46435 (packers_and_movers_management_system)

Posted on October 26, 2023 by National Vulnerability Database

Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. Continue reading CVE-2023-46435 (packers_and_movers_management_system)→

CVE-2023-31419 (elasticsearch)

Posted on October 26, 2023 by National Vulnerability Database

A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. Continue reading CVE-2023-31419 (elasticsearch)→

CVE-2023-31417 (elasticsearch)

Posted on October 26, 2023 by National Vulnerability Database

Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is … Continue reading CVE-2023-31417 (elasticsearch)→

CVE-2023-31418 (elastic_cloud_enterprise, elasticsearch)

Posted on October 26, 2023 by National Vulnerability Database

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The is… Continue reading CVE-2023-31418 (elastic_cloud_enterprise, elasticsearch)→

CVE-2023-5792 (sticky_notes_app)

Posted on October 26, 2023 by National Vulnerability Database

A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can… Continue reading CVE-2023-5792 (sticky_notes_app)→

CVE-2023-5790 (file_manager_app)

Posted on October 26, 2023 by National Vulnerability Database

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestrict… Continue reading CVE-2023-5790 (file_manager_app)→

CVE-2023-5791 (sticky_notes_app)

Posted on October 26, 2023 by National Vulnerability Database

A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting… Continue reading CVE-2023-5791 (sticky_notes_app)→

CVE-2023-43208 (mirth_connect)

Posted on October 26, 2023 by National Vulnerability Database

NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. Continue reading CVE-2023-43208 (mirth_connect)→

CVE-2023-46450 (inventory_management_system)

Posted on October 26, 2023 by National Vulnerability Database

Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. Continue reading CVE-2023-46450 (inventory_management_system)→