US-CERT Vulnerability Summary for the Week of July 31, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
yunyecms — yunyecms | SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF. | 2023-07-31 | 9.8 | CVE-2020-21662 MISC |
raspap — raspap | A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. | 2023-08-01 | 9.8 | CVE-2022-39986 MISC MISC |
tp-link — archer_ax21_firmware | TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. | 2023-08-01 | 9.8 | CVE-2023-31710 MISC |
synel — synergy_fingerprint_terminals | Synel SYnergy Fingerprint Terminals – CWE-798: Use of Hard-coded Credentials | 2023-07-30 | 9.8 | CVE-2023-32227 MISC |
assaabloy — control_id_idsecure | Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | 2023-08-03 | 9.8 | CVE-2023-33371 MISC MISC |
ajaxmanager_project — ajaxmanager_file/ajaxmanager_database | An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload dangerous files without restrictions. | 2023-08-01 | 9.8 | CVE-2023-33493 MISC |
phpjabbers_ltd. — time_slots_booking_calendar | Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords. | 2023-08-01 | 9.8 | CVE-2023-33561 MISC MISC |
phpjabbers_ltd. — time_slots_booking_calendar | User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-01 | 9.8 | CVE-2023-33562 MISC MISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-28 | 9.8 | CVE-2023-34425 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
greenshot — greenshot | Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened. | 2023-08-01 | 9.8 | CVE-2023-34634 MISC MISC MISC MISC |
wifi-soft — unibox_administration | Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page. | 2023-07-31 | 9.8 | CVE-2023-34635 MISC MISC |
dedecms — dedecms | Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. | 2023-07-31 | 9.8 | CVE-2023-34842 MISC MISC |
chamilo — chamilo | A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. | 2023-08-01 | 9.8 | CVE-2023-34960 MISC MISC |
phpjabbers_ltd. — availability_booking_calendar | PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter. | 2023-08-04 | 9.8 | CVE-2023-36131 MISC MISC |
phpjabbers_ltd. — availability_booking_calendar | PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control. | 2023-08-04 | 9.8 | CVE-2023-36132 MISC MISC |
phpjabbers_ltd. — availability_booking_calendar | PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change. | 2023-08-04 | 9.8 | CVE-2023-36133 MISC MISC |
phpjabbers_ltd. — cleaning_business_software | In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | 2023-08-04 | 9.8 | CVE-2023-36139 MISC MISC |
motocms — motocms | MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter. | 2023-08-01 | 9.8 | CVE-2023-36210 MISC MISC |
apple — multiple_products | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-28 | 9.8 | CVE-2023-36495 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
synel — synergy_fingerprint_terminals | Synel SYnergy Fingerprint Terminals – CWE-78: ‘OS Command Injection’ | 2023-07-30 | 9.8 | CVE-2023-37213 MISC |
heights-t — ero1xs-pro_firmware | Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025. | 2023-07-30 | 9.8 | CVE-2023-37214 MISC |
jbl — jbl_bar_5.1_surround_firmware | JBL soundbar multibeam 5.1 – CWE-798: Use of Hard-coded Credentials | 2023-07-30 | 9.8 | CVE-2023-37215 MISC |
apple — multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-28 | 9.8 | CVE-2023-37285 MISC MISC MISC MISC MISC MISC MISC MISC |
pnpm — pnpm | pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via npm being replaced with a compromised or malicious version when installed via pnpm. This issue has been patched in version(s) 7.33.4 and 8.6.8. | 2023-08-01 | 9.8 | CVE-2023-37478 MISC MISC MISC |
semcms — semcms | SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php. | 2023-07-31 | 9.8 | CVE-2023-37647 MISC MISC MISC |
powerjob — powerjob | PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail. | 2023-07-28 | 9.8 | CVE-2023-37754 MISC MISC MISC |
phpgurukul — art_gallery_management_system | Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. | 2023-07-31 | 9.8 | CVE-2023-37771 MISC |
apple — multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-28 | 9.8 | CVE-2023-38598 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-28 | 9.8 | CVE-2023-38604 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
jeecg-boot — jeecg-boot | jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData. | 2023-07-28 | 9.8 | CVE-2023-38992 MISC |
lessthanoptimal — boofcv | BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file. | 2023-07-28 | 9.8 | CVE-2023-39010 MISC |
larsga — duke | Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. | 2023-07-28 | 9.8 | CVE-2023-39013 MISC |
code4craft — webmagic | webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader. | 2023-07-28 | 9.8 | CVE-2023-39015 MISC |
bbossgroups — bboss-persistent | bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | 9.8 | CVE-2023-39016 MISC |
softwareag — quartz | quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | 9.8 | CVE-2023-39017 MISC |
ffmpeg — ffmpeg | FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | 9.8 | CVE-2023-39018 MISC |
stanford — stanford_parser | stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | 9.8 | CVE-2023-39020 MISC |
wix — wix_embedded_mysql | wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | 9.8 | CVE-2023-39021 MISC |
oscore — oscore | oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | 9.8 | CVE-2023-39022 MISC |
university_compass_project — university_compass | university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | 9.8 | CVE-2023-39023 MISC |
bmc — control-m | BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200). | 2023-07-31 | 9.8 | CVE-2023-39122 MISC |
phpscriptpoint — recipepoint | A vulnerability, which was classified as critical, was found in phpscriptpoint RecipePoint 1.9. This affects an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cooking_method leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-235605 was assigned to this vulnerability. | 2023-07-28 | 9.8 | CVE-2023-3984 MISC MISC |
sourcecodester — online_jewelry_store | A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235606 is the identifier assigned to this vulnerability. | 2023-07-28 | 9.8 | CVE-2023-3985 MISC MISC MISC |
sourcecodester — simple_online_mens_salon_management_system | A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235608. | 2023-07-28 | 9.8 | CVE-2023-3987 MISC MISC MISC |
cafe_billing_system_project — cafe_billing_system | A vulnerability was found in Cafe Billing System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Order Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235609 was assigned to this vulnerability. | 2023-07-28 | 9.8 | CVE-2023-3988 MISC MISC MISC |
fossbilling — fossbilling | Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5. | 2023-07-31 | 9.8 | CVE-2023-4005 MISC MISC |
phpmyfaq — phpmyfaq | Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16. | 2023-07-31 | 9.8 | CVE-2023-4006 MISC MISC |
mozilla — multiple_products | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | 2023-08-01 | 9.8 | CVE-2023-4056 MISC MISC MISC MISC MISC MISC |
mozilla — multiple_products | Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1. | 2023-08-01 | 9.8 | CVE-2023-4057 MISC MISC MISC |
mozilla — firefox | Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116. | 2023-08-01 | 9.8 | CVE-2023-4058 MISC MISC |
google — chrome | Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | 9.6 | CVE-2022-4920 MISC MISC |
google — chrome | Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | 9.6 | CVE-2022-4924 MISC MISC |
precisely — spectrum_spatial_analyst | Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF). | 2023-07-31 | 9.1 | CVE-2022-42183 MISC MISC |
assaabloy — control_id_idsecure | A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. | 2023-08-03 | 9.1 | CVE-2023-33369 MISC MISC |
google — chrome | Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | 8.8 | CVE-2021-4317 MISC MISC |
google — chrome | Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | 8.8 | CVE-2021-4318 MISC MISC |
google — chrome | Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | 8.8 | CVE-2021-4319 MISC MISC |
google — chrome | Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | 8.8 | CVE-2021-4320 MISC MISC |
google — chrome | Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium) | 2023-07-29 | 8.8 | CVE-2021-4322 MISC MISC |
raspap — raspap | A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the “entity” POST parameters in /ajax/networking/get_wgkey.php. | 2023-08-01 | 8.8 | CVE-2022-39987 MISC MISC |
codesys — codesys_control_for_beaglebone_sl | In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device. | 2023-08-03 | 8.8 | CVE-2022-4046 MISC |
google — chrome | Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | 8.8 | CVE-2022-4906 MISC MISC MISC |
google — chrome | Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | 8.8 | CVE-2022-4907 MISC MISC MISC |
google — chrome | Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | 8.8 | CVE-2022-4912 MISC MISC |
google — chrome | Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | 8.8 | CVE-2022-4914 MISC MISC |
google — chrome | Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | 8.8 | CVE-2022-4916 MISC MISC |
google — chrome | Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | 8.8 | CVE-2022-4918 MISC MISC |
google — chrome | Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | 8.8 | CVE-2022-4919 MISC MISC |
google — chrome | Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | 8.8 | CVE-2022-4921 MISC MISC |
google — chrome | Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High) | 2023-07-29 | 8.8 | CVE-2023-2313 MISC MISC MISC |
sztozed — zlt_s10g_firmware | A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process. | 2023-07-31 | 8.8 | CVE-2023-33534 MISC |
phpjabbers_ltd. — time_slots_booking_calendar | In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | 2023-08-01 | 8.8 | CVE-2023-33563 MISC MISC |
ibm — security_verify_governance | IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873. | 2023-07-31 | 8.8 | CVE-2023-35019 MISC MISC |
google — chrome | Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-07-28 | 8.8 | CVE-2023-3598 MISC MISC MISC |
totalcms — total_cms | File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function. | 2023-08-03 | 8.8 | CVE-2023-36212 MISC MISC MISC |
eramba — eramba | An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL. | 2023-08-03 | 8.8 | CVE-2023-36255 MISC MISC |
apache — nifi | Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation. | 2023-07-29 | 8.8 | CVE-2023-36542 MISC MISC MISC MISC |
codesys — codesys_development_system | In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server. | 2023-08-03 | 8.8 | CVE-2023-3663 MISC |
google — chrome | Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-01 | 8.8 | CVE-2023-3727 MISC MISC |
google — chrome | Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-01 | 8.8 | CVE-2023-3728 MISC MISC |
google — chrome | Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium security severity: High) | 2023-08-01 | 8.8 | CVE-2023-3729 MISC MISC |
google — chrome | Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-01 | 8.8 | CVE-2023-3730 MISC MISC |
google — chrome | Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | 2023-08-01 | 8.8 | CVE-2023-3731 MISC MISC |
google — chrome | Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-01 | 8.8 | CVE-2023-3732 MISC MISC |
online_shopping_portal_project — online_shopping_portal | Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. | 2023-08-01 | 8.8 | CVE-2023-37772 MISC MISC MISC |
apple — multiple_products | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory. | 2023-07-28 | 8.8 | CVE-2023-38590 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution. | 2023-07-28 | 8.8 | CVE-2023-38592 MISC MISC MISC MISC MISC MISC MISC |
rconfig — rconfig | rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. | 2023-08-01 | 8.8 | CVE-2023-39108 MISC |
rconfig — rconfig | rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. | 2023-08-01 | 8.8 | CVE-2023-39109 MISC |
rconfig — rconfig | rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. | 2023-08-01 | 8.8 | CVE-2023-39110 MISC |
advantech — iview | An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection. | 2023-07-31 | 8.8 | CVE-2023-3983 MISC |
google — chrome | Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-03 | 8.8 | CVE-2023-4069 MISC MISC MISC |
google — chrome | Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-03 | 8.8 | CVE-2023-4071 MISC MISC MISC |
google — chrome | Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-03 | 8.8 | CVE-2023-4072 MISC MISC MISC |
google — chrome | Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-03 | 8.8 | CVE-2023-4073 MISC MISC MISC |
google — chrome | Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-03 | 8.8 | CVE-2023-4074 MISC MISC MISC |
google — chrome | Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-03 | 8.8 | CVE-2023-4075 MISC MISC MISC |
google — chrome | Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) | 2023-08-03 | 8.8 | CVE-2023-4076 MISC MISC MISC |
google — chrome | Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) | 2023-08-03 | 8.8 | CVE-2023-4077 MISC MISC MISC |
google — chrome | Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) | 2023-08-03 | 8.8 | CVE-2023-4078 MISC MISC MISC |
silverstripe — framework | Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13. | 2023-08-01 | 8.1 | CVE-2023-32302 MISC MISC MISC MISC |
google — chrome | Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-08-03 | 8.1 | CVE-2023-4068 MISC MISC MISC |
google — chrome | Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-08-03 | 8.1 | CVE-2023-4070 MISC MISC MISC |
wordpress — wordpress | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the ‘->cus2’ parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution. | 2023-08-04 | 8 | CVE-2023-4141 MISC MISC MISC |
wordpress — wordpress | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the ‘->cus1’ parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution. | 2023-08-04 | 8 | CVE-2023-4142 MISC MISC MISC |
psappdeploytoolkit — powershell_app_deployment_toolkit | In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-01 | 7.8 | CVE-2020-10962 MISC MISC |
ultralytics — yolov5 | Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file. | 2023-07-31 | 7.8 | CVE-2021-31680 MISC |
ultralytics — yolov3 | Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file. | 2023-07-31 | 7.8 | CVE-2021-31681 MISC |
ibm — spectrum_scale_container_native_storage_access | IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941. | 2023-07-31 | 7.8 | CVE-2022-43831 MISC MISC |
broadcom — brocade_fabric_os | A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled. | 2023-08-01 | 7.8 | CVE-2023-31425 MISC |
viatomtech — vihealth_for_android | An issue in Viatom Health ViHealth for Android v.2.74.58 and before allows a remote attacker to execute arbitrary code via the com.viatom.baselib.mvvm.webWebViewActivity component. | 2023-08-01 | 7.8 | CVE-2023-36351 MISC MISC |
tadiran_telecom — aeonix | Tadiran Telecom Composit – CWE-1236: Improper Neutralization of Formula Elements in a CSV File | 2023-07-30 | 7.8 | CVE-2023-37219 MISC |
f5_networks — big-ip_edge_client_for_macos | The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-08-02 | 7.8 | CVE-2023-38418 MISC |
webkul — uvdesk | An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. | 2023-08-01 | 7.8 | CVE-2023-39147 MISC MISC |
splunk — soar | Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action. | 2023-07-31 | 7.8 | CVE-2023-3997 MISC |
linux — kernel | A use-after-free flaw was found in the Linux kernel’s netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. | 2023-07-31 | 7.8 | CVE-2023-4004 MISC MISC MISC |
mlflow — mlflow | OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0. | 2023-08-01 | 7.8 | CVE-2023-4033 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry. | 2023-08-02 | 7.5 | CVE-2023-0632 MISC MISC |
underscore-keypath_project — underscore-keypath | Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “__proto__”. | 2023-08-01 | 7.5 | CVE-2023-26139 MISC MISC |
apple — multiple_products | A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions. | 2023-07-28 | 7.5 | CVE-2023-32444 MISC MISC MISC MISC MISC MISC |
assaabloy — control_id_idsecure | An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service. | 2023-08-03 | 7.5 | CVE-2023-33370 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint. | 2023-08-02 | 7.5 | CVE-2023-3364 MISC MISC |
asus — rt-ax88u_firmware | ASUS RT-AX88U’s httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition. | 2023-07-31 | 7.5 | CVE-2023-34358 MISC |
asus — rt-ax88u_firmware | ASUS RT-AX88U’s httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the “do_json_decode()” function of ej.c, resulting in a DoS condition. | 2023-07-31 | 7.5 | CVE-2023-34359 MISC |
lavalite_cms — lavalite_cms | LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | 2023-08-01 | 7.5 | CVE-2023-36983 MISC MISC |
lavalite_cms — lavalite_cms | LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. | 2023-08-01 | 7.5 | CVE-2023-36984 MISC MISC |
tadiran_telecom — aeonix | Tadiran Telecom Aeonix – CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 2023-07-30 | 7.5 | CVE-2023-37218 MISC |
f5_networks — big-ip_configuration | A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-08-02 | 7.5 | CVE-2023-38138 MISC |
kepware — kepserverex | PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed. | 2023-07-31 | 7.5 | CVE-2023-3825 MISC |
apple — multiple_products | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences. | 2023-07-28 | 7.5 | CVE-2023-38571 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to modify protected parts of the file system. | 2023-07-28 | 7.5 | CVE-2023-38601 MISC MISC MISC MISC MISC MISC |
apple — macos_ventura | An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences. | 2023-07-28 | 7.5 | CVE-2023-38609 MISC MISC |
discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. | 2023-07-28 | 7.5 | CVE-2023-38684 MISC MISC |
zimbra — zimbra_collaboration | In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed. | 2023-07-31 | 7.5 | CVE-2023-38750 MISC MISC |
gitlab — gitlab_ce/ee | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid ‘start_sha’ value on merge requests page may lead to Denial of Service as Changes tab would not load. | 2023-08-02 | 7.5 | CVE-2023-3900 MISC MISC |
gitlab — gitlab_ce/ee | An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint. | 2023-08-02 | 7.5 | CVE-2023-3993 MISC |
gitlab — gitlab_ce/ee | An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint. | 2023-08-02 | 7.5 | CVE-2023-3994 MISC MISC |
gitlab — gitlab_ee | An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS. | 2023-08-02 | 7.5 | CVE-2023-4011 MISC |
mozilla — multiple_products | An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | 2023-08-01 | 7.5 | CVE-2023-4048 MISC MISC MISC MISC MISC MISC |
mozilla — firefox | A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116. | 2023-08-01 | 7.5 | CVE-2023-4051 MISC MISC |
wordpress — wordpress | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files. | 2023-08-04 | 7.5 | CVE-2023-4139 MISC MISC |
codesys — codesys_development_system | In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context . | 2023-08-03 | 7.3 | CVE-2023-3662 MISC |
codesys — codesys_development_system/scripting | In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users. | 2023-07-28 | 7.3 | CVE-2023-3670 MISC |
rail_pass_management_system_project — rail_pass_management_system | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file. | 2023-07-28 | 7.2 | CVE-2023-31932 MISC |
rail_pass_management_system_project — rail_pass_management_system | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file. | 2023-07-28 | 7.2 | CVE-2023-31933 MISC |
rail_pass_management_system_project — rail_pass_management_system | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file. | 2023-07-28 | 7.2 | CVE-2023-31936 MISC |
rail_pass_management_system_project — rail_pass_management_system | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file. | 2023-07-28 | 7.2 | CVE-2023-31937 MISC |
sysaid — sysaid_on-premises | Sysaid – CWE-434: Unrestricted Upload of File with Dangerous Type – A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. | 2023-07-30 | 7.2 | CVE-2023-32225 MISC |
f5_networks — big-ip_edge_client_for_windows_and_macos | An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-08-02 | 7.1 | CVE-2023-36858 MISC |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wordpress — wordpress | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the ‘get_header_values’ function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the ‘wp_capabilities->cus1’ parameter. | 2023-08-04 | 6.6 | CVE-2023-4140 MISC MISC MISC |
duxcms_project — duxcms | Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add. | 2023-07-31 | 6.5 | CVE-2020-21881 MISC |
google — chrome | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium) | 2023-07-29 | 6.5 | CVE-2021-4323 MISC MISC |
google — chrome | Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium) | 2023-07-29 | 6.5 | CVE-2021-4324 MISC MISC |
wordpress — wordpress | The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions | 2023-07-31 | 6.5 | CVE-2022-4888 MISC |
google — chrome | Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | 6.5 | CVE-2022-4911 MISC MISC |
google — chrome | Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | 6.5 | CVE-2022-4913 MISC MISC |
google — chrome | Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | 6.5 | CVE-2022-4915 MISC MISC |
google — chrome | Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | 6.5 | CVE-2022-4922 MISC MISC |
google — chrome | Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low) | 2023-07-29 | 6.5 | CVE-2022-4925 MISC MISC |
google — chrome_for_android | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | 6.5 | CVE-2022-4926 MISC MISC |
google — chrome | Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | 6.5 | CVE-2023-2311 MISC MISC MISC |
google — chrome | Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | 6.5 | CVE-2023-2314 MISC MISC MISC |
ibm — multi-enterprise_integration_gateway | IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976. | 2023-07-31 | 6.5 | CVE-2023-24971 MISC MISC |
broadcom — brocade_fabric_os | The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information. | 2023-08-01 | 6.5 | CVE-2023-31426 MISC |
sysaid — sysaid_on-premises | Sysaid – CWE-552: Files or Directories Accessible to External Parties – Authenticated users may exfiltrate files from the server via an unspecified method. | 2023-07-30 | 6.5 | CVE-2023-32226 MISC |
apple — macos_ventura | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user. | 2023-07-28 | 6.5 | CVE-2023-32654 MISC MISC |
assaabloy — control_id_idsecure | Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. | 2023-08-03 | 6.5 | CVE-2023-33368 MISC MISC |
wordpress — wordpress | The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user’s email addresses, making it possible for any students to leak them via some of the plugin’s REST API endpoints. | 2023-07-31 | 6.5 | CVE-2023-3345 MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project ‘from export’ could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html). | 2023-08-02 | 6.5 | CVE-2023-3385 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. | 2023-08-02 | 6.5 | CVE-2023-3401 MISC MISC |
ibm — security_verify_governance | IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772. | 2023-07-31 | 6.5 | CVE-2023-35016 MISC MISC |
wordpress — wordpress | The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack | 2023-07-31 | 6.5 | CVE-2023-3507 MISC |
wordpress — wordpress | The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks | 2023-07-31 | 6.5 | CVE-2023-3508 MISC |
anasystem — sensmini_m4_firmware | AnaSystem SensMini M4 – Using the configuration tool, an authenticated user can cause Denial of Service for the device | 2023-07-30 | 6.5 | CVE-2023-37216 MISC |
codesys — multiple_products | In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550 | 2023-08-03 | 6.5 | CVE-2023-37545 MISC |
codesys — multiple_products | In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550 | 2023-08-03 | 6.5 | CVE-2023-37546 MISC |
codesys — multiple_products | In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550 | 2023-08-03 | 6.5 | CVE-2023-37547 MISC |
codesys — multiple_products | In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550 | 2023-08-03 | 6.5 | CVE-2023-37548 MISC |
codesys — multiple_products | In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550 | 2023-08-03 | 6.5 | CVE-2023-37549 MISC |
codesys — multiple_products | In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549. | 2023-08-03 | 6.5 | CVE-2023-37550 MISC |
codesys — multiple_products | In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller. | 2023-08-03 | 6.5 | CVE-2023-37551 MISC |
codesys — multiple_products | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556. | 2023-08-03 | 6.5 | CVE-2023-37552 MISC |
codesys — multiple_products | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556. | 2023-08-03 | 6.5 | CVE-2023-37553 MISC |
codesys — multiple_products | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37555 and CVE-2023-37556. | 2023-08-03 | 6.5 | CVE-2023-37554 MISC |
codesys — multiple_products | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37556. | 2023-08-03 | 6.5 | CVE-2023-37555 MISC |
codesys — multiple_products | In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555. | 2023-08-03 | 6.5 | CVE-2023-37556 MISC |
codesys — multiple_products | After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition. | 2023-08-03 | 6.5 | CVE-2023-37557 MISC |
codesys — multiple_products | After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559 | 2023-08-03 | 6.5 | CVE-2023-37558 MISC |
codesys — multiple_products | After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558 | 2023-08-03 | 6.5 | CVE-2023-37559 MISC |
discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade. | 2023-07-28 | 6.5 | CVE-2023-38498 MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information. | 2023-07-28 | 6.5 | CVE-2023-38599 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
mozilla — firefox | The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1. | 2023-08-01 | 6.5 | CVE-2023-4052 MISC MISC MISC |
mozilla — firefox | A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116. | 2023-08-01 | 6.5 | CVE-2023-4053 MISC MISC |
google — chrome | Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | 6.3 | CVE-2022-4909 MISC MISC MISC |
abb — ao-opc | A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 | 2023-07-28 | 6.3 | CVE-2023-2685 MISC |
google — chrome | Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low) | 2023-08-01 | 6.3 | CVE-2023-3739 MISC MISC |
qibosoft — qibosoft | Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php. | 2023-08-03 | 6.1 | CVE-2020-20808 MISC |
yiiframework — yii | Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. | 2023-07-28 | 6.1 | CVE-2022-31454 MISC MISC |
wordpress — wordpress | The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin’s administrative page, which allows reflected XSS attacks targeting administrators to happen. | 2023-07-31 | 6.1 | CVE-2023-0602 MISC |
tribe29 — checkmk | Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. | 2023-08-01 | 6.1 | CVE-2023-23548 MISC |
wordpress — wordpress | The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. | 2023-07-31 | 6.1 | CVE-2023-3134 MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack. | 2023-07-28 | 6.1 | CVE-2023-32445 MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-07-31 | 6.1 | CVE-2023-3292 MISC |
phpjabbers_ltd. — time_slots_booking_calendar | There is a Cross Site Scripting (XSS) vulnerability in “cid” parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. | 2023-08-01 | 6.1 | CVE-2023-33560 MISC MISC |
phpjabbers_ltd. — time_slots_booking_calendar | There is a Cross Site Scripting (XSS) vulnerability in the “theme” parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. | 2023-08-01 | 6.1 | CVE-2023-33564 MISC MISC |
phpjabbers_ltd. — catering_system | PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot. | 2023-08-01 | 6.1 | CVE-2023-34869 MISC MISC |
fuge_cms — fuge_cms | Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. | 2023-07-31 | 6.1 | CVE-2023-34916 MISC MISC |
fuge_cms — fuge_cms | Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. | 2023-07-31 | 6.1 | CVE-2023-34917 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims. | 2023-08-02 | 6.1 | CVE-2023-3500 MISC MISC |
vound-software — intella_connect | Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability. | 2023-07-31 | 6.1 | CVE-2023-35791 MISC |
vound-software — intella_connect | Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS). | 2023-07-31 | 6.1 | CVE-2023-35792 MISC |
phpjabbers_ltd. — cleaning_business_software | PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php. | 2023-08-04 | 6.1 | CVE-2023-36138 MISC MISC |
zimbra — zimbra_collaboration | Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. | 2023-07-31 | 6.1 | CVE-2023-37580 MISC MISC |
webmin — webmin | An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim’s browser when the download link is accessed. | 2023-07-31 | 6.1 | CVE-2023-38305 MISC MISC |
webmin — webmin | An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code. | 2023-07-31 | 6.1 | CVE-2023-38306 MISC MISC |
webmin — webmin | An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim’s browser. | 2023-07-31 | 6.1 | CVE-2023-38308 MISC MISC |
webmin — webmin | An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the “Search for Package” field, which gets reflected back in the application’s response, leading to the execution of arbitrary JavaScript code within the context of the victim’s browser. | 2023-07-31 | 6.1 | CVE-2023-38309 MISC MISC |
sourcecodester — jewelry_store_system | A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add_customer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifier assigned to this vulnerability. | 2023-07-28 | 6.1 | CVE-2023-3989 MISC MISC MISC |
mingsoft — mcms | A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611. | 2023-07-28 | 6.1 | CVE-2023-3990 MISC MISC MISC |
wordpress — wordpress | The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab_date’ and ‘tab_date_r’ parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-08-02 | 6.1 | CVE-2023-4067 MISC MISC |
phpjabbers_ltd. — shuttle_booking_software | A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-03 | 6.1 | CVE-2023-4112 MISC MISC MISC |
phpjabbers_ltd. — service_booking_script | A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-03 | 6.1 | CVE-2023-4113 MISC MISC MISC |
phpjabbers_ltd. — night_club_booking_software | A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-03 | 6.1 | CVE-2023-4114 MISC MISC MISC |
phpjabbers_ltd. — cleaning_business_software | A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-03 | 6.1 | CVE-2023-4115 MISC MISC MISC |
phpjabbers_ltd. — taxi_booking_script | A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-03 | 6.1 | CVE-2023-4116 MISC MISC MISC |
phpjabbers_ltd. — rental_property_booking_calendar | A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-03 | 6.1 | CVE-2023-4117 MISC MISC MISC |
f5_networks — big-ip | Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password. On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest. The following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F. The BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-08-02 | 6 | CVE-2023-3470 MISC |
apple — music_for_android | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic. | 2023-07-28 | 5.9 | CVE-2023-32427 MISC |
apple — music_for_android | The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts. | 2023-07-28 | 5.5 | CVE-2023-28203 MISC |
broadcom — brocade_fabric_os | Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. | 2023-08-01 | 5.5 | CVE-2023-31429 MISC |
freedesktop — poppler | A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. | 2023-07-31 | 5.5 | CVE-2023-34872 MISC MISC |
silabs — gecko_software_development_kit | Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. | 2023-07-28 | 5.5 | CVE-2023-3488 MISC MISC |
artifex — ghostscript | A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. | 2023-08-01 | 5.5 | CVE-2023-38559 MISC MISC MISC MISC |
artifex — ghostscript | An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. | 2023-08-01 | 5.5 | CVE-2023-38560 MISC MISC MISC MISC MISC |
duxcms_project — duxcms | Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post. | 2023-07-31 | 5.4 | CVE-2020-36763 MISC |
google — chrome | Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | 5.4 | CVE-2022-4910 MISC MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta. | 2023-08-02 | 5.4 | CVE-2023-2164 MISC MISC |
ibm — multi-enterprise_integration_gateway | IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076. | 2023-07-31 | 5.4 | CVE-2023-22595 MISC |
verint — engagement_management | Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat. | 2023-08-02 | 5.4 | CVE-2023-33257 MISC |
asus — rt-ax88u_firmware | A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code. | 2023-07-31 | 5.4 | CVE-2023-34360 MISC |
faculty_evaulation_system_project — faculty_evaulation_system | Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter. | 2023-08-01 | 5.4 | CVE-2023-36118 MISC MISC MISC MISC MISC |
e107 — e107 | Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. | 2023-08-02 | 5.4 | CVE-2023-36121 MISC MISC MISC MISC |
cubiclesoft — barebones_cms | The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel. | 2023-08-01 | 5.4 | CVE-2023-36211 MISC |
discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn’t applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn’t have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting. | 2023-07-28 | 5.4 | CVE-2023-37467 MISC MISC |
hcl_software — verse | HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim’s web browser to perform operations as the victim and/or steal the victim’s cookies, session tokens, or other sensitive information. | 2023-08-01 | 5.4 | CVE-2023-37496 MISC |
webmin — webmin | An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group’s real name parameter. | 2023-07-31 | 5.4 | CVE-2023-38303 MISC MISC |
webmin — webmin | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group. | 2023-07-31 | 5.4 | CVE-2023-38304 MISC MISC |
webmin — webmin | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user’s real name. | 2023-07-31 | 5.4 | CVE-2023-38307 MISC MISC |
webmin — webmin | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed. | 2023-07-31 | 5.4 | CVE-2023-38310 MISC MISC |
webmin — webmin | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page. | 2023-07-31 | 5.4 | CVE-2023-38311 MISC MISC |
zoho_corp — manageengine_supportcenter_plus | Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module. | 2023-07-28 | 5.4 | CVE-2023-38331 MISC MISC |
f5_networks — big-ip | A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-08-02 | 5.4 | CVE-2023-38423 MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16. | 2023-07-31 | 5.4 | CVE-2023-4007 MISC MISC |
ibm — tririga_application_platform | IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744. | 2023-07-31 | 5.3 | CVE-2020-4868 MISC MISC |
precisely — spectrum_spatial_analyst | Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Traversal. | 2023-07-31 | 5.3 | CVE-2022-42182 MISC MISC |
hashicorp — vault/vault_enterprise | HashiCorp’s Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5. | 2023-07-31 | 5.3 | CVE-2023-3462 MISC |
tadiran_telecom — aeonix | Tadiran Telecom Aeonix – CWE-204: Observable Response Discrepancy | 2023-07-30 | 5.3 | CVE-2023-37217 MISC |
rws — worldserver | Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions. | 2023-08-01 | 5.3 | CVE-2023-38357 MISC MISC FULLDISC |
hashicorp — vault | An unhandled error in Vault Enterprise’s namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9. | 2023-07-28 | 4.9 | CVE-2023-3774 MISC |
neofr — neofrag | Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings. | 2023-07-31 | 4.8 | CVE-2021-31651 MISC |
wordpress — wordpress | The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-07-31 | 4.8 | CVE-2023-3130 MISC |
rail_pass_management_system_project — rail_pass_management_system | Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. | 2023-07-28 | 4.8 | CVE-2023-31934 MISC |
rail_pass_management_system_project — rail_pass_management_system | Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php. | 2023-07-28 | 4.8 | CVE-2023-31935 MISC MISC |
sourcecodester — simple_online_mens_salon_management_system | A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235607. | 2023-07-28 | 4.8 | CVE-2023-3986 MISC MISC MISC |
amd — multiple_products | A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. | 2023-08-01 | 4.7 | CVE-2023-20583 MISC |
linux — kernel | A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service. | 2023-07-31 | 4.6 | CVE-2023-4010 MISC MISC MISC |
f5_networks — f50s-a | Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-08-02 | 4.4 | CVE-2023-36494 MISC |
google — chrome | Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | 4.3 | CVE-2021-4316 MISC MISC |
google — chrome | Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | 4.3 | CVE-2021-4321 MISC MISC |
octopus — octopus_deploy | In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment. | 2023-08-02 | 4.3 | CVE-2022-2416 MISC |
google — chrome | Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | 4.3 | CVE-2022-4908 MISC MISC MISC |
google — chrome_for_android | Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | 4.3 | CVE-2022-4917 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user’s email via an error message for groups that restrict membership by email domain. | 2023-08-02 | 4.3 | CVE-2023-1210 MISC MISC |
gitlab — gitlab_ce/ee | An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don’t have access to merge | 2023-08-02 | 4.3 | CVE-2023-2022 MISC MISC |
liferay — digital_experience_platform | The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations. | 2023-08-02 | 4.3 | CVE-2023-3426 MISC |
google — chrome | Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 2023-08-01 | 4.3 | CVE-2023-3733 MISC MISC |
google — chrome | Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 2023-08-01 | 4.3 | CVE-2023-3734 MISC MISC |
google — chrome | Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | 2023-08-01 | 4.3 | CVE-2023-3735 MISC MISC |
google — chrome_for_android | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 2023-08-01 | 4.3 | CVE-2023-3736 MISC MISC |
google — chrome | Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium) | 2023-08-01 | 4.3 | CVE-2023-3737 MISC MISC |
google — chrome | Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | 2023-08-01 | 4.3 | CVE-2023-3738 MISC MISC |
google — chrome | Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low) | 2023-08-01 | 4.3 | CVE-2023-3740 MISC MISC |
discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. | 2023-07-28 | 4.3 | CVE-2023-37906 MISC MISC |
f5_networks — big-ip | An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-08-02 | 4.3 | CVE-2023-38419 MISC |
discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. | 2023-07-28 | 4.3 | CVE-2023-38685 MISC MISC |
jeesite — jeesite | An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators. | 2023-07-28 | 4.3 | CVE-2023-38988 MISC |
jeesite — jeesite | An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator’s role information. | 2023-07-31 | 4.3 | CVE-2023-38989 MISC |
jeesite — jeesite | An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator. | 2023-08-02 | 4.3 | CVE-2023-38990 MISC |
wordpress — wordpress | Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-28 | 4.3 | CVE-2023-3977 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
codesys — codesys_development_system | A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog. | 2023-08-03 | 3.3 | CVE-2023-3669 MISC |
google — chrome | Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low) | 2023-07-29 | 3.1 | CVE-2022-4923 MISC MISC |
bluetens — bluetensq | Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the intensity of the stimulator by hijacking the BLE communication. | 2023-08-03 | 3.1 | CVE-2023-26979 MISC MISC |
discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites. | 2023-07-28 | 3.1 | CVE-2023-37904 MISC MISC |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
semcms — semcms | File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php. | 2023-08-05 | not yet calculated | CVE-2020-23564 MISC MISC |
cisco — cisco_sd-wan_vmanage | A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application. | 2023-08-04 | not yet calculated | CVE-2020-26064 MISC |
cisco — cisco_sd-wan_vmanage | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. | 2023-08-04 | not yet calculated | CVE-2020-26065 MISC |
cisco — email_security_appliance | A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. | 2023-08-04 | not yet calculated | CVE-2020-26082 MISC |
octopus — octopus_server | In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. | 2023-08-02 | not yet calculated | CVE-2022-2346 MISC |
cybozu_inc — remote_service | Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition. | 2023-08-03 | not yet calculated | CVE-2022-26838 MISC MISC |
dell — xtremio_x2_xms | Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default. | 2023-08-03 | not yet calculated | CVE-2022-34453 MISC |
ibm — sdk_java_technology_edition | IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. | 2023-08-02 | not yet calculated | CVE-2022-40609 MISC MISC |
openrefine — openrefine | OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. | 2023-08-04 | not yet calculated | CVE-2022-41401 MISC MISC MISC |
ngsurvey — ngsurvey | Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys. | 2023-08-02 | not yet calculated | CVE-2022-46484 MISC |
ngsurvey — ngsurvey | Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a “Text Field”, “Comment Field” or “Contact Details”. | 2023-08-02 | not yet calculated | CVE-2022-46485 MISC |
stormshield_sas — ssl_vpn_client | An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine. | 2023-08-05 | not yet calculated | CVE-2022-46782 MISC |
google — chrome | Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-08-04 | not yet calculated | CVE-2022-4955 MISC MISC |
keycloaks — openid_connect | A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability. | 2023-08-04 | not yet calculated | CVE-2023-0264 MISC |
mitsubishi_electric_corporation — got2000_series | Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled. | 2023-08-04 | not yet calculated | CVE-2023-0525 MISC MISC MISC |
tel-ster — telwin_scada_webinterface | External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system. | 2023-08-03 | not yet calculated | CVE-2023-0956 MISC MISC MISC |
advantech — webaccess/scada | All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files. | 2023-08-02 | not yet calculated | CVE-2023-1437 MISC |
emerson_electric — roc800-series | ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition. | 2023-08-02 | not yet calculated | CVE-2023-1935 MISC |
cisco — small_business_ip_phones | A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2023-08-03 | not yet calculated | CVE-2023-20181 MISC |
cisco — broadworks | A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2023-08-03 | not yet calculated | CVE-2023-20204 MISC |
cisco — cisco_sd-wan_vmanage | A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI. | 2023-08-03 | not yet calculated | CVE-2023-20214 MISC |
cisco — secure_web_appliance | A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. An attacker could exploit this vulnerability by using an affected device to connect to a malicious server and receiving crafted HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device. | 2023-08-03 | not yet calculated | CVE-2023-20215 MISC |
cisco — broadworks | A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability. | 2023-08-03 | not yet calculated | CVE-2023-20216 MISC |
cisco — small_business_ip_phones | A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user’s browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} [“%7b%7bvalue%7d%7d”])}]] | 2023-08-03 | not yet calculated | CVE-2023-20218 MISC |
axis_communications_ab — axis_license_plate_verifier | A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges. | 2023-08-03 | not yet calculated | CVE-2023-21407 MISC |
axis_communications_ab — axis_license_plate_verifier | Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems. | 2023-08-03 | not yet calculated | CVE-2023-21408 MISC |
axis_communications_ab — axis_license_plate_verifier | Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application. | 2023-08-03 | not yet calculated | CVE-2023-21409 MISC |
axis_communications_ab — axis_license_plate_verifier | User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution. | 2023-08-03 | not yet calculated | CVE-2023-21410 MISC |
axis_communications_ab — axis_license_plate_verifier | User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution. | 2023-08-03 | not yet calculated | CVE-2023-21411 MISC |
axis_communications_ab — axis_license_plate_verifier | User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections. | 2023-08-03 | not yet calculated | CVE-2023-21412 MISC |
omron_corporation — cx-programmer | Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314. | 2023-08-03 | not yet calculated | CVE-2023-22277 MISC |
omron_corporation — cx-programmer | Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317. | 2023-08-03 | not yet calculated | CVE-2023-22314 MISC |
omron_corporation — cx-programmer | Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314. | 2023-08-03 | not yet calculated | CVE-2023-22317 MISC |
ibm — robotic_process_automation | IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425. | 2023-08-02 | not yet calculated | CVE-2023-23476 MISC MISC |
nvidia — omniverse_workstation_launcher | NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user’s address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure. | 2023-08-03 | not yet calculated | CVE-2023-25524 MISC |
insyde_software — insydeh20 | An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016. | 2023-08-03 | not yet calculated | CVE-2023-25600 MISC MISC |
xiaomi — cloud_service_application | A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview’s whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account’s cookies. | 2023-08-02 | not yet calculated | CVE-2023-26316 MISC |
xiaomi — multiple_products | A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device. | 2023-08-02 | not yet calculated | CVE-2023-26317 MISC |
ox_software — ox_app_suite | Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. We have added sanitization to all mail-filter APIs to avoid forwardning control characters to subsystems. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26430 MISC MISC MISC MISC |
ox_software — ox_app_suite | External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26438 MISC MISC MISC MISC |
ox_software — ox_app_suite | The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26439 MISC MISC MISC MISC |
ox_software — ox_app_suite | The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26440 MISC MISC MISC MISC |
ox_software — ox_app_suite | Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. We have improved path validation and make sure that any access is contained to the defined root directory. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26441 MISC MISC MISC MISC |
ox_software — ox_app_suite | In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26442 MISC MISC MISC MISC |
ox_software — ox_app_suite | Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26443 MISC MISC MISC MISC |
ox_software — ox_app_suite | Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the theme value and use a default fallback if no theme matches. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26445 MISC MISC MISC MISC |
ox_software — ox_app_suite | The users clientID at “application passwords” was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the user-controllable clientID parameter. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26446 MISC MISC MISC MISC |
ox_software — ox_app_suite | The “upsell” widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26447 MISC MISC MISC MISC |
ox_software — ox_app_suite | Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content for those locations to avoid redirects to malicious content. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26448 MISC MISC MISC MISC |
ox_software — ox_app_suite | The “OX Chat” web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26449 MISC MISC MISC MISC |
ox_software — ox_app_suite | The “OX Count” web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26450 MISC MISC MISC MISC |
ox_software — ox_app_suite | Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known. | 2023-08-02 | not yet calculated | CVE-2023-26451 MISC MISC MISC MISC |
cloudflare — warp | The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. | 2023-08-03 | not yet calculated | CVE-2023-2754 MISC MISC MISC |
insyde_software — insydeh20 | An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS. | 2023-08-03 | not yet calculated | CVE-2023-28468 MISC MISC |
golang — go | A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero. | 2023-08-02 | not yet calculated | CVE-2023-29407 MISC MISC MISC |
golang — go | The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU. | 2023-08-02 | not yet calculated | CVE-2023-29408 MISC MISC MISC |
golang — go | Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. | 2023-08-02 | not yet calculated | CVE-2023-29409 MISC MISC MISC MISC |
zoho_corp– manageengine_network_configuration_manager | An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking. | 2023-08-04 | not yet calculated | CVE-2023-29505 MISC MISC |
pyrocms — pyrocms | PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system. | 2023-08-04 | not yet calculated | CVE-2023-29689 MISC |
assman_group — digitus_plug&view_ip_camera | Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of the camera’s settings and the administrator credentials. | 2023-08-04 | not yet calculated | CVE-2023-30146 MISC MISC |
n-table_technologies — n-central_server | An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. | 2023-08-04 | not yet calculated | CVE-2023-30297 MISC MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard’s Patron Button and Widgets for Patreon plugin <= 2.1.8 versions. | 2023-08-05 | not yet calculated | CVE-2023-30491 MISC |
palantir — palantir | The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint | 2023-08-03 | not yet calculated | CVE-2023-30950 MISC |
palantir — palantir | The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). | 2023-08-03 | not yet calculated | CVE-2023-30951 MISC |
palantir — palantir | A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . | 2023-08-03 | not yet calculated | CVE-2023-30952 MISC |
palantir — palantir | A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry’s CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0. | 2023-08-03 | not yet calculated | CVE-2023-30958 MISC |
freebsd — freebsd | A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet’s payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service. | 2023-08-01 | not yet calculated | CVE-2023-3107 MISC MISC |
broadcom — brocade_fabric_os | Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled. | 2023-08-01 | not yet calculated | CVE-2023-31427 MISC |
broadcom — brocade_fabric_os | Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user’s home directory using grep. | 2023-08-02 | not yet calculated | CVE-2023-31428 MISC |
broadcom — brocade_fabric_os | A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service. | 2023-08-02 | not yet calculated | CVE-2023-31430 MISC |
broadcom — brocade_fabric_os | A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service. | 2023-08-02 | not yet calculated | CVE-2023-31431 MISC |
broadcom — brocade_fabric_os | Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. | 2023-08-02 | not yet calculated | CVE-2023-31432 MISC |
qemu — qemu | A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. | 2023-08-03 | not yet calculated | CVE-2023-3180 MISC MISC |
broadcom — brocade_fabric_os | System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. | 2023-08-02 | not yet calculated | CVE-2023-31926 MISC |
broadcom — brocade_fabric_os | An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. | 2023-08-02 | not yet calculated | CVE-2023-31927 MISC |
broadcom — brocade_fabric_os | A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application. | 2023-08-02 | not yet calculated | CVE-2023-31928 MISC |
fabasoft — cloud_enterprise_client | Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. | 2023-08-03 | not yet calculated | CVE-2023-32764 MISC MISC |
ininet — scada_webserver | SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI’s upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition. | 2023-08-02 | not yet calculated | CVE-2023-3329 MISC |
suprema_inc — biostar_2 | An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers. | 2023-08-03 | not yet calculated | CVE-2023-33363 MISC MISC |
suprema_inc — biostar_2 | An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server. | 2023-08-03 | not yet calculated | CVE-2023-33364 MISC MISC |
suprema_inc — biostar_2 | A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server’s web server. | 2023-08-03 | not yet calculated | CVE-2023-33365 MISC MISC |
suprema_inc — biostar_2 | A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands. | 2023-08-03 | not yet calculated | CVE-2023-33366 MISC MISC |
suprema_inc — biostar_2 | A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server’s root directory, resulting in remote code execution. | 2023-08-05 | not yet calculated | CVE-2023-33367 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device’s firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | 2023-08-04 | not yet calculated | CVE-2023-33372 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices. | 2023-08-04 | not yet calculated | CVE-2023-33373 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution. | 2023-08-04 | not yet calculated | CVE-2023-33374 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices. | 2023-08-04 | not yet calculated | CVE-2023-33375 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | 2023-08-04 | not yet calculated | CVE-2023-33376 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | 2023-08-04 | not yet calculated | CVE-2023-33377 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | 2023-08-04 | not yet calculated | CVE-2023-33378 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO’s devices. | 2023-08-04 | not yet calculated | CVE-2023-33379 MISC MISC |
shelly — 4pm_pro | Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload. | 2023-08-02 | not yet calculated | CVE-2023-33383 MISC MISC |
mitsubishi_electric_corporation — cnc_series | Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery. | 2023-08-03 | not yet calculated | CVE-2023-3346 MISC MISC MISC |
cloudflare — wrangler | The Wrangler command line tool (<[email protected]) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim’s files present outside of the directory for the development server. | 2023-08-03 | not yet calculated | CVE-2023-3348 MISC MISC MISC |
ai-dev — aitable | ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | 2023-08-04 | not yet calculated | CVE-2023-33665 MISC MISC |
ai-dev — aitable | ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | 2023-08-03 | not yet calculated | CVE-2023-33666 MISC MISC |
mitsubishi_electric_corporation — got2000_series | Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it. | 2023-08-04 | not yet calculated | CVE-2023-3373 MISC MISC MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin <= 3.0.7 versions. | 2023-08-05 | not yet calculated | CVE-2023-34010 MISC |
vmware — horizon_server | VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests. | 2023-08-04 | not yet calculated | CVE-2023-34037 MISC |
vmware — horizon_server | VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. | 2023-08-04 | not yet calculated | CVE-2023-34038 MISC |
keyfactor — ejbca | In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur. | 2023-08-03 | not yet calculated | CVE-2023-34196 MISC MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions. | 2023-08-05 | not yet calculated | CVE-2023-34377 MISC |
ezviz — multiple_products | In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote). | 2023-08-01 | not yet calculated | CVE-2023-34551 MISC MISC |
ezviz — multiple_products | In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. | 2023-08-01 | not yet calculated | CVE-2023-34552 MISC MISC |
ruijie_networks — multiple_products | Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth. | 2023-07-31 | not yet calculated | CVE-2023-34644 MISC |
freebsd — freebsd | The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process’ memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process. | 2023-08-01 | not yet calculated | CVE-2023-3494 MISC |
ivanti — epmm | A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. | 2023-08-03 | not yet calculated | CVE-2023-35081 MISC |
supermicro — motherboards | A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. | 2023-07-31 | not yet calculated | CVE-2023-35861 MISC MISC MISC |
gatesair — flexiva_fm_transmitter/exciter | Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard. | 2023-08-02 | not yet calculated | CVE-2023-36081 MISC MISC MISC |
gatesair — flexiva_fm_transmitter/exciter | An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. | 2023-08-03 | not yet calculated | CVE-2023-36082 MISC MISC MISC |
langchain — langchain | An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the PALChain,from_math_prompt(llm).run in the python exec method. | 2023-08-05 | not yet calculated | CVE-2023-36095 MISC MISC MISC |
phpjabbers_ltd. — class_scheduling_system | In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | 2023-08-04 | not yet calculated | CVE-2023-36134 MISC MISC |
phpjabbers_ltd. — class_scheduling_system | User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-04 | not yet calculated | CVE-2023-36135 MISC MISC |
phpjabbers_ltd. — class_scheduling_system | There is a Cross Site Scripting (XSS) vulnerability in the “theme” parameter of preview.php in PHPJabbers Class Scheduling System 1.0. | 2023-08-04 | not yet calculated | CVE-2023-36137 MISC MISC |
phpjabbers_ltd. — class_scheduling_system | User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-04 | not yet calculated | CVE-2023-36141 MISC MISC |
sourcecodester — toll_tax_management_system | Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page. | 2023-08-04 | not yet calculated | CVE-2023-36158 MISC MISC MISC MISC |
sourcecodester — lost_and_found_information_system | Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. | 2023-08-04 | not yet calculated | CVE-2023-36159 MISC MISC |
motocms — motocms | SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function. | 2023-08-03 | not yet calculated | CVE-2023-36213 MISC MISC |
xoops_cms — xoops_cms | Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function. | 2023-08-03 | not yet calculated | CVE-2023-36217 MISC MISC |
dedecms — dedecms | DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE). | 2023-08-03 | not yet calculated | CVE-2023-36298 MISC |
typecho — typecho | A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php. | 2023-08-03 | not yet calculated | CVE-2023-36299 MISC MISC |
aerospike — aerospike_java_client | The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to version 7.0.0, some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Version 7.0.0 contains a patch for this issue. | 2023-08-04 | not yet calculated | CVE-2023-36480 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions. | 2023-08-05 | not yet calculated | CVE-2023-36678 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions. | 2023-08-05 | not yet calculated | CVE-2023-36686 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions. | 2023-08-05 | not yet calculated | CVE-2023-36689 MISC |
hewlett_packard_enterprise — aruba | An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX. | 2023-08-01 | not yet calculated | CVE-2023-3718 MISC |
ws-inc — j_wbem_server | In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152. | 2023-08-03 | not yet calculated | CVE-2023-37364 MISC MISC |
metabase — metabase | Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one’s Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite. | 2023-08-04 | not yet calculated | CVE-2023-37470 MISC |
sensormatic_electronics_johnson_controls_inc. — videoedge | A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. | 2023-08-03 | not yet calculated | CVE-2023-3749 MISC MISC |
hcl_software — hcl_unica_platform | The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service. | 2023-08-03 | not yet calculated | CVE-2023-37497 MISC |
hcl_software — hcl_unica_platform | A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges. | 2023-08-03 | not yet calculated | CVE-2023-37498 MISC |
hcl_software — hcl_unica_platform | A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user’s session and perform other attacks. | 2023-08-03 | not yet calculated | CVE-2023-37499 MISC |
hcl_software — hcl_unica_platform | A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user’s session and perform other attacks. | 2023-08-03 | not yet calculated | CVE-2023-37500 MISC |
hcl_software — hcl_unica_campaign | A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user’s session and perform other attacks. | 2023-08-03 | not yet calculated | CVE-2023-37501 MISC |
cloudflare — odoh-rs | A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable. | 2023-08-03 | not yet calculated | CVE-2023-3766 MISC MISC |
nextgen_healthcare — mirth_connect | A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. | 2023-08-03 | not yet calculated | CVE-2023-37679 MISC MISC MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | 2023-08-05 | not yet calculated | CVE-2023-37873 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions. | 2023-08-05 | not yet calculated | CVE-2023-37874 MISC |
projectdiscovery — nuclei | Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network. | 2023-08-04 | not yet calculated | CVE-2023-37896 MISC MISC MISC |
openssl — openssl | Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the “-check” option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | 2023-07-31 | not yet calculated | CVE-2023-3817 MISC MISC MISC MISC MISC MISC MISC |
oxid_esales_ag — eshop_enterprise_edition | OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack. | 2023-08-02 | not yet calculated | CVE-2023-38330 CONFIRM MISC |
zoho_corp — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user’s account via sensitive information disclosure. | 2023-08-04 | not yet calculated | CVE-2023-38332 MISC MISC |
hedgedoc — hedgedoc | HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed. Depending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database. This issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`. | 2023-08-04 | not yet calculated | CVE-2023-38487 MISC MISC |
metersphere — metersphere | MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue. | 2023-08-04 | not yet calculated | CVE-2023-38494 MISC MISC |
rust-lang — cargo | Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one’s system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. | 2023-08-04 | not yet calculated | CVE-2023-38497 MISC MISC MISC MISC MISC MISC |
seiko_epson_corporation — printer_web_config | Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. | 2023-08-02 | not yet calculated | CVE-2023-38556 MISC MISC |
matrix — matrix/sydent | Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers’ certificates. This makes Sydent’s emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent’s emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one’s control which does not have a listening SMTP server. | 2023-08-04 | not yet calculated | CVE-2023-38686 MISC MISC MISC MISC MISC MISC MISC |
twitch — twitch-tui | twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue. | 2023-08-04 | not yet calculated | CVE-2023-38688 MISC MISC MISC |
rs485 — logistics_pipes | Logistics Pipes is a modification (a.k.a. mod) for the computer game Minecraft Java Edition. The mod used Java’s `ObjectInputStream#readObject` on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue (back then unknown) was fixed in 2016 by a refactoring of the network IO code. The issue is present in all Logistics Pipes versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads. For Minecraft version 1.7.10 the issue was fixed in build 0.10.0.71. Everybody on Minecraft 1.7.10 should check their version number of Logistics Pipes in their modlist and update, if the version number is smaller than 0.10.0.71. Any newer supported Minecraft version (like 1.12.2) never had a Logistics Pipes version with vulnerable code. The best available workaround for vulnerable versions is to play in singleplayer only or update to newer Minecraft versions and modpacks. | 2023-08-04 | not yet calculated | CVE-2023-38689 MISC MISC MISC |
matrix — matrix/appservice | matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist. | 2023-08-04 | not yet calculated | CVE-2023-38690 MISC MISC MISC |
matrix — matrix/appservice | matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user’s MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user’s *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API. | 2023-08-04 | not yet calculated | CVE-2023-38691 MISC MISC |
cloudexplorer_lite — cloudexplorer_lite | CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading. | 2023-08-04 | not yet calculated | CVE-2023-38692 MISC MISC MISC |
cypress-image-snapshot — cypress-image-snapshot | cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it’s possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2. | 2023-08-04 | not yet calculated | CVE-2023-38695 MISC MISC MISC MISC |
socketry — protocol-http1 | protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn’t contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds. | 2023-08-04 | not yet calculated | CVE-2023-38697 MISC MISC MISC MISC |
ensodomains — ens-contracts | Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22. If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost. Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action. | 2023-08-04 | not yet calculated | CVE-2023-38698 MISC MISC MISC |
mindsdb — mindsdb | MindsDB’s AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior. | 2023-08-04 | not yet calculated | CVE-2023-38699 MISC MISC MISC |
matrix — matrix/appservice | matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance. | 2023-08-04 | not yet calculated | CVE-2023-38700 MISC MISC MISC |
knowage_labs — knowage_server | Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to `/knowageqbeengine/foo.jsp` to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the `knowageqbeengine` directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8. | 2023-08-04 | not yet calculated | CVE-2023-38702 MISC |
pimcore — pimcore | Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service—key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted. | 2023-08-04 | not yet calculated | CVE-2023-38708 MISC MISC |
omron_corporation — cj2m_cpu_unit | Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier. | 2023-08-03 | not yet calculated | CVE-2023-38744 MISC MISC |
omron_corporation — cx-programmer | Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | 2023-08-03 | not yet calculated | CVE-2023-38746 MISC MISC |
omron_corporation — cx-programmer | Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | 2023-08-03 | not yet calculated | CVE-2023-38747 MISC MISC |
omron_corporation — cx-programmer | Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. | 2023-08-03 | not yet calculated | CVE-2023-38748 MISC MISC |
django — django/django-sspanel | django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post. | 2023-08-04 | not yet calculated | CVE-2023-38941 MISC |
django — django/django-translator | Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via the component app/config/cloud_config.json. | 2023-08-03 | not yet calculated | CVE-2023-38942 MISC MISC |
shuize_0x727 — shuize_0x727 | ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. | 2023-08-05 | not yet calculated | CVE-2023-38943 MISC MISC |
wbce_cms — wbce_cms | An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. | 2023-08-03 | not yet calculated | CVE-2023-38947 MISC |
jizhi_cms — jizhi_cms | An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. | 2023-08-03 | not yet calculated | CVE-2023-38948 MISC |
zkteco — biotime | An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request. | 2023-08-03 | not yet calculated | CVE-2023-38949 MISC MISC |
zkteco — biotime | A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. | 2023-08-03 | not yet calculated | CVE-2023-38950 MISC MISC |
zkteco — biotime | A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration. | 2023-08-03 | not yet calculated | CVE-2023-38951 MISC MISC |
zkteco — biotime | Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system. | 2023-08-03 | not yet calculated | CVE-2023-38952 MISC MISC |
zkteco — bioaccess | ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. | 2023-08-03 | not yet calculated | CVE-2023-38954 MISC MISC |
zkteco — bioaccess | ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names. | 2023-08-03 | not yet calculated | CVE-2023-38955 MISC MISC |
zkteco — bioaccess | A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. | 2023-08-03 | not yet calculated | CVE-2023-38956 MISC MISC |
zkteco — bioaccess | An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request. | 2023-08-03 | not yet calculated | CVE-2023-38958 MISC MISC |
creative_item_academy_lms — creative_item_academy_lms | Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | 2023-08-04 | not yet calculated | CVE-2023-38964 MISC |
jeesite — jeesite | An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. | 2023-08-04 | not yet calculated | CVE-2023-38991 MISC |
renault — zoe_ev_2021 | Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device. | 2023-08-03 | not yet calculated | CVE-2023-39075 MISC |
webboss.io — cms | WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding. | 2023-08-03 | not yet calculated | CVE-2023-39096 MISC |
webboss.io — cms | WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability. | 2023-08-03 | not yet calculated | CVE-2023-39097 MISC |
nomachine — nomachine | An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. | 2023-08-04 | not yet calculated | CVE-2023-39107 MISC MISC MISC |
ecshop — ecshop | ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel. | 2023-08-04 | not yet calculated | CVE-2023-39112 MISC |
ngiflib — ngiflib | ngiflib commit fb271 was discovered to contain a segmentation violation via the function “main” at gif2tag.c. This vulnerability is triggered when running the program gif2tga. | 2023-08-02 | not yet calculated | CVE-2023-39113 MISC |
ngiflib — ngiflib | ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif. | 2023-08-02 | not yet calculated | CVE-2023-39114 MISC |
emlog — emlog | emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php. | 2023-08-03 | not yet calculated | CVE-2023-39121 MISC MISC |
papercut — papercut_ng/papercut_mf | PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files. | 2023-08-04 | not yet calculated | CVE-2023-39143 MISC MISC |
element55 — knowmore | Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext. | 2023-08-03 | not yet calculated | CVE-2023-39144 MISC MISC |
gitlab — gitlab_enterprise | An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. | 2023-08-03 | not yet calculated | CVE-2023-3932 MISC MISC |
sulu — sulu | Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10. | 2023-08-04 | not yet calculated | CVE-2023-39343 MISC MISC MISC |
social-media-skeleton — social-media-skeleton | social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue. | 2023-08-04 | not yet calculated | CVE-2023-39344 MISC MISC |
linux — kernel | LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds. | 2023-08-04 | not yet calculated | CVE-2023-39346 MISC MISC MISC MISC |
fujitsu_limited — fujitsu_software_infrastructure_manager | Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product’s maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060. | 2023-08-04 | not yet calculated | CVE-2023-39379 MISC MISC |
apache — airflow | Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The “Run Task” feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The “Run Task” feature is considered dangerous and it has been removed entirely in Airflow 2.6.0 This issue affects Apache Airflow: before 2.6.0. | 2023-08-05 | not yet calculated | CVE-2023-39508 MISC MISC MISC |
phpgurukul — online_security_guards_hiring_system | PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php. | 2023-08-04 | not yet calculated | CVE-2023-39551 MISC |
phpgurukul — online_security_guards_hiring_system | PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS). | 2023-08-04 | not yet calculated | CVE-2023-39552 MISC |
golang — go | Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. | 2023-08-02 | not yet calculated | CVE-2023-3978 MISC MISC MISC |
gitlab — gitlab_enterprise | An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects’s configured security policies. | 2023-08-04 | not yet calculated | CVE-2023-4002 MISC |
gitlab — gitlab_community/enterprise | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known. | 2023-08-03 | not yet calculated | CVE-2023-4008 MISC |
linux — kernel | Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. | 2023-08-02 | not yet calculated | CVE-2023-4016 MISC |
mozilla — firefox/firefox_esr | Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | 2023-08-01 | not yet calculated | CVE-2023-4045 MISC MISC MISC MISC MISC MISC |
mozilla — firefox/firefox_esr | In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | 2023-08-01 | not yet calculated | CVE-2023-4046 MISC MISC MISC MISC MISC MISC |
mozilla — firefox/firefox_esr | A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | 2023-08-01 | not yet calculated | CVE-2023-4047 MISC MISC MISC MISC MISC MISC |
mozilla — firefox/firefox_esr | Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | 2023-08-01 | not yet calculated | CVE-2023-4049 MISC MISC MISC MISC MISC MISC |
mozilla — firefox/firefox_esr | In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | 2023-08-01 | not yet calculated | CVE-2023-4050 MISC MISC MISC MISC MISC MISC |
mozilla — firefox/firefox_esr | When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | 2023-08-01 | not yet calculated | CVE-2023-4054 MISC MISC MISC MISC |
mozilla — firefox/firefox_esr | When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | 2023-08-01 | not yet calculated | CVE-2023-4055 MISC MISC MISC MISC MISC MISC |
phpjabbers_ltd. — availability_booking_calendar | A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-03 | not yet calculated | CVE-2023-4110 MISC MISC MISC |
phpjabbers_ltd. — bus_reservation_system | A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely. VDB-235958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-03 | not yet calculated | CVE-2023-4111 MISC MISC MISC MISC |
cute_http_file_server — cute_http_file_server | A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-03 | not yet calculated | CVE-2023-4118 MISC MISC MISC |
academy_lms — academy_lms | A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-235966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-03 | not yet calculated | CVE-2023-4119 MISC MISC MISC |
beijing_baichuo — smart_s85f_management_platform | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722 and classified as critical. This issue affects some unknown processing of the file importhtml.php. The manipulation of the argument sql leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-03 | not yet calculated | CVE-2023-4120 MISC MISC MISC |
beijing_baichuo — smart_s85f_management_platform | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722. It has been classified as critical. Affected is an unknown function. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-03 | not yet calculated | CVE-2023-4121 MISC MISC MISC |
answerdev– answerdev/answer | Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1. | 2023-08-03 | not yet calculated | CVE-2023-4124 MISC MISC |
answerdev — answerdev/answer | Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0. | 2023-08-03 | not yet calculated | CVE-2023-4125 MISC MISC |
answerdev — answerdev/answer | Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0. | 2023-08-03 | not yet calculated | CVE-2023-4126 MISC MISC |
answerdev — answerdev/answer | Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1. | 2023-08-03 | not yet calculated | CVE-2023-4127 MISC MISC |
linux — kernel | A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. | 2023-08-03 | not yet calculated | CVE-2023-4132 MISC MISC |
linux — kernel | A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. | 2023-08-03 | not yet calculated | CVE-2023-4133 MISC MISC |
qemu — qemu | A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed. | 2023-08-04 | not yet calculated | CVE-2023-4135 MISC MISC MISC |
craftercms — craftercms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27. | 2023-08-03 | not yet calculated | CVE-2023-4136 MISC |
rdiffweb — rdiffweb | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0. | 2023-08-03 | not yet calculated | CVE-2023-4138 MISC MISC |
pimcore — pimcore/customer-data-framework | Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. | 2023-08-03 | not yet calculated | CVE-2023-4145 MISC MISC |
omeka — omeka/omeka-s | Improper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3. | 2023-08-04 | not yet calculated | CVE-2023-4157 MISC MISC |
omeka — omeka/omeka-s | Cross-site Scripting (XSS) – Stored in GitHub repository omeka/omeka-s prior to 4.0.3. | 2023-08-04 | not yet calculated | CVE-2023-4158 MISC MISC |
omeka– omeka/omeka-s | Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3. | 2023-08-04 | not yet calculated | CVE-2023-4159 MISC MISC |
tongda — oa | A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236181 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-05 | not yet calculated | CVE-2023-4165 MISC MISC MISC |
tongda — oa | A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-05 | not yet calculated | CVE-2023-4166 MISC MISC MISC |
emby_llc — media_browser_emby_server | A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-236183. | 2023-08-05 | not yet calculated | CVE-2023-4167 MISC MISC MISC |
templatecookie — adlisting | A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-05 | not yet calculated | CVE-2023-4168 MISC MISC |
ruijie — rg-ew1200g | A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-05 | not yet calculated | CVE-2023-4169 MISC MISC MISC |
dedebiz — dedebiz | A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-05 | not yet calculated | CVE-2023-4170 MISC MISC MISC |
chengdu — flash_flood_disaster_monitoring_and_warning_system | A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: ‘../filedir’. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236206 is the identifier assigned to this vulnerability. | 2023-08-05 | not yet calculated | CVE-2023-4171 MISC MISC MISC |
chengdu — flash_flood_disaster_monitoring_and_warning_system | A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207. | 2023-08-05 | not yet calculated | CVE-2023-4172 MISC MISC MISC |
instantsoft — instantsoft/icms2 | Cross-site Scripting (XSS) – Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 2023-08-05 | not yet calculated | CVE-2023-4187 MISC MISC |
instantsoft — instantsoft/icms2 | SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 2023-08-05 | not yet calculated | CVE-2023-4188 MISC MISC |
instantsoft — instantsoft/icms2 | Cross-site Scripting (XSS) – Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 2023-08-05 | not yet calculated | CVE-2023-4189 MISC MISC |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.