Vulnerabilities

Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4024. Reason: This record is a duplicate of CVE-2023-4024. Notes: All CVE users should reference CVE-2023-4024 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

Issue summary: Checking excessively long DH keys or parameters may be very slow.<br /> <br /> Impact summary: Applications that use the functions DH_check(), DH_check_ex()<br /> or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long<br /> delays. Where the key or parameters that are being checked have been obtained<br /> from an untrusted source this may lead to a Denial of Service.<br /> <br /> The function DH_check() performs various checks on DH parameters. After fixing<br /> CVE-2023-3446 it was discovered that a large q parameter value can also trigger<br /> an overly long computation during some of these checks. A correct q value,<br /> if present, cannot be larger than the modulus p parameter, thus it is<br /> unnecessary to perform these checks if q is larger than p.<br /> <br /> An application that calls DH_check() and supplies a key or parameters obtained<br /> from an untrusted source could be vulnerable to a Denial of Service attack.<br /> <br /> The function DH_check() is itself called by a number of other OpenSSL functions.<br /> An application calling any of those other functions may similarly be affected.<br /> The other functions affected by this are DH_check_ex() and<br /> EVP_PKEY_param_check().<br /> <br /> Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications<br /> when using the "-check" option.<br /> <br /> The OpenSSL SSL/TLS implementation is not affected by this issue.<br /> <br /> The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java.

Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.

Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.

In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.

Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).

Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.

An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group&amp;#39;s real name parameter.