電腦維修中心每天都會更新以下電腦病毒及入侵警告, 希望大家可以及早留意; 以免因病毒感染而引致資料遺失或硬件損壞!
PrimaryVendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wordpress -- wordpress | A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The name of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability. | 2023-05-28 | 9.8 | CVE-2014-125101MISCMISCMISC |
itrsgroup -- ninja | A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084. | 2023-05-28 | 9.8 | CVE-2021-4336MISCMISCMISCMISC |
huawei -- emui | Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read. | 2023-05-26 | 9.8 | CVE-2021-46887MISC |
audiocodes -- device_manager_express | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. | 2023-05-29 | 9.8 | CVE-2022-24627MISC |
audiocodes -- device_manager_express | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/. | 2023-05-29 | 9.8 | CVE-2022-24629MISC |
microsoft -- windows_10 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | 2023-05-31 | 9.8 | CVE-2022-35744MISC |
shopbeat -- shop_beat_media_player | Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions. | 2023-05-30 | 9.8 | CVE-2022-36246MISC |
sprecher_automation -- sprecon-e_cpu | Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines. | 2023-06-01 | 9.8 | CVE-2022-4333MISC |
huawei -- harmonyos | The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | 2023-05-26 | 9.8 | CVE-2022-48478MISC |
huawei -- harmonyos | The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | 2023-05-26 | 9.8 | CVE-2022-48479MISC |
samsung -- galaxy_store | Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | 2023-05-26 | 9.8 | CVE-2023-21514MISC |
wade_digital_design_co_ltd. -- fantsy | Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service. | 2023-06-02 | 9.8 | CVE-2023-28698MISC |
elite_technology_corp. -- web_fax | ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service. | 2023-06-02 | 9.8 | CVE-2023-28701MISC |
tenda -- ac6_firmware | A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-27 | 9.8 | CVE-2023-2923MISCMISCMISC |
supcontech -- simfield_firmware | A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-27 | 9.8 | CVE-2023-2924MISCMISCMISC |
jizhicms -- jizhicms | A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability. | 2023-05-27 | 9.8 | CVE-2023-2927MISCMISCMISC |
sourcecodester -- students_online_internship_timesheet_system | A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Affected is an unknown function of the file rendered_report.php of the component GET Parameter Handler. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230142 is the identifier assigned to this vulnerability. | 2023-05-29 | 9.8 | CVE-2023-2955MISCMISCMISC |
sourcecodester -- faculty_evaluation_system | A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edit_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230150 is the identifier assigned to this vulnerability. | 2023-05-29 | 9.8 | CVE-2023-2962MISCMISCMISC |
erikoglu_technology -- ermon | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602. | 2023-06-02 | 9.8 | CVE-2023-3000MISC |
tuzitio -- camaleon_cms | Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. | 2023-05-26 | 9.8 | CVE-2023-30145MISCMISCMISCMISCMISC |
hitron_technologies_inc. -- hitron_coda-5310 | Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service. | 2023-06-02 | 9.8 | CVE-2023-30603MISC |
hitron_technologies_inc. -- hitron_coda-5310 | It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service. | 2023-06-02 | 9.8 | CVE-2023-30604MISC |
okfn -- ckan | CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker's session store when configured to use the file session store backend. Potential DOS due to lack of a length check on the resource id. Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don't have access to it. Resource overwrite: A user with permission to create a resource can overwrite any resource if they know the id, even if they don't have access to it. A user with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded file in an arbitrary location. This can be leveraged to Remote Code Execution via Beaker's insecure pickle loading. All the above listed vulnerabilities have been fixed in CKAN 2.9.9 and CKAN 2.10.1. Users are advised to upgrade. There are no known workarounds for these issues. | 2023-05-26 | 9.8 | CVE-2023-32321MISCMISC |
samsung -- galaxy_store | XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | 2023-05-26 | 9.6 | CVE-2023-21516MISC |
shopbeat -- shop_beat_media_player | Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za. | 2023-05-30 | 9.1 | CVE-2022-36247MISC |
haxx -- curl | An information disclosure vulnerability exists in curl 2023-05-26 |
9.1 |
CVE-2023-28322MISC |
|
bus_dispatch_and_information_system -- bus_dispatch_and_information_system | A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112. | 2023-05-28 | 9.1 | CVE-2023-2951MISCMISCMISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions. | 2023-05-29 | 8.8 | CVE-2022-33974MISC |
shopbeat -- shop_beat_media_player | Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery (CSRF). | 2023-05-30 | 8.8 | CVE-2022-36250MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions. | 2023-05-28 | 8.8 | CVE-2022-36345MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <= 2.2.8 versions. | 2023-05-29 | 8.8 | CVE-2022-45372MISC |
sguda -- u-lock | SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks. | 2023-06-02 | 8.8 | CVE-2022-46307MISC |
sguda -- u-lock | SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information. | 2023-06-02 | 8.8 | CVE-2022-46308MISC |
samsung -- galaxy_store | InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | 2023-05-26 | 8.8 | CVE-2023-21515MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin <= 1.1 versions. | 2023-05-26 | 8.8 | CVE-2023-22693MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions. | 2023-05-26 | 8.8 | CVE-2023-23714MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin <= 7.1.4 versions. | 2023-05-26 | 8.8 | CVE-2023-24007MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin <= 0.7.8 versions. | 2023-05-26 | 8.8 | CVE-2023-24008MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <= 2.0.7 versions. | 2023-05-26 | 8.8 | CVE-2023-25029MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean Up plugin <= 1.2.3 versions. | 2023-05-26 | 8.8 | CVE-2023-25034MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <= 0.58 versions. | 2023-05-26 | 8.8 | CVE-2023-25038MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions. | 2023-05-26 | 8.8 | CVE-2023-25058MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions. | 2023-05-26 | 8.8 | CVE-2023-25467MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin <= 0.3 versions. | 2023-05-26 | 8.8 | CVE-2023-25470MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugin <= 1.4.1 versions. | 2023-05-26 | 8.8 | CVE-2023-25971MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions. | 2023-05-26 | 8.8 | CVE-2023-25976MISC |
wade_digital_design_co_ltd. -- fantsy | Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service. | 2023-06-02 | 8.8 | CVE-2023-28699MISC |
asus -- rt-ac86u | ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service. | 2023-06-02 | 8.8 | CVE-2023-28702MISC |
furbo -- dog_camera | Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service. | 2023-06-02 | 8.8 | CVE-2023-28704MISC |
dedecms -- dedecms | A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083. | 2023-05-27 | 8.8 | CVE-2023-2928MISCMISCMISC |
google -- chrome | Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-05-30 | 8.8 | CVE-2023-2929MISCMISCMISC |
google -- chrome | Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-05-30 | 8.8 | CVE-2023-2930MISCMISCMISC |
google -- chrome | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | 2023-05-30 | 8.8 | CVE-2023-2931MISCMISCMISC |
google -- chrome | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | 2023-05-30 | 8.8 | CVE-2023-2932MISCMISCMISC |
google -- chrome | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | 2023-05-30 | 8.8 | CVE-2023-2933MISCMISCMISC |
google -- chrome | Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-05-30 | 8.8 | CVE-2023-2934MISCMISCMISC |
google -- chrome | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-05-30 | 8.8 | CVE-2023-2935MISCMISCMISC |
google -- chrome | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-05-30 | 8.8 | CVE-2023-2936MISCMISCMISC |
open-emr -- openemr | Code Injection in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | 8.8 | CVE-2023-2943MISCCONFIRM |
fs -- s3900_24t4s_firmware | FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password. | 2023-05-29 | 8.8 | CVE-2023-30350MISC |
yank-note -- yank_note | Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process'). | 2023-05-29 | 8.8 | CVE-2023-31874MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions. | 2023-05-26 | 8.8 | CVE-2023-32964MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions. | 2023-05-28 | 8.8 | CVE-2023-33212MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <= 1.2.9 versions. | 2023-05-28 | 8.8 | CVE-2023-33313MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions. | 2023-05-28 | 8.8 | CVE-2023-33314MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.2 versions. | 2023-05-28 | 8.8 | CVE-2023-33315MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | 2023-05-28 | 8.8 | CVE-2023-33316MISC |
xuxueli -- xxl-job | A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/. | 2023-05-26 | 8.8 | CVE-2023-33779MISCMISCMISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions. | 2023-05-28 | 8.8 | CVE-2023-33926MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.4 versions. | 2023-05-28 | 8.8 | CVE-2023-33931MISC |
microsoft -- multiple_products | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 2023-05-31 | 8.1 | CVE-2022-35745MISC |
microsoft -- multiple_products | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 2023-05-31 | 8.1 | CVE-2022-35752MISC |
microsoft -- multiple_products | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 2023-05-31 | 8.1 | CVE-2022-35753MISC |
et-x -- ess_rec | Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1 | 2023-05-26 | 8.1 | CVE-2023-28382MISCMISC |
open-emr -- openemr | Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | 8.1 | CVE-2023-2942MISCCONFIRM |
open-emr -- openemr | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | 8.1 | CVE-2023-2946CONFIRMMISC |
open-emr -- openemr | Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-28 | 8.1 | CVE-2023-2950MISCCONFIRM |
microsoft -- multiple_products | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 2023-05-31 | 7.8 | CVE-2022-35743MISC |
microsoft -- multiple_products | Windows Digital Media Receiver Elevation of Privilege Vulnerability | 2023-05-31 | 7.8 | CVE-2022-35746MISC |
microsoft -- multiple_products | Windows Digital Media Receiver Elevation of Privilege Vulnerability | 2023-05-31 | 7.8 | CVE-2022-35749MISC |
microsoft -- multiple_products | Win32k Elevation of Privilege Vulnerability | 2023-05-31 | 7.8 | CVE-2022-35750MISC |
microsoft -- multiple_products | Windows Hyper-V Elevation of Privilege Vulnerability | 2023-05-31 | 7.8 | CVE-2022-35751MISC |
microsoft -- multiple_products | Windows Kerberos Elevation of Privilege Vulnerability | 2023-05-31 | 7.8 | CVE-2022-35756MISC |
usebottles -- bottles | Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file. | 2023-05-26 | 7.8 | CVE-2023-22970MISCFEDORAFEDORA |
n158_project -- n158 | All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function.
**Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. |
2023-05-27 | 7.8 | CVE-2023-26127MISCMISC |
keep-module-latest -- keep-module-latest | All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function.
**Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. |
2023-05-27 | 7.8 | CVE-2023-26128MISCMISC |
bwm-ng_project -- bwm-ng | All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file.
**Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. |
2023-05-27 | 7.8 | CVE-2023-26129MISC |
google -- chrome | Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) | 2023-05-30 | 7.8 | CVE-2023-2939MISCMISCMISC |
gin -- gin | Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process'). | 2023-05-28 | 7.8 | CVE-2023-31873MISC |
huawei -- emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46881MISC |
huawei -- emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46882MISC |
huawei -- emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46883MISC |
huawei -- emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46884MISC |
huawei -- emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46885MISC |
huawei -- emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46886MISC |
microsoft -- multiple_products | Microsoft Outlook Denial of Service Vulnerability | 2023-06-01 | 7.5 | CVE-2022-35742MISC |
microsoft -- windows_server | HTTP.sys Denial of Service Vulnerability | 2023-05-31 | 7.5 | CVE-2022-35748MISC |
nagvis -- nagvis | Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. | 2023-05-26 | 7.5 | CVE-2022-46945CONFIRMMISC |
huawei -- emui | Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-05-26 | 7.5 | CVE-2022-48480MISC |
huawei -- emui | The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2023-0116MISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. | 2023-05-26 | 7.5 | CVE-2023-2825MISCMISCCONFIRM |
haxx -- curl | A use after free vulnerability exists in curl 2023-05-26 |
7.5 |
CVE-2023-28319MISC |
|
haxx -- curl | An improper certificate validation vulnerability exists in curl 2023-05-26 |
7.5 |
CVE-2023-28321MISC |
|
wireshark -- wireshark | GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file | 2023-05-26 | 7.5 | CVE-2023-2879MISCCONFIRMMISCMLIST |
linuxmint -- warpinator | Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames. | 2023-05-29 | 7.5 | CVE-2023-29380MISCMISC |
libreswan -- libreswan | pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. | 2023-05-29 | 7.5 | CVE-2023-30570CONFIRM |
hitron_technologies_inc. -- hitron_coda-5310 | Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator. | 2023-06-02 | 7.5 | CVE-2023-30602MISC |
oracle -- apache_openfire | Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice. | 2023-05-26 | 7.5 | CVE-2023-32315MISC |
parseplatform -- parse_server_push_adapter | parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3. | 2023-05-27 | 7.5 | CVE-2023-32688MISCMISCMISC |
qt -- qt | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. | 2023-05-28 | 7.5 | CVE-2023-32763CONFIRMMISC |
microsoft -- edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-06-03 | 7.5 | CVE-2023-33143MISC |
tweedegolf -- ntpd-rs | ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3. | 2023-05-27 | 7.5 | CVE-2023-33192MISCMISC |
talend -- data_catalog | Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.) | 2023-05-26 | 7.5 | CVE-2023-33247MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks | 2023-05-31 | 7.5 | CVE-2023-34227MISC |
ebankit -- ebankit | In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.) | 2023-05-28 | 7.4 | CVE-2023-33291MISCMISC |
microsoft -- multiple_products | Windows Print Spooler Elevation of Privilege Vulnerability | 2023-05-31 | 7.3 | CVE-2022-35755MISC |
microsoft -- multiple_products | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 2023-05-31 | 7.3 | CVE-2022-35757MISC |
audiocodes -- device_manager_express | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. | 2023-05-29 | 7.2 | CVE-2022-24628MISC |
audiocodes -- device_manager_express | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed. | 2023-05-29 | 7.2 | CVE-2022-24630MISC |
hitron_technologies_inc. -- hitron_coda-5310 | Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | 2023-06-02 | 7.2 | CVE-2022-47616MISC |
hitron_technologies_inc. -- hitron_coda-5310 | Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption. | 2023-06-02 | 7.2 | CVE-2022-47617MISC |
wordpress -- wordpress | The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role. | 2023-05-30 | 7.2 | CVE-2023-0329MISC |
zyxel -- nas326_firmware | The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely. | 2023-05-30 | 7.2 | CVE-2023-27988CONFIRM |
asus -- rt-ac86u | ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service. | 2023-06-02 | 7.2 | CVE-2023-28703MISC |
autolabproject -- autolab | Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both "Base File Tar" and "Additional file archive" can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade. | 2023-05-26 | 7.2 | CVE-2023-32317MISCMISC |
sourcecodester -- faculty_evaluation_system | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. | 2023-05-26 | 7.2 | CVE-2023-33439MISC |
sourcecodester -- faculty_evaluation_system | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. | 2023-05-26 | 7.2 | CVE-2023-33440MISCMISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33627MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33628MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33629MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EditvsList interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33630MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33631MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33632MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33633MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33634MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33635MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33636MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33637MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33638MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33639MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33640MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33641MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33642MISC |
h3c -- magic_r300-2100m_firmware | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. | 2023-05-31 | 7.2 | CVE-2023-33643MISC |
PrimaryVendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
sprecher_automation -- multiple_products | In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device. | 2023-06-01 | 6.8 | CVE-2022-4332MISC |
itpison -- omicard_edm | OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | 2023-06-02 | 6.8 | CVE-2023-28700MISC |
microsoft -- multiple_products | Unified Write Filter Elevation of Privilege Vulnerability | 2023-05-31 | 6.7 | CVE-2022-35754MISC |
nextcloud -- nextcloud_server | Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1. | 2023-05-26 | 6.7 | CVE-2023-32318MISCMISC |
microsoft -- multiple_products | Windows Local Security Authority (LSA) Denial of Service Vulnerability | 2023-05-31 | 6.5 | CVE-2022-35759MISC |
matrix -- synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0 | 2023-05-26 | 6.5 | CVE-2022-39374MISCMISC |
redhat -- keycloak | A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of "Cannot validate client certificate trust: Truststore not available". This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use "Revalidate Client Certificate" this flaw is avoidable. | 2023-05-26 | 6.5 | CVE-2023-1664MISC |
open-xchange -- ox_app_suite | OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data. | 2023-05-29 | 6.5 | CVE-2023-24603MISCMISC |
wireshark -- wireshark | BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 6.5 | CVE-2023-2854MISCCONFIRMMISC |
wireshark -- wireshark | Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 6.5 | CVE-2023-2855CONFIRMMISCMISC |
wireshark -- wireshark | VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 6.5 | CVE-2023-2856CONFIRMMISCMISCMLIST |
wireshark -- wireshark | BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 6.5 | CVE-2023-2857MISCMISCCONFIRM |
wireshark -- wireshark | NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 6.5 | CVE-2023-2858MISCMISCCONFIRMMLIST |
seacms -- seacms | A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230081 was assigned to this vulnerability. | 2023-05-27 | 6.5 | CVE-2023-2926MISCMISCMISC |
google -- chrome | Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-05-30 | 6.5 | CVE-2023-2940MISCMISCMISC |
avaya -- ix_workforce_engagement | Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials | 2023-05-30 | 6.5 | CVE-2023-31187MISC |
nextcloud -- nextcloud_server | Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-05-26 | 6.5 | CVE-2023-32319MISCMISC |
mp4v2_project -- mp4v2 | mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. | 2023-05-26 | 6.5 | CVE-2023-33720MISC |
vmware -- nsx-t_data_center | NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. | 2023-05-26 | 6.1 | CVE-2023-20868MISC |
open-xchange -- ox_app_suite | OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree. | 2023-05-29 | 6.1 | CVE-2023-24601MISCMISC |
open-xchange -- ox_app_suite | OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title. | 2023-05-29 | 6.1 | CVE-2023-24602MISCMISC |
monitorclick -- forms_ada | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorClick Forms Ada – Form Builder plugin <= 1.0 versions. | 2023-05-29 | 6.1 | CVE-2023-27613MISC |
artistscope -- copysafe_web_protection | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <= 3.13 versions. | 2023-05-26 | 6.1 | CVE-2023-29098MISC |
sourcecodester -- comment_system | A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076. | 2023-05-27 | 6.1 | CVE-2023-2922MISCMISCMISC |
open-emr -- openemr | Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-28 | 6.1 | CVE-2023-2948MISCCONFIRM |
open-emr -- openemr | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-28 | 6.1 | CVE-2023-2949CONFIRMMISC |
phpmyfaq -- phpmyfaq | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. | 2023-05-31 | 6.1 | CVE-2023-2998CONFIRMMISC |
phpmyfaq -- phpmyfaq | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. | 2023-05-31 | 6.1 | CVE-2023-2999CONFIRMMISC |
avaya -- ix_workforce_engagement | Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | 2023-05-30 | 6.1 | CVE-2023-32218MISC |
posthog -- posthog-js | PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place. | 2023-05-27 | 6.1 | CVE-2023-32325MISCMISC |
python -- requests | Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. | 2023-05-26 | 6.1 | CVE-2023-32681MISCMISCMISCMISCMISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank Math SEO PRO plugin <= 3.0.35 versions. | 2023-05-28 | 6.1 | CVE-2023-32800MISC |
craftcms -- craft_cms | Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6. | 2023-05-27 | 6.1 | CVE-2023-33195MISCMISCMISC |
uthscsa -- papaya_viewer | An issue was discovered in Papaya Viewer 4a42701. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application | 2023-05-26 | 6.1 | CVE-2023-33255MISCMISCFULLDISCMISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <= 4.5.11 versions. | 2023-05-28 | 6.1 | CVE-2023-33309MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | 2023-05-28 | 6.1 | CVE-2023-33319MISC |
wordpress -- wordpress | Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions. | 2023-05-28 | 6.1 | CVE-2023-33326MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <= 2.1.76 versions. | 2023-05-28 | 6.1 | CVE-2023-33332MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible | 2023-05-31 | 6.1 | CVE-2023-34222MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible | 2023-05-31 | 6.1 | CVE-2023-34226MISC |
microsoft -- multiple_products | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | 2023-05-31 | 5.9 | CVE-2022-35747MISC |
cloudfoundry -- routing_release | In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool. | 2023-05-26 | 5.9 | CVE-2023-20882MISC |
haxx -- curl | A denial of service vulnerability exists in curl 2023-05-26 |
5.9 |
CVE-2023-28320MISC |
|
status_internet_co._ltd. -- powerbpm | It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence. | 2023-06-02 | 5.7 | CVE-2023-25780MISC |
microsoft -- multiple_products | Windows Kernel Memory Information Disclosure Vulnerability | 2023-05-31 | 5.5 | CVE-2022-35758MISC |
avahi -- avahi | A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. | 2023-05-26 | 5.5 | CVE-2023-1981MISCMISCMISC |
omninotes -- omni_notes | Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability. | 2023-05-27 | 5.5 | CVE-2023-33188MISC |
audiocodes -- device_manager_express | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter. | 2023-05-29 | 5.4 | CVE-2022-24631MISC |
shopbeat -- shop_beat_media_player | Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za. | 2023-05-30 | 5.4 | CVE-2022-36244MISC |
shopbeat -- shop_beat_media_player | Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level. | 2023-05-30 | 5.4 | CVE-2022-36249MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Reynolds Progress Bar plugin <= 2.2.1 versions. | 2023-05-29 | 5.4 | CVE-2023-23699MISC |
craftcms -- craft_cms | A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively. | 2023-05-26 | 5.4 | CVE-2023-2817MISCMISC |
openfind_mail2000 -- openfind_mail2000 | Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack. | 2023-06-02 | 5.4 | CVE-2023-28705MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions. | 2023-05-28 | 5.4 | CVE-2023-28785MISC |
webkul -- krayin_crm | A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230079. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-27 | 5.4 | CVE-2023-2925MISCMISCMISC |
open-emr -- openemr | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | 5.4 | CVE-2023-2944MISCCONFIRM |
open-emr -- openemr | Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | 5.4 | CVE-2023-2945CONFIRMMISC |
djangoblog_project -- djangoblog | Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/djangoblog prior to master. | 2023-05-29 | 5.4 | CVE-2023-2954MISCCONFIRM |
kiwitcms -- kiwi_tcms | Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. This issue has been patched in version 12.3. | 2023-05-27 | 5.4 | CVE-2023-32686MISCMISC |
craftcms -- craft_cms | Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7. | 2023-05-26 | 5.4 | CVE-2023-33196MISCMISCMISC |
craftcms -- craft_cms | Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6. | 2023-05-26 | 5.4 | CVE-2023-33197MISCMISCMISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CRM Perks Contact Form Entries plugin <= 1.3.0 versions. | 2023-05-28 | 5.4 | CVE-2023-33311MISC |
skycaiji -- skycaiji | skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data. | 2023-05-26 | 5.4 | CVE-2023-33394MISC |
invernyx -- smartcars_3 | A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article. | 2023-05-26 | 5.4 | CVE-2023-33780MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible | 2023-05-31 | 5.4 | CVE-2023-34220MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible | 2023-05-31 | 5.4 | CVE-2023-34221MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible | 2023-05-31 | 5.4 | CVE-2023-34225MISC |
audiocodes -- device_manager_express | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter. | 2023-05-29 | 5.3 | CVE-2022-24632MISC |
shopbeat -- shop_beat_media_player | Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm. | 2023-05-30 | 5.3 | CVE-2022-36243MISC |
huawei -- emui | The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime. | 2023-05-26 | 5.3 | CVE-2023-0117MISC |
open-xchange -- ox_app_suite | OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing. | 2023-05-29 | 5.3 | CVE-2023-24597MISCMISC |
netapp -- blue_xp_connector | NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector. | 2023-05-26 | 5.3 | CVE-2023-27311MISC |
avaya -- ix_workforce_engagement | Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy | 2023-05-30 | 5.3 | CVE-2023-31186MISC |
qt -- qt | An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. | 2023-05-28 | 5.3 | CVE-2023-32762CONFIRMMISCMISC |
nextcloud -- nextcloud_mail | Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3. | 2023-05-27 | 5.3 | CVE-2023-33184MISCMISCMISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases | 2023-05-31 | 5.3 | CVE-2023-34223MISC |
matrix -- synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade. | 2023-05-26 | 5 | CVE-2022-39335MISCMISCMISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions. | 2023-05-26 | 4.8 | CVE-2023-25781MISC |
open-emr -- openemr | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | 4.8 | CVE-2023-2947MISCCONFIRM |
craftcms -- craft_cms | Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6. | 2023-05-26 | 4.8 | CVE-2023-33194MISCMISCMISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in André Bräkling WP-Matomo Integration (WP-Piwik) plugin <= 1.0.27 versions. | 2023-05-28 | 4.8 | CVE-2023-33211MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments woodiscuz-woocommerce-comments allows Stored XSS.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.2.9. | 2023-05-28 | 4.8 | CVE-2023-33216MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps MailChimp Subscribe Form plugin <= 4.0.9.1 versions. | 2023-05-28 | 4.8 | CVE-2023-33328MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible | 2023-05-31 | 4.8 | CVE-2023-34224MISC |
linux -- kernel | There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. | 2023-05-26 | 4.7 | CVE-2023-2898MISC |
open-xchange -- ox_app_suite | OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user. | 2023-05-29 | 4.3 | CVE-2023-24598MISCMISC |
open-xchange -- ox_app_suite | OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion." | 2023-05-29 | 4.3 | CVE-2023-24599MISCMISC |
open-xchange -- ox_app_suite | OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book. | 2023-05-29 | 4.3 | CVE-2023-24600MISCMISC |
open-xchange -- ox_app_suite | OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data. | 2023-05-29 | 4.3 | CVE-2023-24604MISCMISC |
google -- chrome | Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 2023-05-30 | 4.3 | CVE-2023-2937MISCMISCMISC |
google -- chrome | Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 2023-05-30 | 4.3 | CVE-2023-2938MISCMISCMISC |
google -- chrome | Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low) | 2023-05-30 | 4.3 | CVE-2023-2941MISCMISCMISC |
fit2cloud -- cloudexplorer | CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-05-26 | 4.3 | CVE-2023-32311MISC |
fit2cloud -- cloudexplorer | CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability. | 2023-05-26 | 4.3 | CVE-2023-32316MISC |
matrix -- synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently. | 2023-05-26 | 4.3 | CVE-2023-32323MISCMISCMISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API | 2023-05-31 | 4.3 | CVE-2023-34219MISC |
open-xchange -- ox_app_suite | OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens. | 2023-05-29 | 4.2 | CVE-2023-24605MISCMISC |
PrimaryVendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
huawei -- emui | The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. | 2023-05-26 | 3.3 | CVE-2023-31225MISC |
PrimaryVendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
stars_alliance -- psychostats | A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.2.2b is able to address this issue. The name of the patch is 5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4. It is recommended to upgrade the affected component. The identifier VDB-230265 was assigned to this vulnerability. | 2023-06-01 | not yet calculated | CVE-2010-10010MISCMISCMISCMISCMISC |
wordpress -- wordpress | A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr_settings_page of the file twitter.php of the component Settings Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 2.15 is able to address this issue. The name of the patch is a6d4659cbb2cbf18ccb0fb43549d5113d74e0146. It is recommended to upgrade the affected component. VDB-230154 is the identifier assigned to this vulnerability. | 2023-05-31 | not yet calculated | CVE-2012-10015MISCMISCMISC |
wordpress -- wordpress | A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability. | 2023-05-29 | not yet calculated | CVE-2014-125102MISCMISCMISC |
wordpress -- wordpress | A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function twttr_settings_page of the file twitter.php. The manipulation of the argument twttr_url_twitter/bws_license_key/bws_license_plugin leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is e04d59ab578316ffeb204cf32dc71c0d0e1ff77c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230155. | 2023-05-31 | not yet calculated | CVE-2014-125103MISCMISCMISC |
wordpress -- wordpress | A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The name of the patch is e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263. | 2023-06-01 | not yet calculated | CVE-2014-125104MISCMISCMISCMISC |
wordpress -- wordpress | A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The name of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability. | 2023-05-31 | not yet calculated | CVE-2015-10107MISCMISCMISC |
wordpress -- wordpress | A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The name of the patch is 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability. | 2023-05-31 | not yet calculated | CVE-2015-10108MISCMISCMISCMISC |
wordpress -- wordpress | A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264. | 2023-06-01 | not yet calculated | CVE-2015-10109MISCMISCMISCMISC |
wordpress -- wordpress | A vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392. | 2023-06-02 | not yet calculated | CVE-2015-10110MISCMISCMISC |
fanpress_cm -- fanpress_cm | A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The name of the patch is c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235. | 2023-06-01 | not yet calculated | CVE-2018-25086MISCMISCMISCMISC |
oracle -- apache | In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive. | 2023-05-29 | not yet calculated | CVE-2019-19791CONFIRMMISC |
citadel -- citadel | An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure. | 2023-05-29 | not yet calculated | CVE-2020-29547MISCMISC |
mercury -- mac1200r | A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL. | 2023-05-29 | not yet calculated | CVE-2021-27825MISCMISC |
fighting_cock_information_system -- fighting_cock_information_system | SQL Injection vulnerability found in Fighting Cock Information System v.1.0 allows a remote attacker to obtain sensitive information via the edit_breed.php parameter. | 2023-05-31 | not yet calculated | CVE-2021-31233MISCMISC |
citadel -- citadel | An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potentially allows an attacker to cause a victim's e-mail messages to be stored into an attacker's IMAP mailbox, but depends on details of the victim's client behavior. | 2023-05-29 | not yet calculated | CVE-2021-37845MISCMISCMISC |
uniview -- ip_camera | Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using this buffer overflow, a remote attacker can start the telnetd service. This service has a hardcoded default username and password (root/123456). Although it has a restrictive shell, this can be easily bypassed via the built-in ECHO shell command. | 2023-05-31 | not yet calculated | CVE-2021-45039MISCMISC |
bluetooth -- bluetooth | Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device. | 2023-06-02 | not yet calculated | CVE-2022-24695MISCMISCMISC |
zte_corporation -- mobile_phones | There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission. | 2023-05-30 | not yet calculated | CVE-2022-39071MISC |
zte_corporation -- mobile_phones | There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission. | 2023-05-30 | not yet calculated | CVE-2022-39074MISC |
zte_corporation -- mobile_phones | There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission. | 2023-05-30 | not yet calculated | CVE-2022-39075MISC |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed). | 2023-05-29 | not yet calculated | CVE-2022-41766MISC |
honeywell -- onewireless | Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1 | 2023-05-30 | not yet calculated | CVE-2022-4240MISC |
honeywell -- onewireless | Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1 | 2023-05-30 | not yet calculated | CVE-2022-43485MISC |
suse -- rancher | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4. |
2023-06-01 | not yet calculated | CVE-2022-43760MISCMISC |
xfinity -- comcast_defined_technologies_microeisbss | An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation.. | 2023-06-02 | not yet calculated | CVE-2022-45938MISCMISC |
honeywell -- onewireless | An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2. | 2023-05-30 | not yet calculated | CVE-2022-46361MISC |
wordpress -- wordpress | The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 2023-05-30 | not yet calculated | CVE-2022-4676MISC |
action_launcher -- action_launcher_for_android | An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert. | 2023-05-30 | not yet calculated | CVE-2022-47028MISC |
action_launcher -- action_launcher | An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update. | 2023-05-30 | not yet calculated | CVE-2022-47029MISC |
foxit -- fox_data_diode | Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Zero vulnerability in the packet parser. A remote attacker could leverage this vulnerability to cause a denial-of-service. Exploitation of this issue does not require user interaction. | 2023-05-31 | not yet calculated | CVE-2022-47525MISCMISC |
foxit -- fox_data_diode | Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not require user interaction. | 2023-05-31 | not yet calculated | CVE-2022-47526MISCMISC |
linux -- kernel | An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c. | 2023-05-31 | not yet calculated | CVE-2022-48502MISCMISCMISC |
mozilla -- thunderbird | Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1. | 2023-06-02 | not yet calculated | CVE-2023-0430MISCMISC |
wordpress -- wordpress | The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked. | 2023-05-30 | not yet calculated | CVE-2023-0443MISC |
mozilla -- thunderbird | OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10. | 2023-06-02 | not yet calculated | CVE-2023-0547MISCMISC |
wordpress -- wordpress | The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons. | 2023-06-03 | not yet calculated | CVE-2023-0583MISCMISC |
wordpress -- wordpress | The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an arbitrary value. | 2023-06-03 | not yet calculated | CVE-2023-0584MISCMISC |
mozilla -- thunderbird | If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8. | 2023-06-02 | not yet calculated | CVE-2023-0616MISCMISC |
wordpress -- wordpress | The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks | 2023-05-30 | not yet calculated | CVE-2023-0733MISC |
wordpress -- wordpress | The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wp_newsletter_show_localrecord page is not protected with a nonce. | 2023-05-30 | not yet calculated | CVE-2023-0766MISC |
mozilla -- multiple_products | An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | not yet calculated | CVE-2023-0767MISCMISCMISCMISC |
zephyr -- zephyr | At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. | 2023-05-30 | not yet calculated | CVE-2023-0779MISC |
wordpress -- wordpress | The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-02 | not yet calculated | CVE-2023-1159MISCMISC |
hashicorp -- consul/consul_enterprise | Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3 | 2023-06-02 | not yet calculated | CVE-2023-1297MISC |
wordpress -- wordpress | The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's password. | 2023-05-30 | not yet calculated | CVE-2023-1524MISC |
wordpress -- wordpress | The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-05-31 | not yet calculated | CVE-2023-1661MISCMISC |
libssh -- libssh | A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. | 2023-05-26 | not yet calculated | CVE-2023-1667MISCMISCMISCFEDORAMLIST |
hitachi_energy -- foxman-un/unem | A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:* * * cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:* |
2023-05-30 | not yet calculated | CVE-2023-1711MISCMISC |
wordpress -- wordpress | The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind SSRF issue | 2023-05-30 | not yet calculated | CVE-2023-1938MISC |
mozilla -- multiple_products | Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. | 2023-06-02 | not yet calculated | CVE-2023-1945MISCMISCMISC |
wordpress -- wordpress | The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. | 2023-05-30 | not yet calculated | CVE-2023-2023MISC |
mitsubishi_electric -- multiple_products | Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing. | 2023-06-02 | not yet calculated | CVE-2023-2060MISCMISC |
mitsubishi_electric -- multiple_products | Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP. | 2023-06-02 | not yet calculated | CVE-2023-2061MISCMISC |
mitsubishi_electric -- multiple_products | Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP. | 2023-06-02 | not yet calculated | CVE-2023-2062MISCMISC |
mitsubishi_electric -- multiple_products | Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks. | 2023-06-02 | not yet calculated | CVE-2023-2063MISCMISC |
vmware -- multiple_products | VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | 2023-05-30 | not yet calculated | CVE-2023-20884MISC |
wordpress -- wordpress | The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database. | 2023-05-30 | not yet calculated | CVE-2023-2111MISC |
wordpress -- wordpress | The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is disabled, such as in a multisite setup. | 2023-05-30 | not yet calculated | CVE-2023-2113MISC |
wordpress -- wordpress | The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root. | 2023-05-30 | not yet calculated | CVE-2023-2117MISC |
wordpress -- wordpress | The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-02 | not yet calculated | CVE-2023-2201MISCMISC |
wordpress -- wordpress | The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-05-30 | not yet calculated | CVE-2023-2223MISC |
wordpress -- wordpress | The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting. | 2023-05-30 | not yet calculated | CVE-2023-2256MISC |
suse -- rancher | An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4. |
2023-06-01 | not yet calculated | CVE-2023-22647MISCMISC |
suse -- rancher | A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it. This issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4. |
2023-06-01 | not yet calculated | CVE-2023-22648MISCMISC |
opensuse -- libeconf | A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2. |
2023-06-01 | not yet calculated | CVE-2023-22652MISCMISC |
libssh -- libssh | A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. | 2023-05-26 | not yet calculated | CVE-2023-2283MISCMISCMISCFEDORA |
wordpress -- wordpress | The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing. | 2023-05-30 | not yet calculated | CVE-2023-2287MISC |
wordpress -- wordpress | The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper. | 2023-05-30 | not yet calculated | CVE-2023-2288MISC |
wordpress -- wordpress | The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-05-30 | not yet calculated | CVE-2023-2296MISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | not yet calculated | CVE-2023-2298MISCMISCMISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings. | 2023-06-03 | not yet calculated | CVE-2023-2299MISCMISCMISC |
wordpress -- wordpress | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | not yet calculated | CVE-2023-2300MISCMISCMISC |
wordpress -- wordpress | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-2301MISCMISCMISC |
wordpress -- wordpress | The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | not yet calculated | CVE-2023-2302MISCMISCMISC |
wordpress -- wordpress | The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-2303MISCMISCMISC |
wordpress -- wordpress | The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-05-31 | not yet calculated | CVE-2023-2304MISCMISCMISCMISC |
stormshield -- endpoint_security_evolution | Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. | 2023-05-30 | not yet calculated | CVE-2023-23561MISCMISC |
stormshield -- endpoint_security_evolution | Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. | 2023-05-31 | not yet calculated | CVE-2023-23562MISCMISC |
mozilla -- firefox | A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109. |
2023-06-02 | not yet calculated | CVE-2023-23597MISCMISC |
mozilla -- multiple_products | Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData . This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. |
2023-06-02 | not yet calculated | CVE-2023-23598MISCMISCMISCMISC |
mozilla -- multiple_products | When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | not yet calculated | CVE-2023-23599MISCMISCMISCMISC |
mozilla -- firefox_for_android | Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 109. | 2023-06-02 | not yet calculated | CVE-2023-23600MISCMISC |
mozilla -- multiple_products | Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | not yet calculated | CVE-2023-23601MISCMISCMISCMISC |
mozilla -- firefox | A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | not yet calculated | CVE-2023-23602MISCMISCMISCMISC |
mozilla -- multiple_products | Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. |
2023-06-02 | not yet calculated | CVE-2023-23603MISCMISCMISCMISC |
mozilla -- firefox | A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString . This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109. |
2023-06-02 | not yet calculated | CVE-2023-23604MISCMISC |
mozilla -- firefox | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | 2023-06-02 | not yet calculated | CVE-2023-23605MISCMISCMISCMISC |
mozilla -- firefox | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109. | 2023-06-02 | not yet calculated | CVE-2023-23606MISCMISC |
joomla! -- joomla! | An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. | 2023-05-30 | not yet calculated | CVE-2023-23754MISC |
joomla! -- joomla! | An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. | 2023-05-30 | not yet calculated | CVE-2023-23755MISC |
advanced_secure_gateway_content_analysis -- advanced_secure_gateway_content_analysis | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | 2023-06-01 | not yet calculated | CVE-2023-23952MISC |
advanced_secure_gateway_content_analysis -- advanced_secure_gateway_content_analysis | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. | 2023-06-01 | not yet calculated | CVE-2023-23953MISC |
advanced_secure_gateway_content_analysis -- advanced_secure_gateway_content_analysis | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. | 2023-06-01 | not yet calculated | CVE-2023-23954MISC |
advanced_secure_gateway_content_analysis -- advanced_secure_gateway_content_analysis | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | 2023-06-01 | not yet calculated | CVE-2023-23955MISC |
symantec -- symantec_siteminder_webagent | A user can supply malicious HTML and JavaScript code that will be executed in the client browser | 2023-05-30 | not yet calculated | CVE-2023-23956MISC |
wordpress -- wordpress | The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | not yet calculated | CVE-2023-2404MISCMISCMISC |
wordpress -- wordpress | The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-2405MISCMISCMISC |
wordpress -- wordpress | The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | not yet calculated | CVE-2023-2406MISCMISCMISCMISC |
wordpress -- wordpress | The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-2407MISCMISCMISCMISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler. | 2023-06-03 | not yet calculated | CVE-2023-2415MISCMISCMISC |
wordpress -- wordpress | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-2416MISCMISCMISC |
wordpress -- wordpress | The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings. | 2023-05-31 | not yet calculated | CVE-2023-2434MISCMISCMISC |
wordpress -- wordpress | The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2023-05-31 | not yet calculated | CVE-2023-2435MISCMISC |
wordpress -- wordpress | The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-05-31 | not yet calculated | CVE-2023-2436MISCMISC |
dell -- networker | Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates. | 2023-05-30 | not yet calculated | CVE-2023-24568MISC |
gallagher -- controller_6000 | Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature.
This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior. |
2023-06-01 | not yet calculated | CVE-2023-24584MISC |
wordpress -- wordpress | The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2023-05-30 | not yet calculated | CVE-2023-2470MISC |
riot_os -- riot_os | RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other packets or the allocator metadata. Corrupting a pointer will lead to denial of service. This issue is fixed in version 2023.04. As a workaround, disable SRH in the network stack. | 2023-05-30 | not yet calculated | CVE-2023-24817MISCMISC |
riot_os -- riot_os | RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds. | 2023-05-30 | not yet calculated | CVE-2023-24825MISCMISCMISCMISCMISCMISCMISC |
riot_os -- riot_os | RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issue is fixed in version 2023.04. As a workaround, disable fragment forwarding or SFR. | 2023-05-30 | not yet calculated | CVE-2023-24826MISCMISCMISCMISC |
wordpress -- wordpress | The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2023-05-30 | not yet calculated | CVE-2023-2518MISC |
wordpress -- wordpress | The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access the login links, which can be used for privilege escalation. | 2023-05-31 | not yet calculated | CVE-2023-2545MISCMISC |
wordpress -- wordpress | The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the temp user generated by the plugin. | 2023-05-31 | not yet calculated | CVE-2023-2547MISCMISC |
wordpress -- wordpress | The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a new user with administrator role via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can leverage CVE-2023-2545 to get the login link or request a password reset to the new user's email address. | 2023-05-31 | not yet calculated | CVE-2023-2549MISCMISC |
dell -- networker | Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity. | 2023-05-31 | not yet calculated | CVE-2023-25539MISC |
mozilla -- multiple_products | The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
2023-06-02 | not yet calculated | CVE-2023-25728MISCMISCMISCMISC |
mozilla -- multiple_products | Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals . This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
2023-06-02 | not yet calculated | CVE-2023-25729MISCMISCMISCMISC |
mozilla -- firefox | A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
2023-06-02 | not yet calculated | CVE-2023-25730MISCMISCMISCMISC |
mozilla -- firefox | Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110. | 2023-06-02 | not yet calculated | CVE-2023-25731MISCMISC |
mozilla -- multiple_products | When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
2023-06-02 | not yet calculated | CVE-2023-25732MISCMISCMISCMISC |
mozilla -- multiple_products | After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
2023-06-02 | not yet calculated | CVE-2023-25734MISCMISCMISCMISCMISCMISCMISC |
mozilla -- multiple_products | Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | not yet calculated | CVE-2023-25735MISCMISCMISCMISC |
mozilla -- multiple_products | An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
2023-06-02 | not yet calculated | CVE-2023-25737MISCMISCMISCMISC |
mozilla -- multiple_products | Members of the DEVMODEW struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
2023-06-02 | not yet calculated | CVE-2023-25738MISCMISCMISCMISC |
mozilla -- multiple_products | Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in ScriptLoadContext . This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. |
2023-06-02 | not yet calculated | CVE-2023-25739MISCMISCMISCMISC |
mozilla -- firefox | After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource. *This bug only affects Firefox for Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 110. |
2023-06-02 | not yet calculated | CVE-2023-25740MISCMISC |
mozilla -- firefox | When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110. | 2023-06-02 | not yet calculated | CVE-2023-25741MISCMISCMISCMISC |
mozilla -- multiple_products | When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | 2023-06-02 | not yet calculated | CVE-2023-25742MISCMISCMISCMISC |
mozilla -- firefox | A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome. *This bug only affects Firefox Focus. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. | 2023-06-02 | not yet calculated | CVE-2023-25743MISCMISCMISC |
mozilla -- firefox | Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. | 2023-06-02 | not yet calculated | CVE-2023-25744MISCMISCMISC |
mozilla -- firefox | Mozilla developers Timothy Nikkel, Gabriele Svelto, Jeff Muizelaar and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110. | 2023-06-02 | not yet calculated | CVE-2023-25745MISCMISC |
mozilla -- multiple_products | Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. | 2023-06-02 | not yet calculated | CVE-2023-25746MISCMISCMISC |
mozilla -- firefox_for_android | By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 111. | 2023-06-02 | not yet calculated | CVE-2023-25748MISCMISC |
mozilla -- firefox_for_android | Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 111. | 2023-06-02 | not yet calculated | CVE-2023-25749MISCMISC |
mozilla -- firefox | Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111. | 2023-06-02 | not yet calculated | CVE-2023-25750MISCMISC |
mozilla -- multiple_products | Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | not yet calculated | CVE-2023-25751MISCMISCMISCMISC |
mozilla -- multiple_products | When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | not yet calculated | CVE-2023-25752MISCMISCMISCMISC |
linux -- kernel | A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation. | 2023-06-01 | not yet calculated | CVE-2023-2598MISC |
linux -- kernel | Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock). | 2023-05-31 | not yet calculated | CVE-2023-2612MISCMISC |
cpp-httplib -- cpp-httplib | Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.
**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507). |
2023-05-30 | not yet calculated | CVE-2023-26130MISCMISCMISCMISC |
theme_engine -- theme_engine | All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the themes.NoPage(filename, theme) function due to improper user input sanitization. Exploiting this vulnerability is possible when a file/resource is not found. | 2023-05-31 | not yet calculated | CVE-2023-26131MISCMISCMISCMISCMISC |
ibm -- qradar_wincollect_agent | IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. IBM X-Force ID: 248156. | 2023-05-31 | not yet calculated | CVE-2023-26277MISCMISC |
ibm -- qradar_wincollect_agent | IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local authenticated attacker to gain elevated privileges on the system. IBM X-Force ID: 248158. | 2023-05-31 | not yet calculated | CVE-2023-26278MISCMISC |
openssl -- openssl | Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - When one of the sub-identifiers in the OBJECT IDENTIFIER is very large With OpenSSL 3.0, support to fetch cryptographic algorithms using names / Such OBJECT IDENTIFIERs may be received through the ASN.1 structure Applications that call OBJ_obj2txt() directly with untrusted data are In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, The impact on TLS is relatively low, because all versions of OpenSSL have a In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, |
2023-05-30 | not yet calculated | CVE-2023-2650MISCMISCMISCMISCMISCMISCMISC |
churchcrm -- churchcrm | A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php. | 2023-05-31 | not yet calculated | CVE-2023-26842MISC |
silicon_labs -- gecko_sdk | Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. | 2023-06-02 | not yet calculated | CVE-2023-2687MISCMISC |
asustor -- download_center | Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below. | 2023-05-31 | not yet calculated | CVE-2023-2749MISC |
contec -- conprosys_hmi_system | A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time. | 2023-05-31 | not yet calculated | CVE-2023-2758MISCMISC |
tshirtecommerce -- tshirtecommerce | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). Only files that can be parsed in XML can be opened. This is exploited in the wild in March 2023. | 2023-06-01 | not yet calculated | CVE-2023-27639MISC |
tshirtecommerce -- tshirtecommerce | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). The content of the file is returned with base64 encoding. This is exploited in the wild in March 2023. | 2023-06-01 | not yet calculated | CVE-2023-27640MISC |
south_river_technologies -- titanftp | An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution. | 2023-06-02 | not yet calculated | CVE-2023-27744MISCMISC |
south_river_technologies -- titanftp | An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server. | 2023-06-02 | not yet calculated | CVE-2023-27745MISCMISC |
wordpress -- wordpress | The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This allows unauthenticated attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Allow Automatic Login After Successful Verification setting to be enabled, which it is not by default. | 2023-06-03 | not yet calculated | CVE-2023-2781MISCMISCMISCMISC |
dell -- scg | Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text. | 2023-06-01 | not yet calculated | CVE-2023-28043MISC |
dell -- os_recovery_tool | Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system. | 2023-06-01 | not yet calculated | CVE-2023-28066MISC |
dell -- powerpath_for_windows | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | 2023-05-30 | not yet calculated | CVE-2023-28079MISC |
mattermost -- mattermost | Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link. | 2023-05-29 | not yet calculated | CVE-2023-2808MISC |
dell -- powerpath_for_windows | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | 2023-05-30 | not yet calculated | CVE-2023-28080MISC |
arm -- mali_gpu | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. | 2023-06-02 | not yet calculated | CVE-2023-28147MISC |
kiddoware_kids_place_parental_control -- kiddoware_kids_place_parental_control_for_android | An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting into Android Safe Mode and disabling the "Display over other apps" permission. | 2023-05-29 | not yet calculated | CVE-2023-28153MISC |
mozilla -- firefox_for_android | The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 111. | 2023-06-02 | not yet calculated | CVE-2023-28159MISCMISC |
hashicorp -- consul/consul_enterprise | Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies. | 2023-06-02 | not yet calculated | CVE-2023-2816MISC |
mozilla -- firefox | When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111. | 2023-06-02 | not yet calculated | CVE-2023-28160MISCMISC |
mozilla -- firefox | If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111. | 2023-06-02 | not yet calculated | CVE-2023-28161MISCMISC |
mozilla -- multiple_products | While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | not yet calculated | CVE-2023-28162MISCMISCMISCMISC |
mozilla -- multiple_products | When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. *This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | not yet calculated | CVE-2023-28163MISCMISCMISCMISC |
mozilla -- multiple_products | Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | not yet calculated | CVE-2023-28164MISCMISCMISCMISC |
mozilla -- multiple_products | Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | 2023-06-02 | not yet calculated | CVE-2023-28176MISCMISCMISCMISC |
mozilla -- firefox | Mozilla developers and community members Calixte Denizet, Gabriele Svelto, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111. | 2023-06-02 | not yet calculated | CVE-2023-28177MISCMISC |
faronics -- insight_for_windows | An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots of student desktops without their consent. These screenshots may potentially contain sensitive/personal data. Attackers can also rapidly submit falsified images, hiding the actual contents of student desktops from the Teacher Console. | 2023-05-31 | not yet calculated | CVE-2023-28344MISCMISC |
faronics -- insight_for_windows | An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher's password. This enables them to log into the Teacher Console and begin trivially attacking student machines. | 2023-05-31 | not yet calculated | CVE-2023-28345MISCMISC |
faronics -- insight_for_windows | An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials. | 2023-05-31 | not yet calculated | CVE-2023-28346MISCMISC |
faronics -- insight_for_windows | An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console application and achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Student Consoles and the Teacher Console in a Zero Click manner. | 2023-05-31 | not yet calculated | CVE-2023-28347MISCMISC |
faronics -- insight_for_windows | An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students. | 2023-05-31 | not yet calculated | CVE-2023-28348MISCMISC |
faronics -- insight_for_windows | An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be compelled to write arbitrary files to arbitrary locations on disk with NT AUTHORITY/SYSTEM level permissions, enabling remote code execution. | 2023-05-31 | not yet calculated | CVE-2023-28349MISCMISC |
wordpress -- wordpress | The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-02 | not yet calculated | CVE-2023-2835MISCMISCMISC |
faronics -- insight_for_windows | An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged functionality offered by the Teacher Console, the ability to silently exploit Cross Site Scripting (XSS) on the Teacher Machine enables remote code execution on any connected student machine (and the teacher's machine). | 2023-05-31 | not yet calculated | CVE-2023-28350MISCMISC |
faronics -- insight_for_windows | An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain PII and/or to compromise personal accounts owned by the victim. | 2023-05-31 | not yet calculated | CVE-2023-28351MISCMISC |
faronics -- insight_for_windows | An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled. | 2023-05-31 | not yet calculated | CVE-2023-28352MISCMISC |
faronics -- insight_for_windows | An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM. | 2023-05-31 | not yet calculated | CVE-2023-28353MISCMISC |
wordpress -- wordpress | The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-05-31 | not yet calculated | CVE-2023-2836MISCMISCMISC |
contec -- conprosys_hmi_system | Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program. | 2023-06-01 | not yet calculated | CVE-2023-28399MISCMISCMISC |
arm -- mali_gpu | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. | 2023-06-02 | not yet calculated | CVE-2023-28469MISC |
contec -- conprosys_hmi_system | Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege. | 2023-06-01 | not yet calculated | CVE-2023-28651MISCMISCMISC |
contec -- conprosys_hmi_system | Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege. As a result, information regarding the product may be obtained and/or altered by the user. | 2023-06-01 | not yet calculated | CVE-2023-28657MISCMISCMISC |
contec -- conprosys_hmi_system | Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user. | 2023-06-01 | not yet calculated | CVE-2023-28713MISCMISCMISC |
contec -- conprosys_hmi_system | Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database. | 2023-06-01 | not yet calculated | CVE-2023-28824MISCMISCMISC |
saison_information_systems -- dataspider_servista | DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS, which is common to all users. If an attacker who can gain access to a target DataSpider Servista instance and obtain a Launch Settings file of ScriptRunner and/or ScriptRunner for Amazon SQS, the attacker may perform operations with the user privilege encrypted in the file. | 2023-06-01 | not yet calculated | CVE-2023-28937MISCMISC |
asustor -- adm | EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below. | 2023-05-31 | not yet calculated | CVE-2023-2909MISC |
contec -- conprosys_hmi_system | SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page. | 2023-06-01 | not yet calculated | CVE-2023-29154MISCMISCMISC |
starlette -- starlette | Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. | 2023-06-01 | not yet calculated | CVE-2023-29159MISCMISCMISC |
wireshark -- wireshark | XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file | 2023-05-30 | not yet calculated | CVE-2023-2952CONFIRMMISCMISCMLIST |
openldap -- openldap | A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. | 2023-05-30 | not yet calculated | CVE-2023-2953MISCMISC |
mozilla -- multiple_products | A website could have obscured the fullscreen notification by using a combination of window.open , fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. |
2023-06-02 | not yet calculated | CVE-2023-29533MISCMISCMISCMISCMISC |
mozilla -- multiple_products | Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | not yet calculated | CVE-2023-29535MISCMISCMISCMISC |
mozilla -- multiple_products | An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | not yet calculated | CVE-2023-29536MISCMISCMISCMISC |
mozilla -- multiple_products | Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | not yet calculated | CVE-2023-29537MISCMISCMISCMISC |
mozilla -- multiple_products | Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. |
2023-06-02 | not yet calculated | CVE-2023-29538MISCMISC |
mozilla -- multiple_products | When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | not yet calculated | CVE-2023-29539MISCMISCMISCMISC |
mozilla -- multiple_products | Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols . This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. |
2023-06-02 | not yet calculated | CVE-2023-29540MISCMISC |
mozilla -- multiple_products | Firefox did not properly handle downloads of files ending in .desktop , which can be interpreted to run attacker-controlled commands.*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.* This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. |
2023-06-02 | not yet calculated | CVE-2023-29541MISCMISCMISCMISC |
mozilla -- multiple_products | An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | not yet calculated | CVE-2023-29543MISCMISC |
mozilla -- multiple_products | If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | not yet calculated | CVE-2023-29544MISCMISC |
mozilla -- multiple_products | When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | not yet calculated | CVE-2023-29547MISCMISC |
mozilla -- multiple_products | A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | not yet calculated | CVE-2023-29548MISCMISCMISCMISC |
mozilla -- multiple_products | Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. |
2023-06-02 | not yet calculated | CVE-2023-29549MISCMISC |
mozilla -- multiple_products | Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | 2023-06-02 | not yet calculated | CVE-2023-29550MISCMISCMISCMISC |
mozilla -- multiple_products | Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | 2023-06-02 | not yet calculated | CVE-2023-29551MISCMISC |
socket.remoteaddress -- socket.remoteaddress | A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception. | 2023-05-30 | not yet calculated | CVE-2023-2968MISC |
mindspore -- mindspore | A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176. | 2023-05-30 | not yet calculated | CVE-2023-2970MISCMISCMISCMISC |
utils -- utils | Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3. | 2023-05-30 | not yet calculated | CVE-2023-2972CONFIRMMISC |
glitter_unicorn_wallpaper -- glitter_unicorn_wallpaper_for_android | The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack. | 2023-06-01 | not yet calculated | CVE-2023-29722MISC |
glitter_unicorn_wallpaper -- glitter_unicorn_wallpaper_for_android | The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack. | 2023-06-01 | not yet calculated | CVE-2023-29723MISC |
bt21_x_bts_wallpaper -- bt21_x_bts_wallpaper_for_android | The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack. | 2023-06-02 | not yet calculated | CVE-2023-29724MISCMISCMISC |
bt21_x_bts_wallpaper -- bt21_x_bts_wallpaper_for_android | The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack. | 2023-06-02 | not yet calculated | CVE-2023-29725MISCMISCMISCMISC |
call_blocker -- call_blocker_for_android | The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the application starts, it loads the data from the database into memory. Once the attacker injects too much data, the application triggers an OOM error and crashes, resulting in a persistent denial of service. | 2023-05-30 | not yet calculated | CVE-2023-29726MISCMISCMISC |
call_blocker -- call_blocker_for_android | The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause an escalation of privilege attack. | 2023-05-30 | not yet calculated | CVE-2023-29727MISCMISCMISC |
call_blocker -- call_blocker_for_android | The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack. | 2023-05-30 | not yet calculated | CVE-2023-29728MISCMISCMISC |
sourcecodester -- students_online_internship_timesheet_system | A vulnerability, which was classified as problematic, has been found in SourceCodester Students Online Internship Timesheet System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_company. The manipulation of the argument name with the input
leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230204. |
2023-05-30 | not yet calculated | CVE-2023-2973MISCMISCMISC |
solive -- solive_for_android | SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service. | 2023-05-30 | not yet calculated | CVE-2023-29731MISC |
solive -- solive_for_android | SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions. | 2023-05-30 | not yet calculated | CVE-2023-29732MISC |
lock_master -- lock_master_for_android | The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by unauthorized apps can cause security issues, such as functionality manipulation, resulting in a severe escalation of privilege attack. | 2023-05-30 | not yet calculated | CVE-2023-29733MISC |
edjing_mix --edjing_mix_for_android | An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database. | 2023-05-30 | not yet calculated | CVE-2023-29734MISC |
edjing_mix --edjing_mix_for_android | An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files. | 2023-05-30 | not yet calculated | CVE-2023-29735MISC |
keyboard_themes -- keyboard_themes_for_android | Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution. | 2023-06-01 | not yet calculated | CVE-2023-29736MISC |
wave_animated_keyboard_emoji -- wave_animated_keyboard_emoji_for_android | An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files. | 2023-05-30 | not yet calculated | CVE-2023-29737MISCMISCMISC |
wave_animated_keyboard_emoji -- wave_animated_keyboard_emoji_for_android | An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files. | 2023-05-30 | not yet calculated | CVE-2023-29738MISCMISCMISCMISC |
alarm_clock_for_heavy_sleepers -- alarm_clock_for_heavy_sleepers_for_android | An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. | 2023-05-30 | not yet calculated | CVE-2023-29739MISCMISCMISC |
alarm_clock_for_heavy_sleepers -- alarm_clock_for_heavy_sleepers_for_android | An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database. | 2023-05-30 | not yet calculated | CVE-2023-29740MISCMISCMISCMISC |
bestweather -- bestweather | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database. | 2023-05-30 | not yet calculated | CVE-2023-29741MISCMISCMISC |
bestweather -- bestweather | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database. | 2023-05-31 | not yet calculated | CVE-2023-29742MISCMISCMISC |
bestweather -- bestweather | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. | 2023-05-30 | not yet calculated | CVE-2023-29743MISCMISCMISC |
bestweather -- bestweather | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. | 2023-05-31 | not yet calculated | CVE-2023-29745MISCMISCMISCMISC |
thethaiger -- thethaiger | An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files. | 2023-06-02 | not yet calculated | CVE-2023-29746MISCMISCMISCMISC |
instagram -- video_downloader_for_android | Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions. | 2023-05-31 | not yet calculated | CVE-2023-29747MISCMISCMISC |
instagram -- video_downloader_for_android | Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service. | 2023-06-01 | not yet calculated | CVE-2023-29748MISCMISCMISCMISC |
opensc -- opensc | A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible. | 2023-06-01 | not yet calculated | CVE-2023-2977MISCMISCMISCMISC |
abstrium_pydio_cells -- abstrium_pydio_cells | A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-230210 is the identifier assigned to this vulnerability. | 2023-05-30 | not yet calculated | CVE-2023-2978MISCMISCMISC |
abstrium_pydio_cells -- abstrium_pydio_cells | A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211. | 2023-05-30 | not yet calculated | CVE-2023-2979MISCMISCMISC |
abstrium_pydio_cells -- abstrium_pydio_cells | A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper control of resource identifiers. The attack can be initiated remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230212. | 2023-05-30 | not yet calculated | CVE-2023-2980MISCMISCMISC |
abstrium_pydio_cells -- abstrium_pydio_cells | A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the component Chat. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230213 was assigned to this vulnerability. | 2023-05-30 | not yet calculated | CVE-2023-2981MISCMISCMISC |
pimcore -- pimcore | Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. | 2023-05-30 | not yet calculated | CVE-2023-2983CONFIRMMISC |
pimcore -- pimcore | Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. | 2023-05-30 | not yet calculated | CVE-2023-2984CONFIRMMISC |
linux -- kernel | A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. | 2023-06-01 | not yet calculated | CVE-2023-2985MISC |
wordpress -- wordpress | The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to the plugin to change the 'validation_token' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. | 2023-05-31 | not yet calculated | CVE-2023-2987MISCMISCMISCMISC |
sourcecodester -- train_station_ticketing_system | A vulnerability classified as critical was found in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_prices.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230347. | 2023-05-31 | not yet calculated | CVE-2023-3003MISCMISCMISC |
sourcecodester -- simple_chat_system | A vulnerability, which was classified as critical, has been found in SourceCodester Simple Chat System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=read_msg of the component POST Parameter Handler. The manipulation of the argument convo_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230348. | 2023-05-31 | not yet calculated | CVE-2023-3004MISCMISCMISC |
sourcecodester -- local_service_search_engine_management_system | A vulnerability, which was classified as problematic, was found in SourceCodester Local Service Search Engine Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_area of the component POST Parameter Handler. The manipulation of the argument area with the input
leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230349 was assigned to this vulnerability. |
2023-05-31 | not yet calculated | CVE-2023-3005MISCMISCMISC |
linux -- kernel | A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible. | 2023-05-31 | not yet calculated | CVE-2023-3006MISC |
student_management_system -- student_management_system | A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argument sid leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230354 is the identifier assigned to this vulnerability. | 2023-05-31 | not yet calculated | CVE-2023-3007MISCMISCMISC |
student_management_system -- student_management_system | A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument user/pass leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230355. | 2023-05-31 | not yet calculated | CVE-2023-3008MISCMISCMISC |
teampass -- teampass | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-05-31 | not yet calculated | CVE-2023-3009CONFIRMMISC |
gpac -- gpac | NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. | 2023-05-31 | not yet calculated | CVE-2023-3012MISCCONFIRM |
gpac -- gpac | Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2. | 2023-05-31 | not yet calculated | CVE-2023-3013CONFIRMMISC |
beipyvideoresolution -- beipyvideoresolution | A vulnerability, which was classified as problematic, was found in BeipyVideoResolution up to 2.6. Affected is an unknown function of the file admin/admincore.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230358 is the identifier assigned to this vulnerability. | 2023-05-31 | not yet calculated | CVE-2023-3014MISCMISCMISC |
prestashop -- cityautocomplete | SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller. | 2023-06-02 | not yet calculated | CVE-2023-30149MISCMISC |
vip_video_analysis -- vip_video_analysis | A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230359. | 2023-05-31 | not yet calculated | CVE-2023-3015MISCMISCMISC |
vip_video_analysis -- vip_video_analysis | A vulnerability was found in yiwent Vip Video Analysis 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/admincore.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230360. | 2023-05-31 | not yet calculated | CVE-2023-3016MISCMISCMISC |
sourcecodester -- lost_and_found_information_system | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability. | 2023-05-31 | not yet calculated | CVE-2023-3017MISCMISCMISC |
sourcecodester -- lost_and_found_information_system | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability. | 2023-05-31 | not yet calculated | CVE-2023-3018MISCMISCMISCMISC |
prestashop -- salesbooster | Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php. | 2023-05-30 | not yet calculated | CVE-2023-30196MISCMISC |
prestashop -- myinventory | Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path traversal attack. | 2023-05-31 | not yet calculated | CVE-2023-30197MISCMISC |
i-librarian-free -- i-librarian-free | Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-librarian-free prior to 5.10.4. | 2023-05-31 | not yet calculated | CVE-2023-3020CONFIRMMISC |
i-librarian-free -- i-librarian-free | Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4. | 2023-05-31 | not yet calculated | CVE-2023-3021CONFIRMMISC |
dolibarr -- dolibarr | Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: | 2023-05-29 | not yet calculated | CVE-2023-30253MISCMISCMISC |
drawio -- drawio | Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8. | 2023-06-01 | not yet calculated | CVE-2023-3026MISCCONFIRM |
hangzhou_hopechart_iot_technology -- hqt401 | Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too.
Multiple vulnerabilities were identified: - The MQTT backend does not require authentication, allowing unauthorized connections from an attacker. - The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend. - The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's location. - The backend can inject data into a vehicle´s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend. The confirmed version is 201808021036, however further versions have been also identified as potentially impacted. |
2023-06-01 | not yet calculated | CVE-2023-3028MISC |
atlassian -- jira | An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser. | 2023-05-31 | not yet calculated | CVE-2023-30285MISCMISCMISC |
guangdong -- pythagorean_oa_office_system | A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability. | 2023-06-01 | not yet calculated | CVE-2023-3029MISCMISCMISC |
prestashop -- king-avis | Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15. | 2023-06-02 | not yet calculated | CVE-2023-3031MISC |
mobatime -- mobatime | Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22. | 2023-06-02 | not yet calculated | CVE-2023-3032MISC |
mobatime -- mobatime | Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22. | 2023-06-02 | not yet calculated | CVE-2023-3033MISC |
guangdong -- pythagorean_oa_office_system | A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Schedule Handler. The manipulation of the argument description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230467. | 2023-06-01 | not yet calculated | CVE-2023-3035MISCMISCMISC |
xpdf -- xpdf | An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.
This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. |
2023-06-02 | not yet calculated | CVE-2023-3044MISCMISC |
wordpress -- wordpress | The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-03 | not yet calculated | CVE-2023-3051MISCMISCMISC |
wordpress -- wordpress | The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-3052MISCMISCMISCMISCMISCMISC |
wordpress -- wordpress | The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status. | 2023-06-03 | not yet calculated | CVE-2023-3053MISCMISCMISC |
wordpress -- wordpress | The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-03 | not yet calculated | CVE-2023-3055MISCMISC |
yfcmf -- yfcmf | A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230542 is the identifier assigned to this vulnerability. | 2023-06-02 | not yet calculated | CVE-2023-3056MISCMISCMISC |
yfcmf -- yfcmf | A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543. | 2023-06-02 | not yet calculated | CVE-2023-3057MISCMISCMISC |
libarchive -- libarchive | Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories. | 2023-05-29 | not yet calculated | CVE-2023-30571MISCMISC |
07fly -- crm | A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560. | 2023-06-02 | not yet calculated | CVE-2023-3058MISCMISCMISC |
sourcecodester -- online_exam_form_submission | A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability. | 2023-06-02 | not yet calculated | CVE-2023-3059MISCMISCMISC |
code-projects -- agro-school_management_system | A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btn_functions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated remotely. VDB-230566 is the identifier assigned to this vulnerability. | 2023-06-02 | not yet calculated | CVE-2023-3060MISCMISCMISC |
oracle -- apache_cassandra | Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND MITIGATION |
2023-05-30 | not yet calculated | CVE-2023-30601MISC |
code-projects -- agro-school_management_system | A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567. | 2023-06-02 | not yet calculated | CVE-2023-3061MISCMISCMISC |
code-projects -- agro-school_management_system | A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-230568. | 2023-06-02 | not yet calculated | CVE-2023-3062MISCMISCMISC |
trilium -- trilium | Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4. | 2023-06-02 | not yet calculated | CVE-2023-3067MISCCONFIRM |
campcodes_retro_cellphone_online_store -- campcodes_retro_cellphone_online_store | A vulnerability classified as critical has been found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/modal_add_product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230580. | 2023-06-02 | not yet calculated | CVE-2023-3068MISCMISCMISC |
corebos -- corebos | Unverified Password Change in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | not yet calculated | CVE-2023-3069MISCCONFIRM |
corebos -- corebos | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | not yet calculated | CVE-2023-3070CONFIRMMISC |
corebos -- corebos | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | not yet calculated | CVE-2023-3071MISCCONFIRM |
corebos -- corebos | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | not yet calculated | CVE-2023-3073MISCCONFIRM |
corebos -- corebos | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | not yet calculated | CVE-2023-3074CONFIRMMISC |
corebos -- corebos | Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. | 2023-06-02 | not yet calculated | CVE-2023-3075CONFIRMMISC |
pleasanter -- pleasanter | Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | 2023-06-01 | not yet calculated | CVE-2023-30758MISCMISCMISC |
teampass -- teampass | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-03 | not yet calculated | CVE-2023-3083MISCCONFIRM |
teampass -- teampass | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-03 | not yet calculated | CVE-2023-3084MISCCONFIRM |
x-wrt_luci -- x-wrt_luci | A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The name of the patch is 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663. | 2023-06-03 | not yet calculated | CVE-2023-3085MISCMISCMISCMISC |
teampass -- teampass | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-03 | not yet calculated | CVE-2023-3086CONFIRMMISC |
rozcom -- rozcom | ROZCOM client CWE-798: Use of Hard-coded Credentials | 2023-05-30 | not yet calculated | CVE-2023-31184MISC |
rozcom -- rozcom | ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified request. | 2023-05-30 | not yet calculated | CVE-2023-31185MISC |
churchcrm -- churchcrm | A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-05-31 | not yet calculated | CVE-2023-31548MISC |
jenkins -- jenkins | Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git administrator can setup a malicious Jenkins hook to make a victim, also a Git administrator, execute uncontrolled code. Tuleap Community Edition 14.8.99.60, Tuleap Enterprise Edition 14.8-3, and Tuleap Enterprise Edition 14.7-7 contain a patch for this issue. | 2023-05-29 | not yet calculated | CVE-2023-32072MISCMISCMISCMISC |
opensuse -- libeconf | A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2. |
2023-06-01 | not yet calculated | CVE-2023-32181MISCMISC |
mozilla -- multiple_products | In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | not yet calculated | CVE-2023-32205MISCMISCMISCMISCMISC |
mozilla -- multiple_products | An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | not yet calculated | CVE-2023-32206MISCMISCMISCMISC |
mozilla -- multiple_products | A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | not yet calculated | CVE-2023-32207MISCMISCMISCMISC |
mozilla -- multiple_products | A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | not yet calculated | CVE-2023-32211MISCMISCMISCMISC |
mozilla -- multiple_products | An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. |
2023-06-02 | not yet calculated | CVE-2023-32212MISCMISCMISCMISC |
mozilla -- multiple_products | When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | not yet calculated | CVE-2023-32213MISCMISCMISCMISC |
mozilla -- multiple_products | Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-02 | not yet calculated | CVE-2023-32215MISCMISCMISCMISC |
sofia-sip -- sofia-sip | Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54] (https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54] (https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade. |
2023-05-26 | not yet calculated | CVE-2023-32307MISCMISC |
dataease -- dataease | DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or interfering with the interface for marking messages read. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading. | 2023-06-01 | not yet calculated | CVE-2023-32310MISCMISCMISCMISC |
openprinting_cups -- openprinting_cups | OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication. | 2023-06-01 | not yet calculated | CVE-2023-32324MISCMISC |
ibm -- gskit | IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828. | 2023-05-30 | not yet calculated | CVE-2023-32342MISC |
dell -- powerpath_for_windows | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems. | 2023-05-30 | not yet calculated | CVE-2023-32448MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle Maurer Don8 plugin <= 0.4 versions. | 2023-06-03 | not yet calculated | CVE-2023-32582MISC |
lima-vm -- lima | Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and the well-known third party products (Colima, Rancher Desktop, and Finch) are unlikely to be affected by this issue. To exploit this issue, the attacker has to embed the target file path (an absolute or a relative path from the instance directory) in a malicious disk image, as the qcow2 (or vmdk) backing file path string. As Lima refuses to run as the root, it is practically impossible for the attacker to read the entire host disk via `/dev/rdiskN`. Also, practically, the attacker cannot read at least the first 512 bytes (MBR) of the target file. The issue has been patched in Lima in version 0.16.0 by prohibiting using a backing file path in the VM base image. | 2023-05-30 | not yet calculated | CVE-2023-32684MISCMISCMISC |
kanboard -- kanboard | Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29. | 2023-05-30 | not yet calculated | CVE-2023-32685MISCMISCMISC |
tgstation -- tgstation-server | tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety. | 2023-05-29 | not yet calculated | CVE-2023-32687MISCMISCMISC |
parse_server -- parse_server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for phishing attacks. The HTML page may seem legitimate because it is served under the internet domain where Parse Server is hosted, which may be the same as a company's official website domain.
An additional security issue arises when the Parse JavaScript SDK is used. The SDK stores sessions in the internet browser's local storage, which usually restricts data access depending on the internet domain. A malicious HTML file could contain a script that retrieves the user's session token from local storage and then share it with the attacker. The fix included in versions 5.4.4 and 6.1.1 adds a new Parse Server option `fileUpload.fileExtensions` to restrict file upload on Parse Server by file extension. It is recommended to restrict file upload for HTML file extensions, which this fix disables by default. If an app requires upload of files with HTML file extensions, the option can be set to `['.*']` or another custom value to override the default. |
2023-05-30 | not yet calculated | CVE-2023-32689MISCMISCMISC |
libspdm -- libspdm | libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that requires a cryptography operation by the Responder, such as CHALLENGE, libspdm will calculate the timeout value using the Responder's unvalidated CTExponent.
A patch is available in version 2.3.3. A workaround is also available. After completion of VCA, the Requester can check the value of the Responder's CTExponent. If it greater than or equal to 64, then the Requester can stop communication with the Responder. |
2023-06-01 | not yet calculated | CVE-2023-32690MISCMISCMISC |
golang -- gost | gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`. | 2023-05-30 | not yet calculated | CVE-2023-32691MISCMISC |
codeigniter4 -- codeigniter4 | CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5. | 2023-05-30 | not yet calculated | CVE-2023-32692MISCMISC |
ckan -- ckan | CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch. | 2023-05-30 | not yet calculated | CVE-2023-32696MISCMISC |
goreleaser -- nfpm | nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders. |
2023-05-30 | not yet calculated | CVE-2023-32698MISCMISCMISC |
metersphere -- metersphere | MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ?The `checkUserPassword` method is used to check whether the password provided by the user matches the password saved in the database, and the `CodingUtil.md5` method is used to encrypt the original password with MD5 to ensure that the password will not be saved in plain text when it is stored. If a user submits a very long password when logging in, the system will be forced to execute the long password MD5 encryption process, causing the server CPU and memory to be exhausted, thereby causing a denial of service attack on the server. This issue is fixed in version 2.10.0-lts with a maximum password length. | 2023-05-30 | not yet calculated | CVE-2023-32699MISCMISC |
splunk -- splunk_enterprise | On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon. | 2023-06-01 | not yet calculated | CVE-2023-32706MISC |
splunk -- splunk_enterprise | In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests. | 2023-06-01 | not yet calculated | CVE-2023-32707MISCMISC |
splunk -- splunk_enterprise | In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily. | 2023-06-01 | not yet calculated | CVE-2023-32708MISCMISC |
splunk -- splunk_enterprise | In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint. | 2023-06-01 | not yet calculated | CVE-2023-32709MISCMISC |
splunk -- splunk_enterprise | In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. | 2023-06-01 | not yet calculated | CVE-2023-32710MISC |
splunk -- splunk_enterprise | In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload. | 2023-06-01 | not yet calculated | CVE-2023-32711MISCMISC |
splunk -- splunk_enterprise | In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an attacker can use a specially crafted web URL in their browser to cause log file poisoning. The attack requires the attacker to have secure shell (SSH) access to the instance and use a terminal program that supports a certain feature set to execute the attack successfully. | 2023-06-01 | not yet calculated | CVE-2023-32712MISC |
splunk -- splunk_app_for_stream | In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user. | 2023-06-01 | not yet calculated | CVE-2023-32713MISC |
splunk -- splunk_app_for_lookup_file_editing | In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory. | 2023-06-01 | not yet calculated | CVE-2023-32714MISCMISC |
splunk -- splunk_app_for_lookup_file_editing | In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will. | 2023-06-01 | not yet calculated | CVE-2023-32715MISC |
splunk -- splunk_enterprise | In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon. | 2023-06-01 | not yet calculated | CVE-2023-32716MISCMISC |
splunk -- splunk_enterprise | On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. | 2023-06-01 | not yet calculated | CVE-2023-32717MISCMISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose Graze Novelist plugin <= 1.2.0 versions. | 2023-05-28 | not yet calculated | CVE-2023-32958MISC |
toui -- toui | ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1. | 2023-05-30 | not yet calculated | CVE-2023-33175MISCMISC |
xibo -- xibo | Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the webserver user. This can be used to upload a PHP webshell inside the web root directory and achieve remote code execution as the webserver user. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. Customers who host their CMS with Xibo Signage have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. | 2023-05-30 | not yet calculated | CVE-2023-33177MISCMISCMISCMISCMISC |
xibo -- xibo | Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `/dataset/data/{id}` API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `filter` parameter. Values allowed in the filter parameter are checked against a deny list of commands that should not be allowed, however this checking was done in a case sensitive manor and so it is possible to bypass these checks by using unusual case combinations. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. There are no workarounds aside from upgrading. | 2023-05-30 | not yet calculated | CVE-2023-33178MISCMISCMISC |
xibo -- xibo | Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `nameFilter` function used throughout the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical operators. Users should upgrade to version 3.3.5 which fixes this issue. There are no known workarounds aside from upgrading. | 2023-05-30 | not yet calculated | CVE-2023-33179MISCMISCMISC |
xibo -- xibo | Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `/display/map` API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `bounds` parameter. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading. | 2023-05-30 | not yet calculated | CVE-2023-33180MISCMISCMISC |
xibo -- xibo | Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading. | 2023-05-30 | not yet calculated | CVE-2023-33181MISCMISCMISC |
nextcloud -- nextcloud | Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob (in memory data) that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It is recommended that the Contacts app is upgraded to 5.0.3 or 4.2.4 | 2023-05-30 | not yet calculated | CVE-2023-33182MISCMISCMISC |
nextcloud -- nextcloud | Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3 | 2023-05-30 | not yet calculated | CVE-2023-33183MISCMISC |
zulip -- zulip | Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker. | 2023-05-30 | not yet calculated | CVE-2023-33186MISCMISCMISCMISC |
pomerium -- pomerium | Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2. | 2023-05-30 | not yet calculated | CVE-2023-33189MISCMISCMISCMISCMISCMISCMISCMISC |
kyverno -- kyverno | Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity `validate.podSecurity` subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4. | 2023-05-30 | not yet calculated | CVE-2023-33191MISCMISCMISC |
embysupport -- security | Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system, depending on certain user account settings. By spoofing certain headers which are intended for interoperation with reverse proxy servers, it may be possible to affect the local/non-local network determination to allow logging in without password or to view a list of user accounts which may have no password configured. Impacted are all Emby Server system which are publicly accessible and where the administrator hasn't tightened the account login configuration for administrative users. This issue has been patched in Emby Server Beta version 4.8.31 and Emby Server version 4.7.12. | 2023-05-30 | not yet calculated | CVE-2023-33193MISC |
tgstation -- tgstation-server | tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance's chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise. | 2023-05-30 | not yet calculated | CVE-2023-33198MISCMISCMISC |
oracle -- apache_airflow_cncf_kubernetes | Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection.
In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner. Operators should upgrade to provider version 7.0.0 which has removed the vulnerability. |
2023-05-30 | not yet calculated | CVE-2023-33234MISC |
minecraft -- minecraft | Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink. | 2023-05-30 | not yet calculated | CVE-2023-33245MISCMISCMISC |
atlassian -- confluence | A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables. | 2023-05-31 | not yet calculated | CVE-2023-33287MISCMISCMISC |
iniparser-- iniparser | iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return. | 2023-06-01 | not yet calculated | CVE-2023-33461MISC |
readymedia -- readymedia | ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write. | 2023-06-02 | not yet calculated | CVE-2023-33476MISCMISCMISC |
totolink -- x5000r | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. | 2023-05-31 | not yet calculated | CVE-2023-33485MISC |
totolink -- x5000r | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. | 2023-05-31 | not yet calculated | CVE-2023-33486MISC |
totolink -- x5000r | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. | 2023-05-31 | not yet calculated | CVE-2023-33487MISC |
kramerav -- via_go² | KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read. | 2023-05-31 | not yet calculated | CVE-2023-33507MISC |
kramerav -- via_go² | KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). | 2023-05-31 | not yet calculated | CVE-2023-33508MISC |
kramerav -- via_go² | KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection. | 2023-05-31 | not yet calculated | CVE-2023-33509MISC |
hawtio -- hawtio | hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite. | 2023-06-01 | not yet calculated | CVE-2023-33544MISC |
janino -- janino | janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. | 2023-06-01 | not yet calculated | CVE-2023-33546MISC |
erofs-utils -- erofs-utils | Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. | 2023-06-01 | not yet calculated | CVE-2023-33551MISC |
erofs-utils -- erofs-utils | Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. | 2023-06-01 | not yet calculated | CVE-2023-33552MISC |
nanomq -- nanomq | A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources. | 2023-05-30 | not yet calculated | CVE-2023-33656MISCMISCMISC |
tenda -- ac8v4.0-v16.03.34.06 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function. | 2023-06-02 | not yet calculated | CVE-2023-33669MISC |
tenda -- ac8v4.0-v16.03.34.06 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. | 2023-06-02 | not yet calculated | CVE-2023-33670MISC |
tenda -- ac8v4.0-v16.03.34.06 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. | 2023-06-02 | not yet calculated | CVE-2023-33671MISC |
tenda -- ac8v4.0-v16.03.34.06 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. | 2023-06-02 | not yet calculated | CVE-2023-33672MISC |
tenda -- ac8v4.0-v16.03.34.06 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | 2023-06-02 | not yet calculated | CVE-2023-33673MISC |
tenda -- ac8v4.0-v16.03.34.06 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function. | 2023-06-02 | not yet calculated | CVE-2023-33675MISC |
mp4v2 -- mp4v2 | mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp. | 2023-06-01 | not yet calculated | CVE-2023-33716MISC |
mp4v2 -- mp4v2 | mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes() | 2023-06-02 | not yet calculated | CVE-2023-33717MISCMISC |
mp4v2 -- mp4v2 | mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp | 2023-05-31 | not yet calculated | CVE-2023-33718MISC |
mp4v2 -- mp4v2 | mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp | 2023-06-01 | not yet calculated | CVE-2023-33719MISCMISC |
edimax -- br-6288acl | EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the pppUserName parameter. | 2023-05-31 | not yet calculated | CVE-2023-33722MISCMISC |
microworld_technologies -- escan_management_console | Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format. | 2023-05-31 | not yet calculated | CVE-2023-33730MISC |
microworld_technologies -- escan_management_console | Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. | 2023-06-02 | not yet calculated | CVE-2023-33731MISCMISC |
microworld_technologies -- escan_management_console | Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval. | 2023-05-31 | not yet calculated | CVE-2023-33732MISC |
bluecms -- bluecms | BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php. | 2023-05-30 | not yet calculated | CVE-2023-33734MISC |
d-link -- dir-846 | D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface. | 2023-05-31 | not yet calculated | CVE-2023-33735MISCMISC |
dcat-admin -- dcat-admin | A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter. | 2023-05-31 | not yet calculated | CVE-2023-33736MISC |
luowice -- luowice | Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message. | 2023-05-30 | not yet calculated | CVE-2023-33740MISC |
macro-video_technologies -- v380pro | Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device. | 2023-05-30 | not yet calculated | CVE-2023-33741MISC |
inpiazza_cloud_wifi -- inpiazza_cloud_wifi | The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials. | 2023-06-01 | not yet calculated | CVE-2023-33754MISC |
emedia_consulting_simpleredak -- emedia_consulting_simpleredak | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php. | 2023-06-02 | not yet calculated | CVE-2023-33761MISC |
emedia_consulting_simpleredak -- emedia_consulting_simpleredak | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter. | 2023-06-02 | not yet calculated | CVE-2023-33762MISC |
emedia_consulting_simpleredak -- emedia_consulting_simpleredak | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php. | 2023-06-02 | not yet calculated | CVE-2023-33763MISC |
emedia_consulting_simpleredak -- emedia_consulting_simpleredak | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component #/de/casting/show/detail/ |
2023-06-01 | not yet calculated | CVE-2023-33764MISC |
draytek -- vigor_routers | Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website. | 2023-06-01 | not yet calculated | CVE-2023-33778MISC |
minio -- minio_object_storage | Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0. | 2023-05-30 | not yet calculated | CVE-2023-33955MISCMISCMISC |
openproject -- openproject | OpenProject is web-based project management software. For any OpenProject installation, a `robots.txt` file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to version 12.5.6, even if the entire instance is marked as `Login required` and prevents all truly anonymous access, the `/robots.txt` route remains publicly available.
Version 12.5.6 has a fix for this issue. Alternatively, users can download a patchfile to apply the patch to any OpenProject version greater than 10.0 As a workaround, one may mark any public project as non-public and give anyone in need of access to the project a membership. |
2023-06-01 | not yet calculated | CVE-2023-33960MISCMISCMISCMISCMISC |
leantime -- leantime | Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist. | 2023-05-30 | not yet calculated | CVE-2023-33961MISC |
jstachio -- jstachio | JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes `'` in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users visiting pages that use this template engine. This can lead to various consequences, including session hijacking, defacement of web pages, theft of sensitive information, or even the propagation of malware.
Version 1.0.1 contains a patch for this issue. To mitigate this vulnerability, the template engine should properly escape special characters, including single quotes. Common practice is to escape `'` as `'`. As a workaround, users can avoid this issue by using only double quotes `"` for HTML attributes. |
2023-05-30 | not yet calculated | CVE-2023-33962MISCMISCMISCMISCMISC |
dataease -- dataease | DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading. | 2023-06-01 | not yet calculated | CVE-2023-33963MISCMISC |
mx-chain-go -- mx-chain-go | mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurred, the metachain would have stopped notarizing blocks from the shard chains. The resuming of notarization is possible only after applying a patched binary version. A patch in version 1.4.16 introduces `processIfTxErrorCrossShard` for the metachain transaction processor. There are no known workarounds for this issue. | 2023-05-31 | not yet calculated | CVE-2023-33964MISCMISC |
txthinking -- brook | Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606. | 2023-06-01 | not yet calculated | CVE-2023-33965MISCMISC |
deno -- deno | Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue. | 2023-05-31 | not yet calculated | CVE-2023-33966MISCMISC |
easeprobe -- easeprobe | EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0. | 2023-05-31 | not yet calculated | CVE-2023-33967MISCMISCMISCMISC |
formcreator -- formcreator | Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for rendering. This could result in arbitrary javascript code execution in an admin/tech context. A patch is unavailable as of time of publication. As a workaround, one may use a regular expression to remove `< > "` in all fields. | 2023-05-31 | not yet calculated | CVE-2023-33971MISC |
riot_os -- riot_os | RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. There are no known workarounds. | 2023-05-30 | not yet calculated | CVE-2023-33973MISCMISCMISCMISCMISCMISCMISCMISC |
riot_os -- riot_os | RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memory access resulting in denial of service. This issue is patched in pull request 19679. There are no known workarounds. | 2023-05-30 | not yet calculated | CVE-2023-33974MISCMISCMISCMISCMISCMISCMISCMISC |
riot_os -- riot_os | RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. This issue is fixed in pull request 19680. As a workaround, disable support for fragmented IP datagrams. | 2023-05-30 | not yet calculated | CVE-2023-33975MISCMISCMISCMISCMISCMISCMISCMISC |
chatgpt -- gpt_academic | gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gpt_academic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive files are configured to be off-limits, sensitive information files in some working directories can be read through the `/file` route, leading to sensitive information leakage. This affects users that uses file configurations via `config.py`, `config_private.py`, `Dockerfile`. A patch is available at commit 1dcc2873d2168ad2d3d70afcb453ac1695fbdf02. As a workaround, one may use environment variables instead of `config*.py` files to configure this project, or use docker-compose installation to configure this project. | 2023-05-31 | not yet calculated | CVE-2023-33979MISCMISC |
collabora_online -- collabora_online | Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. Users should upgrade to Collabora Online 22.05.13 or higher; Collabora Online 21.11.9.1 or higher; Collabora Online 6.4.27 or higher to receive a patch. | 2023-05-31 | not yet calculated | CVE-2023-34088MISC |
kyverno -- kyverno | Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the `deletionTimestamp` field defined can bypass validate, generate, or mutate-existing policies, even in cases where the `validationFailureAction` field is set to `Enforce`. This situation occurs as resources pending deletion were being consciously exempted by Kyverno, as a way to reduce processing load as policies are typically not applied to objects which are being deleted. However, this could potentially result in allowing a malicious user to leverage the Kubernetes finalizers feature by setting a finalizer which causes the Kubernetes API server to set the `deletionTimestamp` and then not completing the delete operation as a way to explicitly to bypass a Kyverno policy. Note that this is not applicable to Kubernetes Pods but, as an example, a Kubernetes Service resource can be manipulated using an indefinite finalizer to bypass policies. This is resolved in Kyverno 1.10.0. There is no known workaround. | 2023-06-01 | not yet calculated | CVE-2023-34091MISCMISC |
vite -- vite | Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application including the default `fs.deny` settings (`['.env', '.env.*', '*.{crt,pem}']`). Only users explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected, and only files in the immediate Vite project root folder could be exposed. This issue is fixed in vite@4.3.9, vite@4.2.3, vite@4.1.5, vite@4.0.5, vite@3.2.7, and vite@2.9.16. | 2023-06-01 | not yet calculated | CVE-2023-34092MISCMISCMISC |
chatgpt -- chuanhuchatgPT | ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can exploit this vulnerability to steal the API keys in the configuration file. The vulnerability has been fixed in commit bfac445. As a workaround, setting up access authentication can help mitigate the vulnerability. | 2023-06-02 | not yet calculated | CVE-2023-34094MISCMISC |
imagemagick -- imagemagick | A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). | 2023-05-30 | not yet calculated | CVE-2023-34151MISCMISCMISCFEDORA |
imagemagick -- imagemagick | A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. | 2023-05-30 | not yet calculated | CVE-2023-34152MISCMISCMISCFEDORA |
imagemagick -- imagemagick | A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. | 2023-05-30 | not yet calculated | CVE-2023-34153MISCMISCMISCFEDORA |
imapsync -- imapsync | imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it. | 2023-05-30 | not yet calculated | CVE-2023-34204MISC |
moov -- signedxml | In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW). | 2023-05-30 | not yet calculated | CVE-2023-34205MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible | 2023-05-31 | not yet calculated | CVE-2023-34218MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions | 2023-05-31 | not yet calculated | CVE-2023-34228MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible | 2023-05-31 | not yet calculated | CVE-2023-34229MISC |
linux -- kernel | An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. | 2023-05-31 | not yet calculated | CVE-2023-34256MISCMISCMISC |
tencent -- multiple_products | An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution. | 2023-05-31 | not yet calculated | CVE-2023-34258MISCMISC |
tencent -- multiple_products | In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition. | 2023-06-01 | not yet calculated | CVE-2023-34312MISC |
jetbrains -- ktor | In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message | 2023-06-01 | not yet calculated | CVE-2023-34339MISC |
moveit_transfer -- moveit_transfer | In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions. | 2023-06-02 | not yet calculated | CVE-2023-34362MISC |
Vulnerability Summary for the Week of May 22, 2023
Posted on Wednesday May 31, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
PrimaryVendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cbot -- chatbot | Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 2023-05-25 | 9.9 | CVE-2023-2882MISC |
cbot -- chatbot | Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 2023-05-25 | 9.9 | CVE-2023-2885MISC |
linux -- linux_kernel | An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12. | 2023-05-21 | 9.8 | CVE-2020-36694MISCMISCMISCMISC |
huawei -- emui | Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read. | 2023-05-26 | 9.8 | CVE-2021-46887MISC |
thingsforrestaurants -- quick_restaurant_reservations | Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.5.4 versions. | 2023-05-22 | 9.8 | CVE-2022-44739MISC |
schneider-electric -- powerlogic_ion9000_firmware | A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. |
2023-05-22 | 9.8 | CVE-2022-46680MISC |
ibm -- infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. | 2023-05-19 | 9.8 | CVE-2022-47984MISCMISC |
huawei -- harmonyos | The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | 2023-05-26 | 9.8 | CVE-2022-48478MISC |
huawei -- harmonyos | The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | 2023-05-26 | 9.8 | CVE-2022-48479MISC |
adam_retail_automation_systems -- mobilmen_terminal_software | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects Mobilmen Terminal Software: before 3. | 2023-05-23 | 9.8 | CVE-2023-1508MISC |
ipekyolu_software -- auto_damage_tracking_software | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection.This issue affects Auto Damage Tracking Software: before 4. | 2023-05-24 | 9.8 | CVE-2023-2045MISC |
minova_technology -- etrace | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection.This issue affects eTrace: before 23.05.20. | 2023-05-24 | 9.8 | CVE-2023-2064MISC |
wclovers -- wcfm_membership | The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. | 2023-05-20 | 9.8 | CVE-2023-2276MISCMISCMISC |
vibethemes -- bp_social_connect | The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | 2023-05-19 | 9.8 | CVE-2023-2704MISCMISCMISCMISC |
rental_module_project -- rental_module | Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15. | 2023-05-20 | 9.8 | CVE-2023-2712MISC |
rental_module_project -- rental_module | Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15. | 2023-05-20 | 9.8 | CVE-2023-2713MISC |
cityboss -- e-municipality | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05. | 2023-05-24 | 9.8 | CVE-2023-2750MISC |
sourcecodester -- online_jewelry_store | A vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Affected by this vulnerability is an unknown functionality of the file supplier.php of the component POST Parameter Handler. The manipulation of the argument suppid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229429 was assigned to this vulnerability. | 2023-05-19 | 9.8 | CVE-2023-2815MISCMISCMISC |
sourcecodester -- class_scheduling_system | A vulnerability was found in SourceCodester Class Scheduling System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_subject.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229597 was assigned to this vulnerability. | 2023-05-20 | 9.8 | CVE-2023-2823MISCMISCMISC |
snapone -- orvc |
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution. |
2023-05-22 | 9.8 | CVE-2023-28386MISCMISC |
gpac -- gpac | NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. | 2023-05-22 | 9.8 | CVE-2023-2840CONFIRMMISCDEBIAN |
sourcecodester -- theme_park_ticketing_system | A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file print_ticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229821 was assigned to this vulnerability. | 2023-05-24 | 9.8 | CVE-2023-2865MISCMISCMISC |
apache -- inlong | Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. |
2023-05-22 | 9.8 | CVE-2023-31062MISC |
wcms -- wcms | In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution. | 2023-05-22 | 9.8 | CVE-2023-31689MISC |
sem-cms -- semcms | SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. | 2023-05-19 | 9.8 | CVE-2023-31707MISC |
ibm -- infosphere_information_server | IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. | 2023-05-22 | 9.8 | CVE-2023-32336MISCMISC |
linux -- linux_kernel | The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c. | 2023-05-21 | 9.8 | CVE-2023-33250MISCMISC |
old_age_home_management_system_project -- old_age_home_management_system | Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. | 2023-05-23 | 9.8 | CVE-2023-33338MISC |
gpac -- gpac | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | 2023-05-22 | 9.1 | CVE-2023-2838MISCCONFIRMDEBIAN |
cbot -- chatbot | Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 2023-05-25 | 9.1 | CVE-2023-2887MISC |
apache -- inlong | Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.
An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it. |
2023-05-22 | 9.1 | CVE-2023-31065MISC |
apache -- inlong | Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it. | 2023-05-22 | 9.1 | CVE-2023-31066MISC |
netbox_project -- netbox | ** DISPUTED ** A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied. | 2023-05-24 | 9.1 | CVE-2023-33796MISCMISC |
asgaros -- asgaros_forum | Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions. | 2023-05-22 | 8.8 | CVE-2022-41608MISC |
webmat -- flexible_elementor_panel | Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Elementor Panel plugin <= 2.3.8 versions. | 2023-05-22 | 8.8 | CVE-2022-45076MISC |
loginizer -- loginizer | Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | 2023-05-22 | 8.8 | CVE-2022-45079MISC |
xootix -- side_cart_woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Woocommerce (Ajax) < 2.1 versions. | 2023-05-22 | 8.8 | CVE-2022-45376MISC |
brainstormforce -- starter_templates | Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions. | 2023-05-23 | 8.8 | CVE-2022-46851MISC |
radiustheme -- post_grid | Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions. | 2023-05-23 | 8.8 | CVE-2022-46853MISC |
gallery_metabox_project -- gallery_metabox | Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions. | 2023-05-20 | 8.8 | CVE-2022-47134MISC |
mediamatic -- media_library_folders | Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions. | 2023-05-22 | 8.8 | CVE-2022-47142MISC |
crayon_syntax_highlighter_project -- crayon_syntax_highlighter | Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin <= 2.8.4 versions. | 2023-05-22 | 8.8 | CVE-2022-47167MISC |
stylist_project -- stylist | Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions. | 2023-05-22 | 8.8 | CVE-2022-47183MISC |
nicearma -- dnui-delete-not-used-image | Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions. | 2023-05-22 | 8.8 | CVE-2022-47609MISC |
hover_image_project -- hover_image | Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions. | 2023-05-22 | 8.8 | CVE-2022-47611MISC |
armoli_technology -- cargo_tracking_system | Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass.This issue affects Cargo Tracking System: before 3558f28 . | 2023-05-24 | 8.8 | CVE-2023-2065MISC |
wp_tabs_slides_project -- wp_tabs_slides | Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions. | 2023-05-22 | 8.8 | CVE-2023-22688MISC |
autoaffiliatelinks -- auto_affiliate_links | Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. | 2023-05-20 | 8.8 | CVE-2023-22689MISC |
name_directory_project -- name_directory | Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions. | 2023-05-22 | 8.8 | CVE-2023-22692MISC |
srs_simple_hits_counter_project -- srs_simple_hits_counter | Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <= 1.1.0 versions. | 2023-05-22 | 8.8 | CVE-2023-22709MISC |
supsystic -- coming_soon | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions. | 2023-05-22 | 8.8 | CVE-2023-22714MISC |
wp_topbar_project -- wp_topbar | Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin <= 5.36 versions. | 2023-05-22 | 8.8 | CVE-2023-23680MISC |
hmplugin -- wordpress_books_gallery | Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions. | 2023-05-23 | 8.8 | CVE-2023-23705MISC |
miniorange -- wordpress_social_login_and_register_\(discord\,_google\,_twitter\,_linkedin\) | Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions. | 2023-05-23 | 8.8 | CVE-2023-23706MISC |
user-meta -- user_meta_manager | Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions. | 2023-05-22 | 8.8 | CVE-2023-23712MISC |
theme_tweaker_project -- theme_tweaker | Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Theme Tweaker plugin <= 5.20 versions. | 2023-05-23 | 8.8 | CVE-2023-23713MISC |
winwar -- wp_email_capture | Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions. | 2023-05-23 | 8.8 | CVE-2023-23724MISC |
secondlinethemes -- auto_youtube_importer | Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions. | 2023-05-22 | 8.8 | CVE-2023-23797MISC |
my_calendar_project -- my_calendar | Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions. | 2023-05-22 | 8.8 | CVE-2023-23813MISC |
ljapps -- wp_airbnb_review_slider | Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions. | 2023-05-20 | 8.8 | CVE-2023-23890MISC |
robosoft -- robogallery | Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions. | 2023-05-20 | 8.8 | CVE-2023-24414MISC |
slickremix -- feed_them_social | Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin <= 3.0.2 versions. | 2023-05-23 | 8.8 | CVE-2023-25056MISC |
inkthemes -- colorway | Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions. | 2023-05-22 | 8.8 | CVE-2023-25447MISC |
archivist_project -- archivist | Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions. | 2023-05-22 | 8.8 | CVE-2023-25448MISC |
podlove -- podlove_podcast_publisher | Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions. | 2023-05-23 | 8.8 | CVE-2023-25472MISC |
podlove -- podlove_subscribe_button | Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions. | 2023-05-23 | 8.8 | CVE-2023-25481MISC |
vikwp -- vikbooking_hotel_booking_engine_\&_pms | Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.12 versions. | 2023-05-23 | 8.8 | CVE-2023-25707MISC |
finex_media -- competition_management_system | Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass.This issue affects Competition Management System: before 23.07. | 2023-05-23 | 8.8 | CVE-2023-2702MISC |
weaver -- e-cology | A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-19 | 8.8 | CVE-2023-2806MISCMISCMISC |
cbot -- chatbot | Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 2023-05-25 | 8.8 | CVE-2023-2883MISC |
pingonline -- dyslexiefont_free | Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions. | 2023-05-20 | 8.8 | CVE-2023-32589MISC |
mitsubishielectric -- melsec_ws0-geth00200_firmware | Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware. | 2023-05-19 | 8.6 | CVE-2023-1618MISCMISCMISC |
teltonika -- remote_management_system | Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices. | 2023-05-22 | 8.3 | CVE-2023-2587MISC |
obsidian -- obsidian | Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page. | 2023-05-20 | 8.2 | CVE-2023-33244MISCMISC |
cloudfoundry -- cf-deployment | Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection. | 2023-05-19 | 8.1 | CVE-2023-20881MISC |
groundhogg -- groundhogg | The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-05-20 | 8 | CVE-2023-2736MISCMISCMISCMISC |
wireshark -- wireshark | BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 7.8 | CVE-2023-2854MISCCONFIRMMISC |
wireshark -- wireshark | Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 7.8 | CVE-2023-2855CONFIRMMISCMISC |
wireshark -- wireshark | BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 7.8 | CVE-2023-2857MISCMISCCONFIRM |
wireshark -- wireshark | NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 7.8 | CVE-2023-2858MISCMISCCONFIRM |
allwaysync -- allwaysync | Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. | 2023-05-22 | 7.8 | CVE-2023-29838MISCMISC |
luatex_project -- luatex | LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. | 2023-05-20 | 7.8 | CVE-2023-32700MISCMISCMISCMISC |
foxit -- pdf_editor | Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2. | 2023-05-19 | 7.8 | CVE-2023-33240MISC |
finex_media -- competition_management_system | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07. | 2023-05-23 | 7.6 | CVE-2023-2703MISC |
cbot -- chatbot | Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 2023-05-25 | 7.6 | CVE-2023-2886MISC |
huawei -- emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46881MISC |
huawei -- emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46882MISC |
huawei -- emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46883MISC |
huawei -- emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46884MISC |
huawei -- emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46885MISC |
huawei -- emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46886MISC |
fastweb -- fastgate_vdsl2_dga4131fwb_firmware | A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS. | 2023-05-19 | 7.5 | CVE-2022-30114MISCMISCMISC |
huawei -- emui | Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-05-26 | 7.5 | CVE-2022-48480MISC |
huawei -- emui | The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2023-0116MISC |
huawei -- harmonyos | The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. | 2023-05-20 | 7.5 | CVE-2023-1692MISCMISC |
huawei -- emui | The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | 2023-05-20 | 7.5 | CVE-2023-1693MISCMISC |
huawei -- emui | The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | 2023-05-20 | 7.5 | CVE-2023-1694MISCMISC |
huawei -- harmonyos | The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability. | 2023-05-20 | 7.5 | CVE-2023-1696MISCMISC |
sitecore -- experience_platform | Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx | 2023-05-22 | 7.5 | CVE-2023-27067MISCMISC |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. | 2023-05-26 | 7.5 | CVE-2023-2825MISCMISCCONFIRM |
gpac -- gpac | Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2. | 2023-05-22 | 7.5 | CVE-2023-2839CONFIRMMISCDEBIAN |
apache -- tomcat | The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. | 2023-05-22 | 7.5 | CVE-2023-28709MISCMISCMISC |
wireshark -- wireshark | GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file | 2023-05-26 | 7.5 | CVE-2023-2879MISCCONFIRMMISC |
webbax -- customexporter | Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php. | 2023-05-19 | 7.5 | CVE-2023-30199MISCMISC |
apache -- inlong | Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 to solve it. |
2023-05-22 | 7.5 | CVE-2023-31058MISC |
apache -- inlong | Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it. | 2023-05-22 | 7.5 | CVE-2023-31064MISC |
apache -- inlong | Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it. |
2023-05-22 | 7.5 | CVE-2023-31103MISC |
apache -- inlong | Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949 |
2023-05-22 | 7.5 | CVE-2023-31453MISC |
apache -- inlong | Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.
The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947 |
2023-05-22 | 7.5 | CVE-2023-31454MISC |
icecms_project -- icecms | IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information. | 2023-05-25 | 7.5 | CVE-2023-33355MISC |
bumsys_project -- bumsys | SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0. | 2023-05-22 | 7.2 | CVE-2023-2832MISCMISC |
craftcms -- craft_cms | Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-05-19 | 7.2 | CVE-2023-32679MISC |
sourcecodester -- faculty_evaluation_system | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. | 2023-05-26 | 7.2 | CVE-2023-33439MISC |
sourcecodester -- faculty_evaluation_system | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. | 2023-05-26 | 7.2 | CVE-2023-33440MISC |
dell -- cloudiq_collector | Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data. | 2023-05-19 | 7.1 | CVE-2023-28045MISC |
PrimaryVendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
tp-link -- archer_vr1600v_firmware | A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter. | 2023-05-19 | 6.7 | CVE-2023-31756MISC |
sitecore -- experience_platform | Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. | 2023-05-22 | 6.5 | CVE-2023-27066MISCMISC |
apache -- inlong | Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. | 2023-05-22 | 6.5 | CVE-2023-31101MISC |
quest -- kace_systems_deployment_appliance | There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials. | 2023-05-21 | 6.5 | CVE-2023-33254MISC |
nissan -- sylphy_classic_2021_firmware | The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. | 2023-05-22 | 6.5 | CVE-2023-33281MISCMISCMISC |
cbot -- chatbot | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 2023-05-25 | 6.4 | CVE-2023-2884MISC |
3ds -- 3dexperience | A reflected Cross-site Scripting (XSS) vulnerability in 3DEXPERIENCE R2018x through R2023x allows an attacker to execute arbitrary script code. | 2023-05-19 | 6.1 | CVE-2023-1996MISC |
sourcecodester -- class_scheduling_system | A vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Affected is an unknown function of the file /admin/save_teacher.php of the component POST Parameter Handler. The manipulation of the argument Academic_Rank leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229428. | 2023-05-19 | 6.1 | CVE-2023-2814MISCMISCMISC |
ellucian -- ethos_identity | A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596. | 2023-05-20 | 6.1 | CVE-2023-2822MISCMISCMISCMISC |
sourcecodester -- dental_clinic_appointment_reservation_system | A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/service.php of the component POST Parameter Handler. The manipulation of the argument service leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229598 is the identifier assigned to this vulnerability. | 2023-05-20 | 6.1 | CVE-2023-2824MISCMISCMISC |
mybb -- mybb | In MyBB before 1.8.34, there is XSS in the User CP module via the user email field. | 2023-05-22 | 6.1 | CVE-2023-28467MISCMISC |
sourcecodester -- online_jewelry_store | A vulnerability was found in SourceCodester Online Jewelry Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file customer.php of the component POST Parameter Handler. The manipulation of the argument Custid leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229820. | 2023-05-24 | 6.1 | CVE-2023-2864MISCMISCMISC |
silicon_project -- silicon | GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field. | 2023-05-22 | 6.1 | CVE-2023-31584MISCMISC |
ibm -- infosphere_information_server | IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. | 2023-05-19 | 5.5 | CVE-2023-22878MISCMISC |
telegram -- telegram | Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. | 2023-05-19 | 5.5 | CVE-2023-26818MISCMISC |
gpac -- gpac | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. | 2023-05-22 | 5.5 | CVE-2023-2837MISCCONFIRMDEBIAN |
ibm -- mq | IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398. | 2023-05-19 | 5.5 | CVE-2023-28514MISCMISC |
wireshark -- wireshark | VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 5.5 | CVE-2023-2856CONFIRMMISCMISC |
ibm -- mq | IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. | 2023-05-19 | 5.5 | CVE-2023-28950MISCMISC |
libtiff -- libtiff | A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. | 2023-05-19 | 5.5 | CVE-2023-30774MISCMISCMISC |
libtiff -- libtiff | A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. | 2023-05-19 | 5.5 | CVE-2023-30775MISCMISCMISC |
hledger -- hledger | An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function. | 2023-05-21 | 5.4 | CVE-2021-46888MISCMISCMISCMISC |
groundhogg -- groundhogg | The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact. | 2023-05-20 | 5.4 | CVE-2023-2716MISCMISCMISC |
groundhogg -- groundhogg | The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms. | 2023-05-20 | 5.4 | CVE-2023-2735MISCMISCMISCMISC |
sourcecodester -- class_scheduling_system | A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612. | 2023-05-21 | 5.4 | CVE-2023-2826MISCMISCMISC |
ibm -- infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. | 2023-05-19 | 5.4 | CVE-2023-28529MISCMISC |
dedecms -- dedecms | DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian' | 2023-05-19 | 5.4 | CVE-2023-31757MISC |
jizhicms -- jizhicms | jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package. | 2023-05-19 | 5.4 | CVE-2023-31862MISC |
icecms_project -- icecms | IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS). | 2023-05-25 | 5.4 | CVE-2023-33356MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33785MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33786MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33787MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33788MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33789MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33790MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33791MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33792MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33793MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33794MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33795MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33797MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33798MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33799MISC |
netbox_project -- netbox | A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33800MISC |
huawei -- emui | The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime. | 2023-05-26 | 5.3 | CVE-2023-0117MISC |
vyper_project -- vyper | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions. | 2023-05-19 | 5.3 | CVE-2023-32675MISCMISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition. | 2023-05-22 | 4.7 | CVE-2023-33288MISCMISCMISCMISCMISC |
groundhogg -- groundhogg | The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key. | 2023-05-20 | 4.3 | CVE-2023-2714MISCMISCMISCMISC |
groundhogg -- groundhogg | The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license. | 2023-05-20 | 4.3 | CVE-2023-2715MISCMISCMISC |
groundhogg -- groundhogg | The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled. | 2023-05-20 | 4.3 | CVE-2023-2717MISCMISCMISC |
eyoucms -- eyoucms | A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. | 2023-05-23 | 4.3 | CVE-2023-31708MISC |
hazelcast -- hazelcast | In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets. | 2023-05-22 | 4.3 | CVE-2023-33264MISC |
PrimaryVendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
zulip -- zulip | Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in `AUTHENTICATION_BACKENDS` in `/etc/zulip/settings.py` and 2: The organization permissions don't require invitations to join. An attacker can create a new account in the organization with an arbitrary email address in their control that's not in the organization's LDAP directory. The impact is limited to installations which have this specific combination of authentication backends as described above in addition to having `Invitations are required for joining this organization` organization permission disabled. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may enable the `Invitations are required for joining this organization` organization permission to prevent this issue. | 2023-05-19 | 3.7 | CVE-2023-28623MISCMISC |
zulip -- zulip | Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to -- even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams. | 2023-05-19 | 3.1 | CVE-2023-32677MISCMISCMISCMISC |
PrimaryVendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ruby-saml -- ruby-saml | xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. | 2023-05-27 | not yet calculated | CVE-2015-20108MISCMISCMISCMISC |
webplus_pro -- webplus_pro | WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. | 2023-05-23 | not yet calculated | CVE-2020-20012MISCMISC |
ingress-nginx -- ingress-nginx | A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | 2023-05-24 | not yet calculated | CVE-2021-25748MISCMISC |
kubernetes -- kubernetes | Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | 2023-05-24 | not yet calculated | CVE-2021-25749MISC |
abb -- multiple_products | Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.
An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0. |
2023-05-22 | not yet calculated | CVE-2022-0010MISC |
bitdefender -- multiple_products | Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.
This issue affects: Bitdefender Total Security |
2023-05-24 | not yet calculated | CVE-2022-0357MISC |
credence_analytics -- ideal_wealth_and_funds | SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter. | 2023-05-24 | not yet calculated | CVE-2022-30025MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions. | 2023-05-25 | not yet calculated | CVE-2022-38356MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions. | 2023-05-25 | not yet calculated | CVE-2022-38716MISC |
matrix-org -- synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade. | 2023-05-26 | not yet calculated | CVE-2022-39335MISCMISCMISC |
matrix-org -- synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0 | 2023-05-26 | not yet calculated | CVE-2022-39374MISCMISC |
opentext -- archive_center_administration | The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it. | 2023-05-24 | not yet calculated | CVE-2022-41221MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Shipment Tracking for WooCommerce plugin <= 3.5.2 versions. | 2023-05-25 | not yet calculated | CVE-2022-41635MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes BadgeOS plugin <= 3.7.1.6 versions. | 2023-05-25 | not yet calculated | CVE-2022-41987MISC |
jumpserver -- jumpserver | Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission. | 2023-05-24 | not yet calculated | CVE-2022-42225MISCMISCMISCMISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions. | 2023-05-25 | not yet calculated | CVE-2022-43490MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.6.5 versions. | 2023-05-24 | not yet calculated | CVE-2022-45364MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.4 versions. | 2023-05-25 | not yet calculated | CVE-2022-45366MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Custom Order Numbers for WooCommerce plugin <= 1.4.0 versions. | 2023-05-25 | not yet calculated | CVE-2022-45367MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine plugin <= 4.1.1 versions. | 2023-05-25 | not yet calculated | CVE-2022-45371MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR Compliance & Cookie Consent plugin <= 1.2 versions. | 2023-05-25 | not yet calculated | CVE-2022-45815MISC |
dataprobe -- iboot-pdu_fw | The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution. | 2023-05-22 | not yet calculated | CVE-2022-46658MISCMISC |
dataprobe -- iboot-pdu_fw | The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin. | 2023-05-22 | not yet calculated | CVE-2022-46738MISCMISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin <= 5.4.1 versions. | 2023-05-24 | not yet calculated | CVE-2022-46794MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions. | 2023-05-25 | not yet calculated | CVE-2022-46800MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. | 2023-05-25 | not yet calculated | CVE-2022-46810MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. | 2023-05-25 | not yet calculated | CVE-2022-46812MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions. | 2023-05-23 | not yet calculated | CVE-2022-46813MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lebedel Kodex Posts likes plugin <= 2.4.3 versions. | 2023-05-25 | not yet calculated | CVE-2022-46814MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.4 versions. | 2023-05-24 | not yet calculated | CVE-2022-46816MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table Of Contents plugin <= 1.3.9 versions. | 2023-05-25 | not yet calculated | CVE-2022-46820MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce Products Designer plugin <= 4.3.3 versions. | 2023-05-25 | not yet calculated | CVE-2022-46856MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk Resize Media plugin <= 1.1 versions. | 2023-05-25 | not yet calculated | CVE-2022-46865MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Import External Images plugin <= 1.4 versions. | 2023-05-25 | not yet calculated | CVE-2022-46866MISC |
oracle -- apache | A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later. | 2023-05-25 | not yet calculated | CVE-2022-46907MISCMISC |
nagvis -- nagvis | Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. | 2023-05-26 | not yet calculated | CVE-2022-46945CONFIRMMISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin <= 7.0.9 versions. | 2023-05-25 | not yet calculated | CVE-2022-47135MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions. | 2023-05-25 | not yet calculated | CVE-2022-47136MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin <= 2.1 versions. | 2023-05-25 | not yet calculated | CVE-2022-47138MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin <= 5.2.15 versions. | 2023-05-25 | not yet calculated | CVE-2022-47139MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions. | 2023-05-25 | not yet calculated | CVE-2022-47144MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 1.4 versions. | 2023-05-25 | not yet calculated | CVE-2022-47149MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFunnels plugin <= 3.1.1 versions. | 2023-05-24 | not yet calculated | CVE-2022-47152MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster Logo Generator plugin <= 1.3 versions. | 2023-05-25 | not yet calculated | CVE-2022-47159MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions. | 2023-05-25 | not yet calculated | CVE-2022-47161MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions. | 2023-05-25 | not yet calculated | CVE-2022-47164MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions. | 2023-05-25 | not yet calculated | CVE-2022-47165MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions. | 2023-05-25 | not yet calculated | CVE-2022-47174MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions. | 2023-05-25 | not yet calculated | CVE-2022-47177MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin <= 8.4.7 versions. | 2023-05-25 | not yet calculated | CVE-2022-47178MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions. | 2023-05-24 | not yet calculated | CVE-2022-47180MISC |
dataprobe -- iboot_devices | A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection. | 2023-05-22 | not yet calculated | CVE-2022-47311MISCMISC |
dataprobe -- iboot_devices | The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes. | 2023-05-22 | not yet calculated | CVE-2022-47320MISCMISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps – LotsOfLocales plugin <= 3.98.7 versions. | 2023-05-24 | not yet calculated | CVE-2022-47446MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions. | 2023-05-24 | not yet calculated | CVE-2022-47447MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com - MS plugin <= 1.12.03 versions. | 2023-05-24 | not yet calculated | CVE-2022-47448MISC |
hitachi_vantara -- pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. | 2023-05-24 | not yet calculated | CVE-2022-4815MISC |
dataprobe -- multiple_products | The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud. | 2023-05-22 | not yet calculated | CVE-2022-4945MISCMISC |
linux -- kernel | Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 | 2023-05-25 | not yet calculated | CVE-2023-0459MISCMISC |
the_document_foundation -- libreoffice | Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. | 2023-05-25 | not yet calculated | CVE-2023-0950MISCDEBIAN |
hitachi_vantara -- pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. | 2023-05-24 | not yet calculated | CVE-2023-1158MISC |
minikube_for_macos -- minikube_for_macos | This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. | 2023-05-24 | not yet calculated | CVE-2023-1174MISC |
servicenow -- servicenow | Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts. | 2023-05-23 | not yet calculated | CVE-2023-1209MISCMISC |
mitsubishi_electric_corporation -- melsec_iq-f | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution. | 2023-05-24 | not yet calculated | CVE-2023-1424MISCMISCMISCMISC |
keycloak -- keycloak | A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of "Cannot validate client certificate trust: Truststore not available". This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use "Revalidate Client Certificate" this flaw is avoidable. | 2023-05-26 | not yet calculated | CVE-2023-1664MISC |
libssh -- libssh | A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. | 2023-05-26 | not yet calculated | CVE-2023-1667MISCMISCMISCFEDORAMLIST |
hypr_server -- hypr_server | Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) | 2023-05-23 | not yet calculated | CVE-2023-1837MISC |
minikube -- minikube | This vulnerability enables ssh access to minikube container using a default password. | 2023-05-24 | not yet calculated | CVE-2023-1944MISC |
avahi-- avahi | A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. | 2023-05-26 | not yet calculated | CVE-2023-1981MISCMISCMISC |
linux -- kernel | A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. | 2023-05-26 | not yet calculated | CVE-2023-2002MISC |
nsx-t -- nsx-t | NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. | 2023-05-26 | not yet calculated | CVE-2023-20868MISC |
cloud_foundry_routing_release -- cloud_foundry_routing_release | In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool. | 2023-05-26 | not yet calculated | CVE-2023-20882MISC |
spring_boot -- spring_boot | In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. | 2023-05-26 | not yet calculated | CVE-2023-20883MISC |
samsung_mobile -- galaxy_store | Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | 2023-05-26 | not yet calculated | CVE-2023-21514MISC |
samsung_mobile -- galaxy_store | InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | 2023-05-26 | not yet calculated | CVE-2023-21515MISC |
samsung_mobile -- galaxy_store | XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | 2023-05-26 | not yet calculated | CVE-2023-21516MISC |
atlassian -- confluence_data_center | Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.
The affected versions are before version 7.19.9. This vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team. |
2023-05-25 | not yet calculated | CVE-2023-22504MISC |
the_document_foundation -- libreoffice | Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3. | 2023-05-25 | not yet calculated | CVE-2023-2255MISCDEBIAN |
t&d_corporation_and_espec_mic_corp. -- t&d_corporation_and_espec_mic_corp._data_logger_products | Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | 2023-05-23 | not yet calculated | CVE-2023-22654MISCMISCMISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin <= 1.1 versions. | 2023-05-26 | not yet calculated | CVE-2023-22693MISC |
libssh -- libssh | A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. | 2023-05-26 | not yet calculated | CVE-2023-2283MISCMISCMISCFEDORA |
bottles/yaml -- bottles/yaml | Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file. | 2023-05-26 | not yet calculated | CVE-2023-22970MISCFEDORAFEDORA |
garmin -- connect_iq | The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware. | 2023-05-23 | not yet calculated | CVE-2023-23298MISCMISCMISC |
garmin -- connect_iq | The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others. | 2023-05-23 | not yet calculated | CVE-2023-23299MISCMISC |
garmin -- connect_iq | The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware. | 2023-05-23 | not yet calculated | CVE-2023-23300MISCMISC |
garmin -- connect_iq | The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory. | 2023-05-23 | not yet calculated | CVE-2023-23301MISC |
garmin -- connect_iq | The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware. | 2023-05-23 | not yet calculated | CVE-2023-23302MISCMISC |
garmin -- connect_iq | The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware. | 2023-05-23 | not yet calculated | CVE-2023-23303MISCMISC |
garmin -- connect_iq | The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information. | 2023-05-23 | not yet calculated | CVE-2023-23304MISCMISC |
garmin -- connect_iq | The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware. | 2023-05-23 | not yet calculated | CVE-2023-23305MISC |
garmin -- connect_iq | The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device's firmware. | 2023-05-23 | not yet calculated | CVE-2023-23306MISCMISC |
t&d_corporation_and_espec_mic_corp. -- t&d_corporation_and_espec_mic_corp._data_logger_products | Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | 2023-05-23 | not yet calculated | CVE-2023-23545MISCMISCMISC |
dell -- vxrail | Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | 2023-05-23 | not yet calculated | CVE-2023-23693MISC |
dell -- vxrail | Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | 2023-05-23 | not yet calculated | CVE-2023-23694MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions. | 2023-05-26 | not yet calculated | CVE-2023-23714MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin <= 7.1.4 versions. | 2023-05-26 | not yet calculated | CVE-2023-24007MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin <= 0.7.8 versions. | 2023-05-26 | not yet calculated | CVE-2023-24008MISC |
m-files -- client | Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege via UI extension applications | 2023-05-25 | not yet calculated | CVE-2023-2480MISC |
wordpress -- wordpress | The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege. | 2023-05-24 | not yet calculated | CVE-2023-2494MISCMISC |
wordpress -- wordpress | The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2023-05-24 | not yet calculated | CVE-2023-2496MISCMISC |
wordpress -- wordpress | The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-05-24 | not yet calculated | CVE-2023-2498MISCMISC |
wordpress -- wordpress | The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2023-05-25 | not yet calculated | CVE-2023-2500MISCMISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuyencode CC Custom Taxonomy plugin <= 1.0.1 versions. | 2023-05-24 | not yet calculated | CVE-2023-25028MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <= 2.0.7 versions. | 2023-05-26 | not yet calculated | CVE-2023-25029MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean Up plugin <= 1.2.3 versions. | 2023-05-26 | not yet calculated | CVE-2023-25034MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <= 0.58 versions. | 2023-05-26 | not yet calculated | CVE-2023-25038MISC |
birddog -- multiple_products |
Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials. |
2023-05-22 | not yet calculated | CVE-2023-2504MISCMISC |
birddog -- multiple_products | The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files. | 2023-05-22 | not yet calculated | CVE-2023-2505MISCMISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions. | 2023-05-26 | not yet calculated | CVE-2023-25058MISC |
snap_one -- ovrc_pro |
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device. |
2023-05-22 | not yet calculated | CVE-2023-25183MISCMISC |
square_pig_llc -- fusioninvoice | Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details. | 2023-05-25 | not yet calculated | CVE-2023-25439MISC |
civicrm -- civicrm | Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. | 2023-05-23 | not yet calculated | CVE-2023-25440MISCMISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions. | 2023-05-26 | not yet calculated | CVE-2023-25467MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin <= 0.3 versions. | 2023-05-26 | not yet calculated | CVE-2023-25470MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin <= 2.2.6 versions. | 2023-05-23 | not yet calculated | CVE-2023-25474MISC |
dell -- poweredge_14g_bios/precision_bios | Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege. | 2023-05-22 | not yet calculated | CVE-2023-25537MISC |
mitel -- mivoice_connect | A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | 2023-05-24 | not yet calculated | CVE-2023-25598MISCMISC |
mitel -- mivoice_connect | A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | 2023-05-24 | not yet calculated | CVE-2023-25599MISCMISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions. | 2023-05-26 | not yet calculated | CVE-2023-25781MISC |
teltonika -- remote_management_system | Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user's devices, including remote code execution with 'root' privileges (using the 'Task Manager' feature on RMS). | 2023-05-22 | not yet calculated | CVE-2023-2586MISC |
teltonika -- remote_management_system | Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL could be shared with others without Remote Management System authentication . An attacker could exploit this vulnerability to create a malicious webpage that uses a trusted and certified domain. An attacker could initiate a reverse shell when a victim connects to the malicious webpage, achieving remote code execution on the victim device. | 2023-05-22 | not yet calculated | CVE-2023-2588MISC |
qrio,_inc. -- qrio_lock_(q-sl2) | Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions. | 2023-05-23 | not yet calculated | CVE-2023-25946MISCMISC |
works_mobile_japan_corp. -- drive_explorer_for_macos | Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges. | 2023-05-23 | not yet calculated | CVE-2023-25953MISCMISC |
eclipse -- openj9 | In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. | 2023-05-22 | not yet calculated | CVE-2023-2597CONFIRM |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugin <= 1.4.1 versions. | 2023-05-26 | not yet calculated | CVE-2023-25971MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions. | 2023-05-26 | not yet calculated | CVE-2023-25976MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More Excerpt Link plugin <= 1.6 versions. | 2023-05-23 | not yet calculated | CVE-2023-26011MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HTML plugin <= 2.1.7 vulnerability. | 2023-05-23 | not yet calculated | CVE-2023-26014MISC |
n158 -- n158 | All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function.
**Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. |
2023-05-27 | not yet calculated | CVE-2023-26127MISCMISC |
keep-module-latest -- keep-module-latest | All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function.
**Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. |
2023-05-27 | not yet calculated | CVE-2023-26128MISCMISC |
bmw-ng -- bmw-ng | All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file.
**Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. |
2023-05-27 | not yet calculated | CVE-2023-26129MISC |
tibco_software_inc. -- tibco_ebx | The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. | 2023-05-25 | not yet calculated | CVE-2023-26215MISC |
tibco_software_inc. -- tibco_ebx | The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. | 2023-05-25 | not yet calculated | CVE-2023-26216MISC |
cybozu,_inc. -- cybozu_garoon | Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. | 2023-05-23 | not yet calculated | CVE-2023-26595MISCMISC |
sitecore -- experience_platform/sitecore_xp | Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. | 2023-05-23 | not yet calculated | CVE-2023-27068MISCMISCMISC |
cybozu,_inc. -- cybozu_garoon | Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. | 2023-05-23 | not yet calculated | CVE-2023-27304MISCMISC |
netapp -- bluexp_connector | NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector. | 2023-05-26 | not yet calculated | CVE-2023-27311MISC |
wordpress -- wordpress | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. | 2023-05-25 | not yet calculated | CVE-2023-2732MISCMISCMISC |
wordpress -- wordpress | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. | 2023-05-25 | not yet calculated | CVE-2023-2733MISCMISCMISC |
wordpress -- wordpress | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. | 2023-05-25 | not yet calculated | CVE-2023-2734MISCMISCMISC |
cybozu,_inc. -- cybozu_garoon | Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. | 2023-05-23 | not yet calculated | CVE-2023-27384MISCMISC |
t&d_corporation_and_espec_mic_corp. -- t&d_corporation_and_espec_mic_corp._data_logger_products | Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | 2023-05-23 | not yet calculated | CVE-2023-27387MISCMISCMISC |
t&d_corporation_and_espec_mic_corp. -- t&d_corporation_and_espec_mic_corp._data_logger_products | Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | 2023-05-23 | not yet calculated | CVE-2023-27388MISCMISCMISC |
microengine -- mailform | Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | 2023-05-23 | not yet calculated | CVE-2023-27397MISCMISC |
microengine -- mailform | MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | 2023-05-23 | not yet calculated | CVE-2023-27507MISCMISC |
contec_co_ltd. -- solarview_compact_sv-cpt-mc310 | Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation. | 2023-05-23 | not yet calculated | CVE-2023-27512MISCMISCMISC |
contec_co_ltd. -- solarview_compact_sv-cpt-mc310 | OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command. | 2023-05-23 | not yet calculated | CVE-2023-27514MISCMISCMISC |
contec_co_ltd. -- solarview_compact_sv-cpt-mc310 | Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code. | 2023-05-23 | not yet calculated | CVE-2023-27518MISCMISCMISC |
contec_co_ltd. -- solarview_compact_sv-cpt-mc310 | OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command. | 2023-05-23 | not yet calculated | CVE-2023-27521MISCMISCMISC |
wacom -- wacom_tablet_driver_installer | Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege. | 2023-05-25 | not yet calculated | CVE-2023-27529MISCMISC |
contec_co_ltd. -- solarview_compact_sv-cpt-mc310 | Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product. | 2023-05-23 | not yet calculated | CVE-2023-27920MISCMISCMISC |
jins -- meme_core | JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker. | 2023-05-23 | not yet calculated | CVE-2023-27921MISCMISC |
wordpress -- wordpress | Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script. | 2023-05-23 | not yet calculated | CVE-2023-27922MISCMISC |
wordpress -- wordpress | Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | 2023-05-23 | not yet calculated | CVE-2023-27923MISCMISC |
wordpress -- wordpress | Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | 2023-05-23 | not yet calculated | CVE-2023-27925MISCMISC |
wordpress -- wordpress | Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. | 2023-05-23 | not yet calculated | CVE-2023-27926MISCMISC |
htmlunit -- htmlunit | Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0. | 2023-05-25 | not yet calculated | CVE-2023-2798MISCMISC |
hclsoftware -- domino_appdeck_pack | The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users. | 2023-05-23 | not yet calculated | CVE-2023-28015MISC |
libjpeg-turbo -- libjpeg-turbo | A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. | 2023-05-25 | not yet calculated | CVE-2023-2804MISCMISCMISCMISCMISC |
craft_cms -- craft_cms | A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively. | 2023-05-26 | not yet calculated | CVE-2023-2817MISCMISC |
curl/curl -- libcurl | A use after free vulnerability exists in curl 2023-05-26 |
not yet calculated |
CVE-2023-28319MISC |
|
curl/curl -- libcurl | A denial of service vulnerability exists in curl 2023-05-26 |
not yet calculated |
CVE-2023-28320MISC |
|
curl/curl -- libcurl | An improper certificate validation vulnerability exists in curl 2023-05-26 |
not yet calculated |
CVE-2023-28321MISC |
|
curl/curl -- libcurl | An information disclosure vulnerability exists in curl 2023-05-26 |
not yet calculated |
CVE-2023-28322MISC |
|
wordpress -- wordpress | Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. | 2023-05-23 | not yet calculated | CVE-2023-28367MISCMISC |
tornadoweb -- tornado | Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. | 2023-05-25 | not yet calculated | CVE-2023-28370MISCMISC |
encourage_technologies_co.,ltd. -- ess_rec_agent_server_edition_series | Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1 | 2023-05-26 | not yet calculated | CVE-2023-28382MISCMISC |
icom_inc. -- sr-7100vn | Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed. | 2023-05-23 | not yet calculated | CVE-2023-28390MISCMISC |
inaba_denki_sangyo_co.,_ltd. -- wi-fi_ap_unit | Wi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | 2023-05-23 | not yet calculated | CVE-2023-28392MISCMISC |
beekeeper_studio,_inc. -- beekeeper_studio | Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well. | 2023-05-23 | not yet calculated | CVE-2023-28394MISCMISCMISC |
wordpress -- wordpress | Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings. | 2023-05-23 | not yet calculated | CVE-2023-28408MISCMISC |
wordpress -- wordpress | Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. | 2023-05-23 | not yet calculated | CVE-2023-28409MISCMISC |
snap_one -- ovrc_pro |
When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information. |
2023-05-22 | not yet calculated | CVE-2023-28412MISCMISC |
wordpress -- wordpress | Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition. | 2023-05-23 | not yet calculated | CVE-2023-28413MISCMISC |
cloudexplorer-dev -- cloudexplorer-dev/cloudexplorer-lite | Missing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. | 2023-05-23 | not yet calculated | CVE-2023-2844CONFIRMMISC |
cloudexplorer-dev -- cloudexplorer-dev/cloudexplorer-lite | Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. | 2023-05-23 | not yet calculated | CVE-2023-2845CONFIRMMISC |
nilsteampassnet -- nilsteampassnet/teampass | Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-05-24 | not yet calculated | CVE-2023-2859CONFIRMMISC |
siteserver -- cms | A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability. | 2023-05-24 | not yet calculated | CVE-2023-2862MISCMISCMISC |
simple_design -- daily_journal | A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819. | 2023-05-24 | not yet calculated | CVE-2023-2863MISCMISCMISC |
snap_one -- ovrc_pro | The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user. | 2023-05-22 | not yet calculated | CVE-2023-28649MISCMISC |
barracuda_networks -- email_security_gateway | A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances. | 2023-05-24 | not yet calculated | CVE-2023-2868MISCMISC |
entech -- monitor_asset_manager | A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-229849 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-24 | not yet calculated | CVE-2023-2870MISCMISCMISCMISC |
fabulatech -- usb_for_remote_desktop | A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-229850 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-24 | not yet calculated | CVE-2023-2871MISCMISCMISCMISC |
flexihub -- flexihub | A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. This affects the function 0x220088 in the library fusbhub.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229851. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-24 | not yet calculated | CVE-2023-2872MISCMISCMISCMISC |
twister -- antivirus | A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-24 | not yet calculated | CVE-2023-2873MISCMISCMISCMISC |
twister -- antivirus | A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-24 | not yet calculated | CVE-2023-2874MISCMISCMISCMISC |
escan -- antivirus | A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-24 | not yet calculated | CVE-2023-2875MISCMISCMISCMISC |
pimcore -- pimcore/customer-data-framework | Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | 2023-05-25 | not yet calculated | CVE-2023-2881CONFIRMMISC |
phpok -- phpok | A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability. | 2023-05-25 | not yet calculated | CVE-2023-2888MISCMISCMISC |
linux -- kernel | There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. | 2023-05-26 | not yet calculated | CVE-2023-2898MISC |
nfine -- rapid_development_platform | A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-229974 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-25 | not yet calculated | CVE-2023-2900MISCMISCMISC |
nfine -- rapid_development_platform | A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229975. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-25 | not yet calculated | CVE-2023-2901MISCMISCMISC |
nfine -- rapid_development_platform | A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-25 | not yet calculated | CVE-2023-2902MISCMISCMISC |
nfine -- rapid_development_platform | A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-25 | not yet calculated | CVE-2023-2903MISCMISCMISC |
artistscope -- copysafe_pdf_reader | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <= 3.13 versions. | 2023-05-26 | not yet calculated | CVE-2023-29098MISC |
sourcecodester -- comment_system | A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076. | 2023-05-27 | not yet calculated | CVE-2023-2922MISCMISCMISC |
tenda -- ac6 | A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-27 | not yet calculated | CVE-2023-2923MISCMISCMISC |
supcon -- simfield | A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-27 | not yet calculated | CVE-2023-2924MISCMISCMISC |
webkul -- krayin_crm | A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230079. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-27 | not yet calculated | CVE-2023-2925MISCMISCMISC |
seacms -- seacms | A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230081 was assigned to this vulnerability. | 2023-05-27 | not yet calculated | CVE-2023-2926MISCMISCMISC |
jizhicms -- jizhicms | A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability. | 2023-05-27 | not yet calculated | CVE-2023-2927MISCMISCMISC |
dedecms -- dedecms | A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083. | 2023-05-27 | not yet calculated | CVE-2023-2928MISCMISCMISC |
openemr -- openemr/openemr | Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | not yet calculated | CVE-2023-2942MISCCONFIRM |
openemr -- openemr/openemr | Code Injection in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | not yet calculated | CVE-2023-2943MISCCONFIRM |
openemr -- openemr/openemr | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | not yet calculated | CVE-2023-2944MISCCONFIRM |
openemr -- openemr/openemr | Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | not yet calculated | CVE-2023-2945CONFIRMMISC |
openemr -- openemr/openemr | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | not yet calculated | CVE-2023-2946CONFIRMMISC |
openemr -- openemr/openemr | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | not yet calculated | CVE-2023-2947MISCCONFIRM |
sofawiki_cms -- sofawiki_cms | SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution. | 2023-05-24 | not yet calculated | CVE-2023-29721MISCMISC |
contec_co_ltd. -- solarview_compact | SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. | 2023-05-23 | not yet calculated | CVE-2023-29919MISCMISC |
camaleon_cms -- camaleon_cms | Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. | 2023-05-26 | not yet calculated | CVE-2023-30145MISCMISCMISCMISCMISC |
valve -- half-life | A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. | 2023-05-23 | not yet calculated | CVE-2023-30382MISC |
ibm -- powervm_hypervisor | IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175. | 2023-05-23 | not yet calculated | CVE-2023-30440MISCMISC |
hitachi -- ops_center_analyzier | Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00. | 2023-05-23 | not yet calculated | CVE-2023-30469MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Accessibility plugin <= 1.4 versions. | 2023-05-25 | not yet calculated | CVE-2023-30484MISC |
iris_software_inc. -- iris | Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web. | 2023-05-25 | not yet calculated | CVE-2023-30615MISCMISC |
cilium -- cilium | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies. This issue has been patched in Cilium 1.11.16, 1.12.9, and 1.13.2. | 2023-05-25 | not yet calculated | CVE-2023-30851MISCMISCMISCMISC |
oracle -- apache_inlong | Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0.
When users change their password to a simple password (with any character or Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it. |
2023-05-22 | not yet calculated | CVE-2023-31098MISC |
c-ares -- c-ares | c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. | 2023-05-25 | not yet calculated | CVE-2023-31124MISCMISCMISCMISC |
nextcloud -- cookbook | NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch, the `pull-checks.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. This issue is fixed in commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch. There is no risk for the user of the app within the NextCloud server. This only affects the main repository and possible forks of it. Those who have forked the NextCloud Cookbook repository should make sure their forks are on the latest version to prevent code injection attacks and similar. | 2023-05-26 | not yet calculated | CVE-2023-31128MISCMISCMISCMISCMISC |
c-ares -- c-ares | c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. | 2023-05-25 | not yet calculated | CVE-2023-31130MISCMISCMISCMISC |
c-ares -- c-ares | c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. | 2023-05-25 | not yet calculated | CVE-2023-31147MISCMISCMISCMISC |
snap_one -- ovrc_pro |
Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation. |
2023-05-22 | not yet calculated | CVE-2023-31193MISCMISC |
oracle -- apache_inlong | Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.
[1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 |
2023-05-22 | not yet calculated | CVE-2023-31206MISC |
huawei -- harmonyos | The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. | 2023-05-26 | not yet calculated | CVE-2023-31225MISC |
huawei -- harmonyos | The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality. | 2023-05-26 | not yet calculated | CVE-2023-31226MISC |
huawei -- harmonyos | The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality. | 2023-05-26 | not yet calculated | CVE-2023-31227MISC |
snap_one -- ovrc_pro |
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials. |
2023-05-22 | not yet calculated | CVE-2023-31240MISCMISC |
snap_one -- ovrc_pro |
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright. |
2023-05-22 | not yet calculated | CVE-2023-31241MISC |
snap_one -- ovrc_pro |
Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web. |
2023-05-22 | not yet calculated | CVE-2023-31245MISCMISC |
mitel -- mivoice_connect | A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. | 2023-05-24 | not yet calculated | CVE-2023-31457MISCMISC |
mitel -- mivoice_connect | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. | 2023-05-24 | not yet calculated | CVE-2023-31458MISCMISC |
mitel -- mivoice_connect | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. | 2023-05-24 | not yet calculated | CVE-2023-31459MISCMISC |
mitel -- mivoice_connect | A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters. | 2023-05-24 | not yet calculated | CVE-2023-31460MISCMISC |
teeworlds -- teeworlds | Teeworlds v0.7.5 was discovered to contain memory leaks. | 2023-05-23 | not yet calculated | CVE-2023-31517MISCMISC |
teeworlds -- teeworlds | A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file. | 2023-05-23 | not yet calculated | CVE-2023-31518MISCMISCMISC |
ic_realtime -- icip-p2012t | IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. | 2023-05-25 | not yet calculated | CVE-2023-31594MISCMISC |
ic_realtime -- icip-p2012t | IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access. | 2023-05-24 | not yet calculated | CVE-2023-31595MISCMISC |
wso2 -- api_manager | A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter. | 2023-05-23 | not yet calculated | CVE-2023-31664CONFIRMCONFIRMMISC |
webassembly -- wat2wasm | WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote ("). | 2023-05-23 | not yet calculated | CVE-2023-31669MISC |
webassembly -- webassembly | An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. | 2023-05-23 | not yet calculated | CVE-2023-31670MISC |
alist_3.15.1 -- alist_3.15.1 | AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. | 2023-05-23 | not yet calculated | CVE-2023-31726MISCMISC |
linksys -- e2000 | There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. | 2023-05-23 | not yet calculated | CVE-2023-31740MISCMISC |
linksys -- e2000 | There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | 2023-05-23 | not yet calculated | CVE-2023-31741MISCMISC |
linksys -- wrt54gl | There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | 2023-05-22 | not yet calculated | CVE-2023-31742MISCMISC |
wondershare -- filmora_12 | Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges. | 2023-05-23 | not yet calculated | CVE-2023-31747MISCMISCMISC |
wondershare -- mobiletrans | Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. | 2023-05-24 | not yet calculated | CVE-2023-31748MISCMISC |
sourcecodester -- employee_and_visitor_gate_pass_logging_system | SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. | 2023-05-23 | not yet calculated | CVE-2023-31752MISC |
kerui -- w18_alarm_system | Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack. | 2023-05-24 | not yet calculated | CVE-2023-31759MISC |
blitzwolf -- bw-is22_smart_home_security_alarm | Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | 2023-05-24 | not yet calculated | CVE-2023-31761MISC |
digoo -- dg-hamb_smart_home_security_system | Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack. | 2023-05-24 | not yet calculated | CVE-2023-31762MISC |
agshome -- smart_alarm | Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | 2023-05-24 | not yet calculated | CVE-2023-31763MISC |
wekan -- wekan | Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature. | 2023-05-22 | not yet calculated | CVE-2023-31779MISCMISC |
d-link -- dir-300 | D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. | 2023-05-23 | not yet calculated | CVE-2023-31814MISCMISC |
it_sourcecode -- content_management_system | IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php. | 2023-05-22 | not yet calculated | CVE-2023-31816MISC |
skyscreamer/nevado -- skyscreamer/nevado | Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data. | 2023-05-23 | not yet calculated | CVE-2023-31826MISCMISCMISCMISC |
wuzhi_cms -- wuzhi_cms | Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. | 2023-05-23 | not yet calculated | CVE-2023-31860MISC |
zlmediakit -- zlmediakit | ZLMediaKit 4.0 is vulnerable to Directory Traversal. | 2023-05-25 | not yet calculated | CVE-2023-31861MISCMISC |
suprema_inc. -- biostar_2 | Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system. | 2023-05-22 | not yet calculated | CVE-2023-31923MISC |
hanwha -- multiple_products | Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02. | 2023-05-23 | not yet calculated | CVE-2023-31994MISCMISC |
hanwha -- ip_camera_ane-l7012r | Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). | 2023-05-23 | not yet calculated | CVE-2023-31995MISC |
hanwha -- ip_camera_ane-l7012r | Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. | 2023-05-23 | not yet calculated | CVE-2023-31996MISCMISC |
c-ares -- c-ares | c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. | 2023-05-25 | not yet calculated | CVE-2023-32067MISCMISCMISCMISC |
nextcloud -- user_oidc_app | user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2 | 2023-05-25 | not yet calculated | CVE-2023-32074MISCMISCMISC |
sofia-sip -- sofia-sip | Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade. |
2023-05-26 | not yet calculated | CVE-2023-32307MISC |
cloudexplorer_lite -- cloudexplorer_lite | CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-05-26 | not yet calculated | CVE-2023-32311MISC |
openfire -- openfire | Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice. | 2023-05-26 | not yet calculated | CVE-2023-32315MISC |
cloudexplorer_lite -- cloudexplorer_lite | CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability. | 2023-05-26 | not yet calculated | CVE-2023-32316MISC |
autolab_project -- autolab_project | Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both "Base File Tar" and "Additional file archive" can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade. | 2023-05-26 | not yet calculated | CVE-2023-32317MISCMISC |
nextcloud -- nextcloud_server | Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1. | 2023-05-26 | not yet calculated | CVE-2023-32318MISCMISC |
nextcloud -- nextcloud_server | Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-05-26 | not yet calculated | CVE-2023-32319MISCMISC |
ckan -- ckan | CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker's session store when configured to use the file session store backend. Potential DOS due to lack of a length check on the resource id. Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don't have access to it. Resource overwrite: A user with permission to create a resource can overwrite any resource if they know the id, even if they don't have access to it. A user with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded file in an arbitrary location. This can be leveraged to Remote Code Execution via Beaker's insecure pickle loading. All the above listed vulnerabilities have been fixed in CKAN 2.9.9 and CKAN 2.10.1. Users are advised to upgrade. There are no known workarounds for these issues. | 2023-05-26 | not yet calculated | CVE-2023-32321MISC |
matrix-org -- synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently. | 2023-05-26 | not yet calculated | CVE-2023-32323MISCMISCMISC |
posthog-js -- posthog-js | PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place. | 2023-05-27 | not yet calculated | CVE-2023-32325MISCMISC |
teltonika -- remote_management_system | Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System. | 2023-05-22 | not yet calculated | CVE-2023-32346MISC |
teltonika -- remote_management_system | Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices. | 2023-05-22 | not yet calculated | CVE-2023-32347MISC |
teltonika -- remote_management_system | Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN. | 2023-05-22 | not yet calculated | CVE-2023-32348MISC |
teltonika -- rut | Versions 00.07.00 through 00.07.03.4 of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. | 2023-05-22 | not yet calculated | CVE-2023-32349MISC |
teltonika -- rut | Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload. | 2023-05-22 | not yet calculated | CVE-2023-32350MISC |
autolab_project -- autolab_project | Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade. | 2023-05-26 | not yet calculated | CVE-2023-32676MISCMISC |
psf/requests -- psf/requests | Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. | 2023-05-26 | not yet calculated | CVE-2023-32681MISCMISCMISCMISC |
kiwi_tcms -- kiwi_tcms | Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. This issue has been patched in version 12.3. | 2023-05-27 | not yet calculated | CVE-2023-32686MISCMISC |
parse-server-push-adapter -- parse-server-push-adapter | parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3. | 2023-05-27 | not yet calculated | CVE-2023-32688MISCMISCMISC |
saleor -- core | Saleor Core is a composable, headless commerce API. Saleor's `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16. | 2023-05-25 | not yet calculated | CVE-2023-32694MISCMISC |
socket.io -- socket.io | socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. | 2023-05-27 | not yet calculated | CVE-2023-32695MISCMISCMISCMISC |
sqlite -- jdbc | SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. | 2023-05-23 | not yet calculated | CVE-2023-32697MISCMISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions. | 2023-05-26 | not yet calculated | CVE-2023-32964MISC |
zyxel -- atp_series | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. | 2023-05-24 | not yet calculated | CVE-2023-33009CONFIRM |
zyxel -- atp_series | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. | 2023-05-24 | not yet calculated | CVE-2023-33010CONFIRM |
nextcloud -- nextcloud_mail | Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3. | 2023-05-27 | not yet calculated | CVE-2023-33184MISCMISCMISC |
django -- django-ses | Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0. | 2023-05-26 | not yet calculated | CVE-2023-33185MISCMISCMISC |
highlight.io -- highlight.io | Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `type="password"` inputs. A customer may assume that switching to `type="text"` would also not record this input; hence, they would not add additional `highlight-mask` css-class obfuscation to this part of the DOM, resulting in unintentional recording of a password value when a `Show Password` button is used. This issue was patched in version 6.0.0. This patch tracks changes to the `type` attribute of an input to ensure an input that used to be a `type="password"` continues to be obfuscated. |
2023-05-26 | not yet calculated | CVE-2023-33187MISCMISC |
omni-notes -- omni-notes | Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability. | 2023-05-27 | not yet calculated | CVE-2023-33188MISC |
rust -- ntpd-rs | ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3. | 2023-05-27 | not yet calculated | CVE-2023-33192MISCMISC |
craft_cms -- craft_cms | Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6. | 2023-05-26 | not yet calculated | CVE-2023-33194MISCMISCMISC |
craft_cms -- craft_cms | Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6. | 2023-05-27 | not yet calculated | CVE-2023-33195MISCMISC |
craft_cms -- craft_cms | Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7. | 2023-05-26 | not yet calculated | CVE-2023-33196MISCMISCMISC |
craft_cms -- craft_cms | Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6. | 2023-05-26 | not yet calculated | CVE-2023-33197MISCMISCMISC |
rekor -- rekor | Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-05-26 | not yet calculated | CVE-2023-33199MISCMISC |
moxa -- mxsecurity | MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. | 2023-05-22 | not yet calculated | CVE-2023-33235MISC |
moxa -- mxsecurity | MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. | 2023-05-22 | not yet calculated | CVE-2023-33236MISC |
oracle -- apache_rocketmq | For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.
Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x . |
2023-05-24 | not yet calculated | CVE-2023-33246MISC |
talend -- data_catalog | Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.) | 2023-05-26 | not yet calculated | CVE-2023-33247MISC |
amazon -- alexa | Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful. | 2023-05-24 | not yet calculated | CVE-2023-33248MISCMISCMISCMISCMISCMISC |
akka_http -- akka_http | When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. | 2023-05-21 | not yet calculated | CVE-2023-33251CONFIRM |
iden3_snarkjs -- iden3_snarkjs | iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus. | 2023-05-21 | not yet calculated | CVE-2023-33252MISCMISC |
papaya_viewer -- papaya_viewer | An issue was discovered in Papaya Viewer 4a42701. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application | 2023-05-26 | not yet calculated | CVE-2023-33255MISCMISC |
softonic -- wftpd_server | In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006. | 2023-05-25 | not yet calculated | CVE-2023-33263MISC |
prestashop -- prestashop | In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | 2023-05-25 | not yet calculated | CVE-2023-33278MISCMISC |
prestashop -- prestashop | In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | 2023-05-25 | not yet calculated | CVE-2023-33279MISC |
prestashop -- prestashop | In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | 2023-05-25 | not yet calculated | CVE-2023-33280MISCMISC |
qt-project -- qt | An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. | 2023-05-22 | not yet calculated | CVE-2023-33285MISC |
kaios -- kaios | An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version. | 2023-05-22 | not yet calculated | CVE-2023-33293MISC |
kaios -- kaios | An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns proper CORS headers, it's accessible to all websites via the browser. At a bare minimum, this allows an attacker to retrieve a list of the user's installed apps, notifications, and downloads. It also allows an attacker to delete local files and modify system properties including the boolean persist.moz.killswitch property (which would render the device inoperable). This vulnerability is partially mitigated by SELinux which prevents reads, writes, or modifications to files or permissions within protected partitions. | 2023-05-22 | not yet calculated | CVE-2023-33294MISC |
bitcoin_core -- bitcoin_core | Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023. | 2023-05-22 | not yet calculated | CVE-2023-33297MISCMISCMISCMISCMISC |
piwigo -- piwigo | Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function. | 2023-05-23 | not yet calculated | CVE-2023-33359MISC |
piwigo -- piwigo | Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. | 2023-05-23 | not yet calculated | CVE-2023-33361MISC |
piwigo -- piwigo | Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. | 2023-05-23 | not yet calculated | CVE-2023-33362MISC |
skycaiji -- skycaiji | skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data. | 2023-05-26 | not yet calculated | CVE-2023-33394MISC |
easyimages2.0 -- easyimages2.0 | EasyImages2.0 ? 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php. | 2023-05-23 | not yet calculated | CVE-2023-33599MISC |
parks -- fiberlinks_210 | An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter. | 2023-05-23 | not yet calculated | CVE-2023-33617MISC |
mp4v2 -- mp4v2 | mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. | 2023-05-26 | not yet calculated | CVE-2023-33720MISC |
mipjz -- mipjz | A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd. | 2023-05-25 | not yet calculated | CVE-2023-33750MISC |
mipjz -- mipjz | A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php. | 2023-05-25 | not yet calculated | CVE-2023-33751MISC |
xxl-job -- xxl-job | A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/. | 2023-05-26 | not yet calculated | CVE-2023-33779MISCMISCMISC |
tfdi_design -- smartcars | A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article. | 2023-05-26 | not yet calculated | CVE-2023-33780MISC |
cloudogu_gmbh_scm_manager -- cloudogu_gmbh_scm_manager | A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. | 2023-05-24 | not yet calculated | CVE-2023-33829MISCMISCMISC |
liferay -- portal/dxp | Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field. | 2023-05-24 | not yet calculated | CVE-2023-33937MISC |
liferay -- portal/dxp | Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field. | 2023-05-24 | not yet calculated | CVE-2023-33938MISC |
liferay -- portal/dxp | Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label. | 2023-05-24 | not yet calculated | CVE-2023-33939MISC |
liferay -- portal/dxp | Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL. | 2023-05-24 | not yet calculated | CVE-2023-33940MISC |
liferay -- portal/dxp | Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. | 2023-05-24 | not yet calculated | CVE-2023-33941MISC |
liferay -- portal/dxp | Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field. | 2023-05-24 | not yet calculated | CVE-2023-33942MISC |
liferay -- portal/dxp | Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field. | 2023-05-24 | not yet calculated | CVE-2023-33943MISC |
liferay -- portal/dxp | Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field. | 2023-05-24 | not yet calculated | CVE-2023-33944MISC |
liferay -- portal/dxp | SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded. | 2023-05-24 | not yet calculated | CVE-2023-33945MISC |
liferay -- portal/dxp | The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page. | 2023-05-24 | not yet calculated | CVE-2023-33946MISC |
liferay -- portal/dxp | The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition. | 2023-05-24 | not yet calculated | CVE-2023-33947MISC |
liferay -- portal/dxp | The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL. | 2023-05-24 | not yet calculated | CVE-2023-33948MISC |
liferay -- portal/dxp | In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true. | 2023-05-24 | not yet calculated | CVE-2023-33949MISC |
liferay -- portal/dxp | Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs. | 2023-05-24 | not yet calculated | CVE-2023-33950MISC |
briar_project -- briar | Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact. | 2023-05-24 | not yet calculated | CVE-2023-33980MISCMISC |
briar_project -- briar | Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one. | 2023-05-24 | not yet calculated | CVE-2023-33981MISCMISC |
briar_project -- briar | Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol. | 2023-05-24 | not yet calculated | CVE-2023-33982MISCMISC |
briar_project -- briar | The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties. | 2023-05-24 | not yet calculated | CVE-2023-33983MISC |
Vulnerability Summary for the Week of May 15, 2023
Posted on Monday May 22, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
PrimaryVendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ideasoft --rental_module | Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15. | 2023-05-20 | 10 | CVE-2023-2712MISC |
wago -- multiple_products | In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. | 2023-05-15 | 9.8 | CVE-2023-1698MISC |
lost_and_found_information_system_project -- lost_and_found_information_system | A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-228884. | 2023-05-12 | 9.8 | CVE-2023-2668MISCMISC |
lost_and_found_information_system_project -- lost_and_found_information_system | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-228885 was assigned to this vulnerability. | 2023-05-12 | 9.8 | CVE-2023-2669MISCMISC |
lost_and_found_information_system_project -- lost_and_found_information_system | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. VDB-228886 is the identifier assigned to this vulnerability. | 2023-05-12 | 9.8 | CVE-2023-2670MISCMISC |
lost_and_found_information_system_project -- lost_and_found_information_system | A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228888. | 2023-05-12 | 9.8 | CVE-2023-2672MISCMISC |
companymaps_project -- companymaps | SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request. | 2023-05-12 | 9.8 | CVE-2023-29809MISCMISC |
judging_management_system_project -- judging_management_system | SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter. | 2023-05-12 | 9.8 | CVE-2023-30246MISCMISC |
storage_unit_rental_management_system_project -- storage_unit_rental_management_system | File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. | 2023-05-12 | 9.8 | CVE-2023-30247MISCMISC |
codesys -- multiple_products | An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 2023-05-15 | 8.8 | CVE-2022-47379MISC |
codesys -- multiple_products | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 2023-05-15 | 8.8 | CVE-2022-47380MISC |
codesys -- multiple_products | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 2023-05-15 | 8.8 | CVE-2022-47381MISC |
codesys -- multiple_products | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 2023-05-15 | 8.8 | CVE-2022-47382MISC |
codesys -- multiple_products | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 2023-05-15 | 8.8 | CVE-2022-47383MISC |
codesys -- multiple_products | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 2023-05-15 | 8.8 | CVE-2022-47384MISC |
codesys -- multiple_products | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 2023-05-15 | 8.8 | CVE-2022-47385MISC |
codesys -- multiple_products | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 2023-05-15 | 8.8 | CVE-2022-47386MISC |
codesys -- multiple_products | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 2023-05-15 | 8.8 | CVE-2022-47387MISC |
codesys -- multiple_products | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 2023-05-15 | 8.8 | CVE-2022-47388MISC |
codesys -- multiple_products | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 2023-05-15 | 8.8 | CVE-2022-47389MISC |
codesys -- multiple_products | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 2023-05-15 | 8.8 | CVE-2022-47390MISC |
google -- chrome | Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High) | 2023-05-12 | 8.8 | CVE-2023-2457MISCMISC |
google -- chrome | Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High) | 2023-05-12 | 8.8 | CVE-2023-2458MISCMISC |
ideasoft -- rental_module | Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15. | 2023-05-20 | 8.8 | CVE-2023-2713MISC |
codesys -- development_system_v3 | Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application. | 2023-05-15 | 7.7 | CVE-2022-4048MISC |
codesys -- multiple_products | In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service. | 2023-05-15 | 7.5 | CVE-2022-47391MISC |
rosariosis -- rosariosis | Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | 2023-05-12 | 7.5 | CVE-2023-2665CONFIRMMISC |
froxlor -- froxlor | Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16. | 2023-05-12 | 7.5 | CVE-2023-2666CONFIRMMISC |
PrimaryVendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
codesys -- multiple_products | Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition. | 2023-05-15 | 6.5 | CVE-2022-47378MISC |
codesys -- multiple_products | An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition. | 2023-05-15 | 6.5 | CVE-2022-47392MISC |
codesys -- multiple_products | An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation. | 2023-05-15 | 6.5 | CVE-2022-47393MISC |
lost_and_found_information_system_project -- lost_and_found_information_system | A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-228883. | 2023-05-12 | 6.1 | CVE-2023-2667MISCMISC |
lost_and_found_information_system_project -- lost_and_found_information_system | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228887. | 2023-05-12 | 6.1 | CVE-2023-2671MISCMISC |
companymaps_project -- companymaps | Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code. | 2023-05-12 | 6.1 | CVE-2023-29808MISCMISCMISC |
jerryscript -- jerryscript | Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. | 2023-05-12 | 5.5 | CVE-2023-31913MISC |
jerryscript -- jerryscript | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. | 2023-05-12 | 5.5 | CVE-2023-31914MISC |
jerryscript -- jerryscript | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. | 2023-05-12 | 5.5 | CVE-2023-31916MISC |
jerryscript -- jerryscript | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. | 2023-05-12 | 5.5 | CVE-2023-31918MISC |
jerryscript -- jerryscript | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. | 2023-05-12 | 5.5 | CVE-2023-31919MISC |
jerryscript -- jerryscript | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. | 2023-05-12 | 5.5 | CVE-2023-31920MISC |
jerryscript -- jerryscript | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. | 2023-05-12 | 5.5 | CVE-2023-31921MISC |
ibm -- planning_analytics_local | IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454. | 2023-05-12 | 5.4 | CVE-2023-28520MISCMISC |
ibm -- spectrum_protect | IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325. | 2023-05-12 | 4.9 | CVE-2023-27863MISCMISC |
codesolz -- easy_ad_manager | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin <= 1.0.0 versions. | 2023-05-12 | 4.8 | CVE-2023-25460MISC |
simple_tooltips_project -- simple_tooltips | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <= 2.1.4 versions. | 2023-05-12 | 4.8 | CVE-2023-25958MISC |
apexchat -- apexchat | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ApexChat plugin <= 1.3.1 versions. | 2023-05-12 | 4.8 | CVE-2023-28414MISC |
codesys -- multiple_products | Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type. | 2023-05-15 | 4.3 | CVE-2022-22508MISC |
PrimaryVendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
microsoft -- azure_arc_jumpstart | Azure Arc Jumpstart Information Disclosure Vulnerability | 2023-05-18 | 3.3 | CVE-2022-35798MISC |
PrimaryVendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
umbraco -- cms | Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx. | 2023-05-18 | not yet calculated | CVE-2019-25137MISCMISCMISCMISC |
google -- android | Product: AndroidVersions: Android SoCAndroid ID: A-273754094 | 2023-05-15 | not yet calculated | CVE-2021-0877MISC |
moodle -- moodle | Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. | 2023-05-16 | not yet calculated | CVE-2021-27131MISCMISC |
fastweb – fastgate_media_access | A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS. | 2023-05-19 | not yet calculated | CVE-2022-30114MISCMISCMISC |
western_digital -- multiple_products | An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202. | 2023-05-18 | not yet calculated | CVE-2022-36326MISCMISC |
western_digital -- multiple_products | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202. | 2023-05-18 | not yet calculated | CVE-2022-36327MISCMISC |
western_digital -- multiple_products | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This can only be exploited once an attacker gains root privileges on the devices using an authentication bypass issue or another vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202. | 2023-05-18 | not yet calculated | CVE-2022-36328MISCMISC |
xen -- xen | Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was introduced to keep track of how many threads require SSBD active in order to coordinate it, such logic relies on using a per-core counter of threads that have SSBD active. When running on the mentioned hardware, it's possible for a guest to under or overflow the thread counter, because each write to VIRT_SPEC_CTRL.SSBD by the guest gets propagated to the helper that does the per-core active accounting. Underflowing the counter causes the value to get saturated, and thus attempts for guests running on the same core to set SSBD won't have effect because the hypervisor assumes it's already active. | 2023-05-17 | not yet calculated | CVE-2022-42336MISC |
acronis -- cyber_protect_home_office | Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208. | 2023-05-18 | not yet calculated | CVE-2022-4418MISC |
algoo -- tracim | Algoo Tracim before 4.4.2 allows XSS via HTML file upload. | 2023-05-17 | not yet calculated | CVE-2022-45144MISCMISCMISC |
acronis -- multiple_products | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984. | 2023-05-18 | not yet calculated | CVE-2022-45450MISC |
acronis -- multiple_products | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. | 2023-05-18 | not yet calculated | CVE-2022-45452MISC |
acronis -- cyber_protect_15 | TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. | 2023-05-18 | not yet calculated | CVE-2022-45453MISC |
acronis -- multiple_products | Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984. | 2023-05-18 | not yet calculated | CVE-2022-45457MISC |
acronis -- multiple_products | Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984. | 2023-05-18 | not yet calculated | CVE-2022-45458MISC |
acronis -- multiple_products | Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. | 2023-05-18 | not yet calculated | CVE-2022-45459MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions. | 2023-05-20 | not yet calculated | CVE-2022-47134MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don Benjamin WP Custom Fields Search plugin <= 1.2.34 versions. | 2023-05-18 | not yet calculated | CVE-2022-47157MISC |
wordpress -- wordpress | The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. | 2023-05-15 | not yet calculated | CVE-2022-4774MISC |
ibm -- infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. | 2023-05-19 | not yet calculated | CVE-2022-47984MISCMISC |
vinteo -- vcc | Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser. | 2023-05-12 | not yet calculated | CVE-2022-48020MISCMISCMISC |
octopus -- octopus | In affected versions of Octopus Deploy it is possible to discover network details via error message | 2023-05-18 | not yet calculated | CVE-2022-4870MISC |
wordpress -- wordpress | The ActiveCampaign WordPress plugin before 8.1 |