US-CERT Vulnerability Summary for the Week of April 3, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
mingsoft — mcms | SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter. | 2023-04-04 | 9.8 | CVE-2020-20913 MISC |
publiccms — publiccms | SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. | 2023-04-04 | 9.8 | CVE-2020-20914 MISC |
publiccms — publiccms | SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. | 2023-04-04 | 9.8 | CVE-2020-20915 MISC |
generex — cs141_firmware | Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. | 2023-03-31 | 9.8 | CVE-2022-47190 CONFIRM CONFIRM CONFIRM |
fernus — learning_management_systems | Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03. | 2023-04-04 | 9.8 | CVE-2023-1728 MISC |
phpmyfaq — phpmyfaq | Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-03-31 | 9.8 | CVE-2023-1753 MISC CONFIRM |
akbim — panon | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Akbim Computer Panon allows SQL Injection.This issue affects Panon: before 1.0.2. | 2023-04-03 | 9.8 | CVE-2023-1765 MISC |
sourcecodester — grade_point_average_\(gpa\)_calculator | A vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. Affected by this vulnerability is the function get_scale of the file Master.php. The manipulation of the argument perc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224671. | 2023-03-31 | 9.8 | CVE-2023-1770 MISC MISC MISC |
rockoa — rockoa | A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability. | 2023-03-31 | 9.8 | CVE-2023-1773 MISC MISC MISC |
jeecg — jeecg_boot | A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699. | 2023-03-31 | 9.8 | CVE-2023-1784 MISC MISC MISC |
sourcecodester — earnings_and_expense_tracker_app | A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224700. | 2023-03-31 | 9.8 | CVE-2023-1785 MISC MISC MISC |
firefly-iii — firefly_iii | Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0. | 2023-04-01 | 9.8 | CVE-2023-1789 MISC CONFIRM |
sourcecodester — simple_task_allocation_system | A vulnerability has been found in SourceCodester Simple Task Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224743. | 2023-04-02 | 9.8 | CVE-2023-1791 MISC MISC MISC |
sourcecodester — simple_mobile_comparison_website | A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/fields/manage_field.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224744. | 2023-04-02 | 9.8 | CVE-2023-1792 MISC MISC MISC |
sourcecodester — police_crime_record_management_system | A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /officer/assigncase.php of the component GET Parameter Handler. The manipulation of the argument caseid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224745 was assigned to this vulnerability. | 2023-04-02 | 9.8 | CVE-2023-1793 MISC MISC MISC |
otcms — otcms | A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224749 was assigned to this vulnerability. | 2023-04-02 | 9.8 | CVE-2023-1797 MISC MISC MISC |
go-fastdfs_project — go-fastdfs | A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: ‘../filedir’. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768. | 2023-04-02 | 9.8 | CVE-2023-1800 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability. | 2023-04-04 | 9.8 | CVE-2023-1826 MISC MISC |
htmlunit_project — htmlunit | Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. | 2023-04-03 | 9.8 | CVE-2023-26119 MISC MISC MISC |
dlink — go-rt-ac750_firmware | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main. | 2023-04-01 | 9.8 | CVE-2023-26822 MISC MISC |
gladinet — centrestack | An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass. | 2023-03-31 | 9.8 | CVE-2023-26829 MISC |
myprestamodules — frequently_asked_questions_page | SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. | 2023-03-31 | 9.8 | CVE-2023-26858 MISC MISC |
ibm — aspera_cargo/aspera_connect | IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616. | 2023-04-02 | 9.8 | CVE-2023-27284 MISC MISC |
ibm — aspera_cargo/aspera_connect | IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616. | 2023-04-02 | 9.8 | CVE-2023-27286 MISC MISC |
jenkins — role-based_authorization_strategy | Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they’ve been disabled. | 2023-04-02 | 9.8 | CVE-2023-28668 MISC |
jenkins — convert_to_pipeline | Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects’ Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted configuration that injects Pipeline script code into the (unsandboxed) Pipeline resulting from a convertion by Jenkins Convert To Pipeline Plugin. | 2023-04-02 | 9.8 | CVE-2023-28677 MISC |
202-ecommerce — paypal | PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected. Users are advised to upgrade to module version 3.16.4. There are no known workarounds for this vulnerability. | 2023-03-31 | 9.8 | CVE-2023-28843 MISC MISC |
artifex — ghostscript | In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. | 2023-03-31 | 9.8 | CVE-2023-28879 MISC MISC MISC MLIST DEBIAN |
generex — cs141_firmware | Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device. | 2023-03-31 | 9.1 | CVE-2022-47189 CONFIRM CONFIRM CONFIRM |
openapi-generator — openapi_generator | openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. | 2023-03-31 | 9.1 | CVE-2023-27162 MISC MISC MISC MISC |
deltaww — dx-2100l1-cn_firmware | The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user “root.” If the attacker has credentials for the web service, then the device could be fully compromised. | 2023-03-31 | 9 | CVE-2023-0432 MISC |
phpmywind — phpmywind | SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page. | 2023-04-04 | 8.8 | CVE-2020-21060 MISC |
admesh_project — admesh | An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 2023-04-03 | 8.8 | CVE-2022-38072 MISC MISC |
hcltech — hcl_compass | HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. | 2023-04-02 | 8.8 | CVE-2022-42447 MISC |
generex — cs141_firmware | Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. | 2023-03-31 | 8.8 | CVE-2022-47191 CONFIRM CONFIRM CONFIRM |
generex — cs141_firmware | Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified “users.json” to the web server of the device, allowing him to replace the administrator password. | 2023-03-31 | 8.8 | CVE-2022-47192 CONFIRM CONFIRM CONFIRM |
bestwebsoft — user_role | The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. | 2023-04-03 | 8.8 | CVE-2023-0820 MISC |
ibos — ibos | A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=email/api/mark&op=delFromSend. The manipulation of the argument emailids leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-224635. | 2023-03-31 | 8.8 | CVE-2023-1747 MISC MISC MISC |
phpmyfaq — phpmyfaq | Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-03-31 | 8.8 | CVE-2023-1762 MISC CONFIRM |
jenkins — octoperf_load_testing | A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | 2023-04-02 | 8.8 | CVE-2023-28674 MISC |
jenkins — convert_to_pipeline | A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE). | 2023-04-02 | 8.8 | CVE-2023-28676 MISC |
panasonic — aiseg2_firmware | Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands. | 2023-03-31 | 8.8 | CVE-2023-28726 MISC |
panasonic — aiseg2_firmware | Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. | 2023-03-31 | 8.8 | CVE-2023-28727 MISC |
jenkins — visual_studio_code_metrics | Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2023-04-02 | 8.2 | CVE-2023-28681 MISC |
jenkins — performance_publisher | Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2023-04-02 | 8.2 | CVE-2023-28682 MISC |
jenkins — phabricator_differential | Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2023-04-02 | 8.2 | CVE-2023-28683 MISC |
nvidia — virtual_gpu | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 2023-04-01 | 7.8 | CVE-2023-0189 MISC |
gnu — binutils | Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. | 2023-04-03 | 7.8 | CVE-2023-1579 MISC |
linux — kernel | hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. | 2023-03-31 | 7.8 | CVE-2023-28464 MISC MISC MISC |
x-man_project — x-man | X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage. | 2023-03-31 | 7.5 | CVE-2022-46021 MISC MISC |
generex — cs141_firmware | There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. | 2023-03-31 | 7.5 | CVE-2022-47188 CONFIRM CONFIRM CONFIRM |
facebook — zstandard | A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. | 2023-03-31 | 7.5 | CVE-2022-4899 MISC |
akuvox — e11_firmware | Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages. | 2023-03-31 | 7.5 | CVE-2023-0343 MISC |
akuvox — e11_firmware | Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server. | 2023-03-31 | 7.5 | CVE-2023-0344 MISC |
devolutions — devolutions_gateway | Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable. | 2023-04-02 | 7.5 | CVE-2023-1580 MISC |
sourcecodester — grade_point_average_\(gpa\)_calculator | A vulnerability, which was classified as problematic, was found in SourceCodester Grade Point Average GPA Calculator 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page with the input php://filter/read=convert.base64-encode/resource=grade_table leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224670 is the identifier assigned to this vulnerability. | 2023-03-31 | 7.5 | CVE-2023-1769 MISC MISC MISC |
sourcecodester — simple_task_allocation_system | A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724. | 2023-04-01 | 7.5 | CVE-2023-1790 MISC MISC MISC |
cesnet — libyang | libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. | 2023-04-03 | 7.5 | CVE-2023-26916 MISC |
dlink — dir-882_firmware | An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information. | 2023-03-31 | 7.5 | CVE-2023-26925 MISC MISC |
tenda — ac6_firmware | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | 2023-04-04 | 7.5 | CVE-2023-26976 MISC |
ruoyi — ruoyi | An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. | 2023-04-02 | 7.5 | CVE-2023-27025 MISC MISC |
appwrite — appwrite | Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request. | 2023-03-31 | 7.5 | CVE-2023-27159 MISC MISC MISC MISC MISC |
jenkins — crap4j | Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2023-04-02 | 7.5 | CVE-2023-28680 MISC |
ruby-lang — uri | A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. | 2023-03-31 | 7.5 | CVE-2023-28755 MISC MISC CONFIRM MISC |
ruby-lang — time | A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. | 2023-03-31 | 7.5 | CVE-2023-28756 MISC CONFIRM MISC MISC |
vtex — apps-graphql | The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. ([email protected] is unaffected by this issue.) | 2023-03-31 | 7.5 | CVE-2023-28877 MISC |
sophos — web_appliance | A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. | 2023-04-04 | 7.2 | CVE-2022-4934 CONFIRM |
wpeasycart — wp_easycart | The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. | 2023-04-03 | 7.2 | CVE-2023-1124 MISC |
gladinet — centrestack | An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server. | 2023-03-31 | 7.2 | CVE-2023-26830 MISC |
nvidia — virtual_gpu | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering. | 2023-04-01 | 7.1 | CVE-2023-0183 MISC |
nvidia — virtual_gpu | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering. | 2023-04-01 | 7.1 | CVE-2023-0186 MISC |
nvidia — virtual_gpu | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. | 2023-04-01 | 7.1 | CVE-2023-0191 MISC |
nvidia — data_center_gpu_manager | NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering. | 2023-04-01 | 7.1 | CVE-2023-0208 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
monospace — directus | An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests. | 2023-04-04 | 6.5 | CVE-2020-19850 MISC |
devolutions — remote_desktop_manager | Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision. | 2023-04-02 | 6.5 | CVE-2023-1202 MISC |
inisev — redirection | The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. | 2023-04-03 | 6.5 | CVE-2023-1330 MISC |
devolutions — remote_desktop_manager | Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text. | 2023-04-02 | 6.5 | CVE-2023-1574 MISC |
devolutions — devolutions_server | Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. | 2023-04-02 | 6.5 | CVE-2023-1603 MISC |
mattermost — mattermost_server | When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients. | 2023-03-31 | 6.5 | CVE-2023-1775 MISC |
rbaskets — request_baskets | request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. | 2023-03-31 | 6.5 | CVE-2023-27163 MISC MISC MISC MISC |
nextcloud — richdocuments | Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud. | 2023-03-31 | 6.5 | CVE-2023-28645 MISC MISC MISC |
jenkins — octoperf_load_testing | Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2023-04-02 | 6.5 | CVE-2023-28672 MISC |
jenkins — remote-jobs-view | Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2023-04-02 | 6.5 | CVE-2023-28684 MISC |
nextcloud — nextcloud_server | Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-03-31 | 6.5 | CVE-2023-28844 MISC MISC |
linux — kernel | A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea | 2023-04-03 | 6.3 | CVE-2023-1611 MISC MISC FEDORA FEDORA |
editor.md — editor.md | Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe>src parameter. | 2023-04-04 | 6.1 | CVE-2020-19697 MISC |
editor.md — editor.md | Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter. | 2023-04-04 | 6.1 | CVE-2020-19698 MISC |
kiftd_project — kiftd | Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the <ifram> tag in the upload file page. | 2023-04-04 | 6.1 | CVE-2020-19699 MISC MISC |
kitecms — kitecms | Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter. | 2023-04-04 | 6.1 | CVE-2020-20521 MISC |
kitecms — kitecms | Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter. | 2023-04-04 | 6.1 | CVE-2020-20522 MISC |
progress — ipswitch_ws_ftp_server | Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI. | 2023-04-03 | 6.1 | CVE-2022-27665 MISC MISC |
ykmbilisim — ykm_crm | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in YKM YKM CRM allows Reflected XSS.This issue affects YKM CRM: before 23.03.30. | 2023-03-31 | 6.1 | CVE-2023-1060 MISC |
solidres — solidres | The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-04-03 | 6.1 | CVE-2023-1377 MISC |
akbim — panon | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Akbim Computer Panon allows Reflected XSS.This issue affects Panon: before 1.0.2. | 2023-04-03 | 6.1 | CVE-2023-1766 MISC |
sourcecodester — grade_point_average_\(gpa\)_calculator | A vulnerability was found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as problematic. Affected by this issue is the function get_scale of the file Master.php. The manipulation of the argument perc leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224672. | 2023-03-31 | 6.1 | CVE-2023-1771 MISC MISC MISC |
sourcecodester — police_crime_record_management_system | A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/casedetails.php of the component GET Parameter Handler. The manipulation of the argument id with the input “><script>alert(233)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224746 is the identifier assigned to this vulnerability. | 2023-04-02 | 6.1 | CVE-2023-1794 MISC MISC MISC |
sourcecodester — gadget_works_online_ordering_system | A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/products/index.php of the component GET Parameter Handler. The manipulation of the argument view with the input <script>alert(666)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224747. | 2023-04-02 | 6.1 | CVE-2023-1795 MISC MISC MISC |
samba — samba | The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. | 2023-04-03 | 5.9 | CVE-2023-0922 MISC CONFIRM |
nvidia — virtual_gpu | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. | 2023-04-01 | 5.5 | CVE-2023-0187 MISC |
nvidia — virtual_gpu | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service. | 2023-04-01 | 5.5 | CVE-2023-0188 MISC |
sophos — web_appliance | A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. | 2023-04-04 | 5.4 | CVE-2020-36692 CONFIRM |
hcltechsw — hcl_launch | HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections. | 2023-04-02 | 5.4 | CVE-2022-42452 MISC |
wordpress — wordpress | The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-04-03 | 5.4 | CVE-2023-0399 MISC |
proliz_obs — proliz_obs |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before 23.04.01. | 2023-04-07 | 5.4 | CVE-2023-1726 MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-03-31 | 5.4 | CVE-2023-1755 CONFIRM MISC |
phpmyfaq — phpmyfaq | Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-03-31 | 5.4 | CVE-2023-1761 MISC CONFIRM |
mattermost — mattermost_server | When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter’s permission to that channel, allowing an attacker to invite themselves to a private channel. | 2023-03-31 | 5.4 | CVE-2023-1774 MISC |
mattermost — mattermost_server | Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file. | 2023-03-31 | 5.4 | CVE-2023-1776 MISC |
sourcecodester — employee_payslip_generator_system | A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_position of the component Create News Handler. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224748. | 2023-04-02 | 5.4 | CVE-2023-1796 MISC MISC MISC |
eyoucms — eyoucms | A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224750 is the identifier assigned to this vulnerability. | 2023-04-02 | 5.4 | CVE-2023-1798 MISC MISC MISC |
eyoucms — eyoucms | A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224751. | 2023-04-02 | 5.4 | CVE-2023-1799 MISC MISC MISC |
ibm — websphere_application_server | IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. | 2023-04-02 | 5.4 | CVE-2023-26283 MISC MISC |
jenkins — jacoco | Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control input files for the ‘Record JaCoCo coverage report’ post-build action. | 2023-04-02 | 5.4 | CVE-2023-28669 MISC |
jenkins — pipeline_aggregator_view | Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view’s URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission. | 2023-04-02 | 5.4 | CVE-2023-28670 MISC |
jenkins — cppcheck | Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control report file contents. | 2023-04-02 | 5.4 | CVE-2023-28678 MISC |
jenkins — mashup_portlets | Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the “Generic JS Portlet” feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission. | 2023-04-02 | 5.4 | CVE-2023-28679 MISC |
abb — flow-x\/m_firmware | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0. | 2023-03-31 | 5.3 | CVE-2023-1258 MISC |
mattermost — mattermost_server | Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message. | 2023-03-31 | 5.3 | CVE-2023-1777 MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-03-31 | 4.8 | CVE-2023-1759 MISC CONFIRM |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-03-31 | 4.8 | CVE-2023-1760 MISC CONFIRM |
datagear — datagear | A vulnerability was found in DataGear up to 4.5.1. It has been classified as problematic. This affects an unknown part of the component Diagram Type Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224673 was assigned to this vulnerability. | 2023-03-31 | 4.8 | CVE-2023-1772 MISC MISC MISC |
dupeoff_project — dupeoff | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions. | 2023-04-03 | 4.8 | CVE-2023-26529 MISC |
phpmyfaq — phpmyfaq | Improper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-03-31 | 4.7 | CVE-2023-1754 MISC CONFIRM |
samba — samba | A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | 2023-04-03 | 4.3 | CVE-2023-0225 MISC CONFIRM |
jenkins — octoperf_load_testing | A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2023-04-02 | 4.3 | CVE-2023-28671 MISC |
jenkins — octoperf_load_testing | A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 2023-04-02 | 4.3 | CVE-2023-28673 MISC |
jenkins — octoperf_load_testing | A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | 2023-04-02 | 4.3 | CVE-2023-28675 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
nextcloud — talk | Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability. | 2023-03-31 | 3.5 | CVE-2023-28845 MISC MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wordpress — wordpress | A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. The name of the patch is 642ef1dc1751ab6642ce981fe126325bb574f898. It is recommended to upgrade the affected component. VDB-225002 is the identifier assigned to this vulnerability. | 2023-04-05 | not yet calculated | CVE-2013-10022 MISC MISC MISC |
wordpress — wordpress | A vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151. | 2023-04-08 | not yet calculated | CVE-2013-10023 MISC MISC MISC MISC |
wordpress — wordpress | A vulnerability has been found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability. | 2023-04-08 | not yet calculated | CVE-2013-10024 MISC MISC MISC |
wordpress — wordpress | A vulnerability was found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability. | 2023-04-08 | not yet calculated | CVE-2013-10025 MISC MISC MISC |
phpminiadmin — phpminiadmin | A vulnerability classified as problematic was found in phpMiniAdmin up to 1.8.120510. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.140405 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-225001 was assigned to this vulnerability. | 2023-04-06 | not yet calculated | CVE-2014-125094 MISC MISC MISC |
wordpress — wordpress | A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152. | 2023-04-08 | not yet calculated | CVE-2015-10098 MISC MISC MISC MISC |
ubuntu — linux_kernel | It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack. | 2023-04-07 | not yet calculated | CVE-2020-11935 UBUNTU UBUNTU |
mm-wiki — mm-wiki | Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor. | 2023-04-04 | not yet calculated | CVE-2020-19277 MISC |
mm-wiki — mm-wiki | Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter. | 2023-04-04 | not yet calculated | CVE-2020-19278 MISC MISC |
b3log_wide — b3log_wide | Directory Traversal vulnerability found in B3log Wide allows an attacker to escalate privileges via symbolic links. | 2023-04-04 | not yet calculated | CVE-2020-19279 MISC |
netgate — pfsense/pfsense_suricata | Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. | 2023-04-06 | not yet calculated | CVE-2020-19678 MISC MISC MISC |
nginx — njs | Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file. | 2023-04-04 | not yet calculated | CVE-2020-19692 MISC |
espruino — espruino | An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint. | 2023-04-04 | not yet calculated | CVE-2020-19693 MISC |
nginx — njs | Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. | 2023-04-04 | not yet calculated | CVE-2020-19695 MISC |
netgate —- pfsense/acme | Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php. | 2023-04-04 | not yet calculated | CVE-2020-21487 MISC MISC |
fluent — fluentd | An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escilated privlidges and execute arbitrary code due to a default password. | 2023-04-04 | not yet calculated | CVE-2020-21514 MISC |
zentao — zentao | Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter | 2023-04-04 | not yet calculated | CVE-2020-22533 MISC |
espruino — espruino | Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c. | 2023-04-04 | not yet calculated | CVE-2020-23257 MISC MISC |
jsish — jsish | An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file. | 2023-04-04 | not yet calculated | CVE-2020-23258 MISC MISC |
jsish — jsish | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file. | 2023-04-04 | not yet calculated | CVE-2020-23259 MISC MISC |
jsish — jsish | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file. | 2023-04-04 | not yet calculated | CVE-2020-23260 MISC MISC |
zblogphp — zblogphp | Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model. | 2023-04-04 | not yet calculated | CVE-2020-23327 MISC |
zend — framework | An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. | 2023-04-04 | not yet calculated | CVE-2020-29312 MISC MISC MISC |
tailor_management_system — tailor_management_system | SQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the email.php page. | 2023-04-06 | not yet calculated | CVE-2020-36071 MISC |
tailor_management_system — tailor_management_system | SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the id parameter. | 2023-04-06 | not yet calculated | CVE-2020-36072 MISC |
tailor_management_system — tailor_management_system | SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the detail parameter of the document.php page. | 2023-04-06 | not yet calculated | CVE-2020-36073 MISC |
tailor_management_system — tailor_management_system | SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter. | 2023-04-06 | not yet calculated | CVE-2020-36074 MISC |
etcd — etcd-io | Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. | 2023-04-04 | not yet calculated | CVE-2021-28235 MISC MISC MISC MISC |
kitecms — kitecms | Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type. | 2023-04-04 | not yet calculated | CVE-2021-31707 MISC |
kitecms — kitecms | File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function. | 2023-04-04 | not yet calculated | CVE-2021-3267 MISC |
osticket — osticket | Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. | 2023-04-05 | not yet calculated | CVE-2022-31888 MISC MISC MISC |
osticket — osticket | Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae. | 2023-04-05 | not yet calculated | CVE-2022-31889 MISC MISC |
osticket — osticket | SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function. | 2023-04-05 | not yet calculated | CVE-2022-31890 MISC MISC |
mediatek — multiple_products | In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07460390. | 2023-04-06 | not yet calculated | CVE-2022-32599 MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private. | 2023-04-05 | not yet calculated | CVE-2022-3375 MISC CONFIRM MISC |
ibm — sterling_order_management | IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320. | 2023-04-07 | not yet calculated | CVE-2022-33959 MISC MISC |
ibm — sterling_order_management | IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. | 2023-04-07 | not yet calculated | CVE-2022-34333 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP. | 2023-04-05 | not yet calculated | CVE-2022-3513 MISC MISC CONFIRM |
frrouting_frr-bgpd — frrouting_frr-bgpd | A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. | 2023-04-03 | not yet calculated | CVE-2022-36440 MISC MISC |
bluepage_cms — bluepage_cms | BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the ‘users-cookie-settings’ token using a Time-based blind SLEEP payload. | 2023-04-03 | not yet calculated | CVE-2022-38922 MISC MISC MISC |
bluepage_cms — bluepage_cms | BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the ‘User-Agent’ field using a Time-based blind SLEEP payload. | 2023-04-03 | not yet calculated | CVE-2022-38923 MISC MISC MISC |
hitachi — vantara_pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. | 2023-04-03 | not yet calculated | CVE-2022-3960 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions. | 2023-04-04 | not yet calculated | CVE-2022-41633 MISC |
supermicro — x11ssl-cf_hw | Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. | 2023-04-07 | not yet calculated | CVE-2022-43309 MISC MISC MISC |
cisco_talos_intelligence_group — ichitaro_word_processor_2022 | A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability. | 2023-04-05 | not yet calculated | CVE-2022-43664 MISC MISC |
hitachi — vantara_pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. | 2023-04-03 | not yet calculated | CVE-2022-43769 MISC |
hitachi — vantara_pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds. | 2023-04-03 | not yet calculated | CVE-2022-43771 MISC |
hitachi — vantara_pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. | 2023-04-03 | not yet calculated | CVE-2022-43772 MISC |
hitachi — vantara_pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. | 2023-04-03 | not yet calculated | CVE-2022-43773 MISC |
ibm — tririga_application_platform | IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036. | 2023-04-07 | not yet calculated | CVE-2022-43914 MISC MISC |
ibm — toolbox_for_java | The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675. | 2023-04-07 | not yet calculated | CVE-2022-43928 MISC MISC |
hitachi — vantara_pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. | 2023-04-03 | not yet calculated | CVE-2022-43938 MISC |
hitachi — vantara_pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. | 2023-04-03 | not yet calculated | CVE-2022-43939 MISC |
hitachi — vantara_pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. | 2023-04-03 | not yet calculated | CVE-2022-43940 MISC |
hitachi — vantara_pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. | 2023-04-03 | not yet calculated | CVE-2022-43941 MISC |
cisco_talos_intelligence_group — ichitaro_word_processor_2022 | A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2023-04-05 | not yet calculated | CVE-2022-45115 MISC MISC |
arm_developer — mali_gpu_kernel_driver | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. | 2023-04-06 | not yet calculated | CVE-2022-46781 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce plugin <= 12.4.4 versions. | 2023-04-06 | not yet calculated | CVE-2022-46793 MISC |
hitachi — vantara_pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. | 2023-04-03 | not yet calculated | CVE-2022-4769 MISC |
hitachi — vantara_pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). | 2023-04-03 | not yet calculated | CVE-2022-4770 MISC |
hitachi — vantara_pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. | 2023-04-03 | not yet calculated | CVE-2022-4771 MISC |
redgate — sql_monitor | A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter. | 2023-04-04 | not yet calculated | CVE-2022-47870 MISC |
acuant — acufill_sdk | An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI’s get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This gives a standard user full SYSTEM code execution (elevation of privileges). | 2023-04-04 | not yet calculated | CVE-2022-48221 MISC MISC |
acuant — acufill_sdk |
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges). | 2023-04-04 | not yet calculated | CVE-2022-48222 MISC MISC |
acuant — acufill_sdk | An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory. | 2023-04-04 | not yet calculated | CVE-2022-48223 MISC MISC |
acuant — acufill_sdk | An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges). | 2023-04-04 | not yet calculated | CVE-2022-48224 MISC MISC |
acuant — acufill_sdk | An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location. | 2023-04-04 | not yet calculated | CVE-2022-48225 MISC MISC |
acuant — acufill_sdk | An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation. | 2023-04-04 | not yet calculated | CVE-2022-48226 MISC MISC |
acuant — assureid_sentinel | An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361. | 2023-04-04 | not yet calculated | CVE-2022-48227 MISC MISC |
acuant — assureid_sentinel | An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362. | 2023-04-04 | not yet calculated | CVE-2022-48228 MISC MISC |
jetbrains — phpstorm | In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file | 2023-04-04 | not yet calculated | CVE-2022-48435 MISC |
wordpress — wordpress | The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and privilege escalation (via the wp_ajax_wcfm_vendor_store_online AJAX action). | 2023-04-05 | not yet calculated | CVE-2022-4935 MISC MISC |
wordpress — wordpress | The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and more, via a forged request granted they can trick a site’s administrator into performing an action such as clicking on a link. | 2023-04-05 | not yet calculated | CVE-2022-4936 MISC MISC |
wordpress — wordpress | The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more. There were hundreds of AJAX endpoints affected. | 2023-04-05 | not yet calculated | CVE-2022-4937 MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more, via a forged request granted they can trick a site’s administrator into performing an action such as clicking on a link. There were hundreds of AJAX endpoints affected. | 2023-04-05 | not yet calculated | CVE-2022-4938 MISC MISC |
wordpress — wordpress | THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to modify the membership registration form in a way that allows them to set the role for registration to that of any user including administrators. Once configured, the attacker can then register as an administrator. | 2023-04-05 | not yet calculated | CVE-2022-4939 MISC MISC |
wordpress — wordpress | The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more. | 2023-04-05 | not yet calculated | CVE-2022-4940 MISC MISC MISC MISC |
wordpress — wordpress | The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more, via a forged request granted they can trick a site’s administrator into performing an action such as clicking on a link. | 2023-04-05 | not yet calculated | CVE-2022-4941 MISC MISC MISC |
nvidia — vgpu | NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure. | 2023-04-01 | not yet calculated | CVE-2023-0180 MISC |
nvidia — vgpu | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. | 2023-04-01 | not yet calculated | CVE-2023-0181 MISC |
nvidia — vgpu |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering. | 2023-04-01 | not yet calculated | CVE-2023-0182 MISC |
nvidia — vgpu | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure. | 2023-04-01 | not yet calculated | CVE-2023-0185 MISC |
nvidia — vgpu | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure. | 2023-04-01 | not yet calculated | CVE-2023-0192 MISC |
nvidia — vgpu | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service. | 2023-04-01 | not yet calculated | CVE-2023-0194 MISC |
nvidia — vgpu | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver | 2023-04-01 | not yet calculated | CVE-2023-0195 MISC |
nvidia — vgpu | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service. | 2023-04-01 | not yet calculated | CVE-2023-0197 MISC |
nvidia — vgpu | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. | 2023-04-01 | not yet calculated | CVE-2023-0198 MISC |
uvdesk — uvdesk | Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers. | 2023-04-04 | not yet calculated | CVE-2023-0265 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only. | 2023-04-05 | not yet calculated | CVE-2023-0319 MISC CONFIRM MISC |
uvdesk — uvdesk | Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket. | 2023-04-04 | not yet calculated | CVE-2023-0325 MISC MISC |
helpy — helpy | Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket. | 2023-04-04 | not yet calculated | CVE-2023-0357 MISC MISC |
m-files — server | User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. | 2023-04-05 | not yet calculated | CVE-2023-0382 MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users. | 2023-04-05 | not yet calculated | CVE-2023-0450 MISC MISC CONFIRM |
vitalpbx — vitalpbx | VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator’s account. This is possible because the application is vulnerable to CSRF. | 2023-04-04 | not yet calculated | CVE-2023-0480 MISC MISC |
vitalpbx — vitalpbx | VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance’s administrator account via a malicious link. This is possible because the application is vulnerable to XSS. | 2023-04-04 | not yet calculated | CVE-2023-0486 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances. | 2023-04-05 | not yet calculated | CVE-2023-0523 MISC CONFIRM MISC |
abb — my_control_system | Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13. | 2023-04-06 | not yet calculated | CVE-2023-0580 MISC |
samba — ad_dc | The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. | 2023-04-03 | not yet calculated | CVE-2023-0614 MISC CONFIRM |
cloudflare — warp | Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. | 2023-04-06 | not yet calculated | CVE-2023-0652 MISC MISC MISC |
ulearn — ulearn | Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image. | 2023-04-05 | not yet calculated | CVE-2023-0670 MISC |
orangescrum — orangescrum | OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. | 2023-04-04 | not yet calculated | CVE-2023-0738 MISC MISC |
lynx_technik_ag — yellobrik | Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : – Change the password, resulting in a DOS of the users – Change the streaming source, compromising the integrity of the stream – Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued. | 2023-04-06 | not yet calculated | CVE-2023-0750 MISC |
markdown-pdf — markdown-pdf | markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user. | 2023-04-04 | not yet calculated | CVE-2023-0835 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342. | 2023-04-05 | not yet calculated | CVE-2023-0838 CONFIRM MISC MISC |
xml2js– xml2js | xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited. | 2023-04-05 | not yet calculated | CVE-2023-0842 MISC MISC |
bhima — bhima | Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain actions that can be performed by the user. | 2023-04-05 | not yet calculated | CVE-2023-0944 MISC MISC |
bhima — bhima | Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF. | 2023-04-05 | not yet calculated | CVE-2023-0959 MISC MISC |
bhima — bhima | Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user permissions with respect to certain actions the user can perform. | 2023-04-05 | not yet calculated | CVE-2023-0967 MISC MISC |
trellix — agent_for_windows | A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions. | 2023-04-03 | not yet calculated | CVE-2023-0975 MISC |
trellix — agent | A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable. | 2023-04-03 | not yet calculated | CVE-2023-0977 MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic. | 2023-04-05 | not yet calculated | CVE-2023-1071 CONFIRM MISC |
gitlab — gitlab | An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration. | 2023-04-05 | not yet calculated | CVE-2023-1098 MISC CONFIRM MISC |
gitlab — gitlab | Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR. | 2023-04-05 | not yet calculated | CVE-2023-1167 CONFIRM MISC |
cloudflare — warp | An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of this MSI. ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation. PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems. | 2023-04-05 | not yet calculated | CVE-2023-1412 MISC MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim’s epic in an unrelated group. | 2023-04-05 | not yet calculated | CVE-2023-1417 MISC CONFIRM MISC |
genetec – security_center | SQL Injection in the Hardware Inventory report of Security Center 5.11.2. | 2023-04-05 | not yet calculated | CVE-2023-1522 MISC |
linux — kernel | A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. | 2023-04-05 | not yet calculated | CVE-2023-1582 MISC |
sophos — web_appliance | A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | 2023-04-04 | not yet calculated | CVE-2023-1671 CONFIRM |
gitlab — gitlab | An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. | 2023-04-05 | not yet calculated | CVE-2023-1708 CONFIRM MISC MISC |
gitlab — gitlab | A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. | 2023-04-05 | not yet calculated | CVE-2023-1710 MISC MISC CONFIRM |
gitlab — gitlab | A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. | 2023-04-05 | not yet calculated | CVE-2023-1733 MISC MISC CONFIRM |
nexx — multiple_products | The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer. | 2023-04-04 | not yet calculated | CVE-2023-1748 MISC |
nexx — multiple_products | The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute. | 2023-04-04 | not yet calculated | CVE-2023-1749 MISC |
nexx — multiple_products | The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information. | 2023-04-04 | not yet calculated | CVE-2023-1750 MISC |
nexx — multiple_products | The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId. | 2023-04-04 | not yet calculated | CVE-2023-1751 MISC |
nexx — multiple_products | The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address. | 2023-04-04 | not yet calculated | CVE-2023-1752 MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-05 | not yet calculated | CVE-2023-1756 CONFIRM MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-05 | not yet calculated | CVE-2023-1757 MISC CONFIRM |
phpmyfaq — phpmyfaq | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-05 | not yet calculated | CVE-2023-1758 MISC CONFIRM |
tribe29 — checkmk | Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations. | 2023-04-04 | not yet calculated | CVE-2023-1768 MISC |
hashicorp — multiple_products | HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3. | 2023-04-05 | not yet calculated | CVE-2023-1782 MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description. | 2023-04-05 | not yet calculated | CVE-2023-1787 MISC CONFIRM |
firefly-iii — firefly-iii | Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6. | 2023-04-05 | not yet calculated | CVE-2023-1788 CONFIRM MISC |
the_tcpdump_group — tcpdump | The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. | 2023-04-07 | not yet calculated | CVE-2023-1801 MISC MISC |
docker — docker_desktop | In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. | 2023-04-06 | not yet calculated | CVE-2023-1802 MISC MISC |
google — chrome | Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-04-04 | not yet calculated | CVE-2023-1810 MISC MISC MISC |
google — chrome | Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-04-04 | not yet calculated | CVE-2023-1811 MISC MISC MISC |
google — chrome | Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | 2023-04-04 | not yet calculated | CVE-2023-1812 MISC MISC MISC |
google — chrome | Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-04-04 | not yet calculated | CVE-2023-1813 MISC MISC MISC |
google — chrome | Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium) | 2023-04-04 | not yet calculated | CVE-2023-1814 MISC MISC MISC |
google — chrome | Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2023-04-04 | not yet calculated | CVE-2023-1815 MISC MISC MISC |
google — chrome | Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2023-04-04 | not yet calculated | CVE-2023-1816 MISC MISC MISC |
google — chrome | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-04-04 | not yet calculated | CVE-2023-1817 MISC MISC MISC |
google — chrome | Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2023-04-04 | not yet calculated | CVE-2023-1818 MISC MISC MISC |
google — chrome | Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | 2023-04-04 | not yet calculated | CVE-2023-1819 MISC MISC MISC |
google — chrome | Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2023-04-04 | not yet calculated | CVE-2023-1820 MISC MISC MISC |
google — chrome | Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) | 2023-04-04 | not yet calculated | CVE-2023-1821 MISC MISC MISC |
google — chrome | Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | 2023-04-04 | not yet calculated | CVE-2023-1822 MISC MISC MISC |
google — chrome | Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | 2023-04-04 | not yet calculated | CVE-2023-1823 MISC MISC MISC |
sourcecodester — centralized_covid_vaccination_records_system | A vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical. This vulnerability affects unknown code of the file /vaccinated/admin/maintenance/manage_location.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224842 is the identifier assigned to this vulnerability. | 2023-04-04 | not yet calculated | CVE-2023-1827 MISC MISC MISC |
linux — kernel | A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. | 2023-04-05 | not yet calculated | CVE-2023-1838 MISC |
wordpress — wordpress | The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-04-04 | not yet calculated | CVE-2023-1840 MISC MISC |
sourcecodester — online_payroll_system | A vulnerability, which was classified as critical, was found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224985 was assigned to this vulnerability. | 2023-04-05 | not yet calculated | CVE-2023-1845 MISC MISC MISC |
sourcecodester — online_payroll_system | A vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/deduction_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224986 is the identifier assigned to this vulnerability. | 2023-04-05 | not yet calculated | CVE-2023-1846 MISC MISC MISC |
sourcecodester — online_payroll_system | A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical. This issue affects some unknown processing of the file attendance.php. The manipulation of the argument employee leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224987. | 2023-04-05 | not yet calculated | CVE-2023-1847 MISC MISC MISC |
sourcecodester — online_payroll_system | A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/attendance_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224988. | 2023-04-05 | not yet calculated | CVE-2023-1848 MISC MISC MISC |
sourcecodester — online_payroll_system | A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cashadvance_row.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224989 was assigned to this vulnerability. | 2023-04-05 | not yet calculated | CVE-2023-1849 MISC MISC MISC |
sourcecodester — online_payroll_system | A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224990 is the identifier assigned to this vulnerability. | 2023-04-05 | not yet calculated | CVE-2023-1850 MISC MISC MISC |
sourcecodester — online_payroll_system | A vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_add.php. The manipulation of the argument of leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224991. | 2023-04-05 | not yet calculated | CVE-2023-1851 MISC MISC MISC |
sourcecodester — online_payroll_system | A vulnerability classified as problematic was found in SourceCodester Online Payroll System 1.0. This vulnerability affects unknown code of the file /admin/deduction_edit.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-224992. | 2023-04-05 | not yet calculated | CVE-2023-1852 MISC MISC MISC |
sourcecodester — online_payroll_system | A vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0. This issue affects some unknown processing of the file /admin/employee_edit.php. The manipulation of the argument of leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224993 was assigned to this vulnerability. | 2023-04-05 | not yet calculated | CVE-2023-1853 MISC MISC MISC |
sourcecodester — online_payroll_system | A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224994 is the identifier assigned to this vulnerability. | 2023-04-05 | not yet calculated | CVE-2023-1854 MISC MISC MISC |
linux — kernel | A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. | 2023-04-05 | not yet calculated | CVE-2023-1855 MISC |
sourcecodester — air_cargo_management_system | A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224995. | 2023-04-05 | not yet calculated | CVE-2023-1856 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manage_product&id=2. The manipulation of the argument Product Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224996. | 2023-04-05 | not yet calculated | CVE-2023-1857 MISC MISC MISC |
sourcecodester — earnings_and_expense_tracker_app | A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-224997 was assigned to this vulnerability. | 2023-04-05 | not yet calculated | CVE-2023-1858 MISC MISC |
keysight — ixia_hawkeye | A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste”><script>alert(%27c4ng4c3ir0%27)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-224998 is the identifier assigned to this vulnerability. NOTE: Vendor did not respond if and how they may handle this issue. | 2023-04-05 | not yet calculated | CVE-2023-1860 MISC MISC |
wordpress — wordpress | The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels from the plugin. | 2023-04-05 | not yet calculated | CVE-2023-1865 MISC MISC MISC |
wordpress — wordpress | The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin’s channel settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-05 | not yet calculated | CVE-2023-1866 MISC MISC |
wordpress — wordpress | The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-05 | not yet calculated | CVE-2023-1867 MISC MISC MISC |
wordpress — wordpress | The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin’s cache. | 2023-04-05 | not yet calculated | CVE-2023-1868 MISC MISC MISC |
wordpress — wordpress | The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-04-05 | not yet calculated | CVE-2023-1869 MISC MISC |
wordpress — wordpress | The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin’s quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-05 | not yet calculated | CVE-2023-1870 MISC MISC MISC |
wordpress — wordpress | The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the deleteLang function. This makes it possible for unauthenticated attackers to reset the plugin’s quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-05 | not yet calculated | CVE-2023-1871 MISC MISC MISC |
microweber — microweber | Deserialization of Untrusted Data in GitHub repository microweber/microweber prior to 1.3.3. | 2023-04-05 | not yet calculated | CVE-2023-1876 CONFIRM MISC |
microweber — microweber | Command Injection in GitHub repository microweber/microweber prior to 1.3.3. | 2023-04-05 | not yet calculated | CVE-2023-1877 CONFIRM MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-05 | not yet calculated | CVE-2023-1878 CONFIRM MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-05 | not yet calculated | CVE-2023-1879 CONFIRM MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-05 | not yet calculated | CVE-2023-1880 CONFIRM MISC |
microweber — microweber | Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.3.3. | 2023-04-05 | not yet calculated | CVE-2023-1881 CONFIRM MISC |
phpmyfaq — phpmyfaq |
Cross-site Scripting (XSS) – DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-05 | not yet calculated | CVE-2023-1882 MISC CONFIRM |
phpmyfaq — phpmyfaq | Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-05 | not yet calculated | CVE-2023-1883 MISC CONFIRM |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-05 | not yet calculated | CVE-2023-1884 MISC CONFIRM |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-05 | not yet calculated | CVE-2023-1885 MISC CONFIRM |
phpmyfaq — phpmyfaq | Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-05 | not yet calculated | CVE-2023-1886 CONFIRM MISC |
phpmyfaq — phpmyfaq | Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-05 | not yet calculated | CVE-2023-1887 MISC CONFIRM |
sourcecodester — simple_mobile_comparison_website | A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/categories/view_category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225150 is the identifier assigned to this vulnerability. | 2023-04-06 | not yet calculated | CVE-2023-1908 MISC MISC MISC |
phpgugurukul — bp_monitoring_management_system | A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability. | 2023-04-07 | not yet calculated | CVE-2023-1909 MISC MISC MISC |
wordpress — wordpress | The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the plugin’s settings page. This only works when the plugin prioritizes use of the X-FORWARDED-FOR header, which can be configured in its settings. | 2023-04-06 | not yet calculated | CVE-2023-1912 MISC MISC |
wordpress — wordpress | The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-04-06 | not yet calculated | CVE-2023-1913 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-06 | not yet calculated | CVE-2023-1918 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-06 | not yet calculated | CVE-2023-1919 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the varnish cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-06 | not yet calculated | CVE-2023-1920 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-06 | not yet calculated | CVE-2023-1921 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-06 | not yet calculated | CVE-2023-1922 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-06 | not yet calculated | CVE-2023-1923 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-06 | not yet calculated | CVE-2023-1924 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-06 | not yet calculated | CVE-2023-1925 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-06 | not yet calculated | CVE-2023-1926 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-04-06 | not yet calculated | CVE-2023-1927 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation. | 2023-04-06 | not yet calculated | CVE-2023-1928 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache. | 2023-04-06 | not yet calculated | CVE-2023-1929 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches. | 2023-04-06 | not yet calculated | CVE-2023-1930 MISC MISC |
wordpress — wordpress | The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion. | 2023-04-06 | not yet calculated | CVE-2023-1931 MISC MISC |
my-blog — my-blog | A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264. | 2023-04-07 | not yet calculated | CVE-2023-1937 MISC MISC MISC |
sourcecodester — simple_and_beautiful_shopping_cart_system | A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file delete_user_query.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225316. | 2023-04-07 | not yet calculated | CVE-2023-1940 MISC MISC MISC |
sourcecodester — simple_and_beautiful_shopping_cart_system | A vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225317 was assigned to this vulnerability. | 2023-04-07 | not yet calculated | CVE-2023-1941 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319. | 2023-04-07 | not yet calculated | CVE-2023-1942 MISC MISC MISC |
sourcecodester — survey_application_system | A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input <script>prompt(document.domain)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225329 was assigned to this vulnerability. | 2023-04-07 | not yet calculated | CVE-2023-1946 MISC MISC |
taocms — taocms | A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability. | 2023-04-07 | not yet calculated | CVE-2023-1947 MISC MISC MISC |
phpgurukul — bp_monitoring_management_system | A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335. | 2023-04-08 | not yet calculated | CVE-2023-1948 MISC MISC MISC |
phpgurukul — bp_monitoring_management_system | A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225336. | 2023-04-08 | not yet calculated | CVE-2023-1949 MISC MISC MISC |
phpgurukul — bp_monitoring_management_system | A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability. | 2023-04-08 | not yet calculated | CVE-2023-1950 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function delete_brand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225338 is the identifier assigned to this vulnerability. | 2023-04-08 | not yet calculated | CVE-2023-1951 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?p=products of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339. | 2023-04-08 | not yet calculated | CVE-2023-1952 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340. | 2023-04-08 | not yet calculated | CVE-2023-1953 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been rated as critical. This issue affects the function save_inventory of the file /admin/product/manage.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225341 was assigned to this vulnerability. | 2023-04-08 | not yet calculated | CVE-2023-1954 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225342 is the identifier assigned to this vulnerability. | 2023-04-08 | not yet calculated | CVE-2023-1955 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343. | 2023-04-08 | not yet calculated | CVE-2023-1956 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225344. | 2023-04-08 | not yet calculated | CVE-2023-1957 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability. | 2023-04-08 | not yet calculated | CVE-2023-1958 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability. | 2023-04-08 | not yet calculated | CVE-2023-1959 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225347. | 2023-04-08 | not yet calculated | CVE-2023-1960 MISC MISC MISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225348. | 2023-04-08 | not yet calculated | CVE-2023-1961 MISC MISC MISC |
cisco — identity_services_engine | Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | 2023-04-05 | not yet calculated | CVE-2023-20021 CISCO |
cisco — identity_services_engine | Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | 2023-04-05 | not yet calculated | CVE-2023-20022 CISCO |
cisco — identity_services_engine | Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | 2023-04-05 | not yet calculated | CVE-2023-20023 CISCO |
cisco — identity_services_engine | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of confidential information. A successful exploit could also cause the web application to perform arbitrary HTTP requests on behalf of the attacker or consume memory resources to reduce the availability of the web-based management interface. To successfully exploit this vulnerability, an attacker would need valid Super Admin or Policy Admin credentials. | 2023-04-05 | not yet calculated | CVE-2023-20030 CISCO |
cisco — packet_data_network_gateway | A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS). | 2023-04-05 | not yet calculated | CVE-2023-20051 CISCO |
cisco — prime_infrastructure_software | A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface on an affected device to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. | 2023-04-05 | not yet calculated | CVE-2023-20068 CISCO |
cisco — small_business_routers | A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device. | 2023-04-05 | not yet calculated | CVE-2023-20073 CISCO |
cisco — unified_contact_center_express | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering crafted text into various input fields within the web-based management interface. A successful exploit could allow the attacker to perform a stored XSS attack, which could allow the execution of scripts within the context of other users of the interface. | 2023-04-05 | not yet calculated | CVE-2023-20096 CISCO |
cisco — secure_network_analytics | A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the administrator user. | 2023-04-05 | not yet calculated | CVE-2023-20102 CISCO |
cisco — secure_network_analytics | A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this vulnerability by uploading a crafted file to an affected device. A successful exploit could allow the attacker to execute code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. | 2023-04-05 | not yet calculated | CVE-2023-20103 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20117 CISCO |
cisco — multiple_products | Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-04-05 | not yet calculated | CVE-2023-20121 CISCO |
cisco — multiple_products | Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-04-05 | not yet calculated | CVE-2023-20122 CISCO |
cisco — duo_two-factor_authentication | A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device. | 2023-04-05 | not yet calculated | CVE-2023-20123 CISCO |
cisco — small_business_routers | A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not released software updates that address this vulnerability. | 2023-04-05 | not yet calculated | CVE-2023-20124 CISCO |
cisco — multiple_products | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-04-05 | not yet calculated | CVE-2023-20127 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20128 CISCO |
cisco — multiple_products | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-04-05 | not yet calculated | CVE-2023-20129 CISCO |
cisco — multiple_products | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-04-05 | not yet calculated | CVE-2023-20130 CISCO |
cisco — multiple_products | Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-04-05 | not yet calculated | CVE-2023-20131 CISCO |
cisco — webex_meetings | Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-04-05 | not yet calculated | CVE-2023-20132 CISCO |
cisco — webex_meetings | Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-04-05 | not yet calculated | CVE-2023-20134 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20137 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20138 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20139 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20140 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20141 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20142 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20143 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20144 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20145 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20146 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20147 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20148 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20149 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20150 CISCO |
cisco — small_business_routers | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. | 2023-04-05 | not yet calculated | CVE-2023-20151 CISCO |
cisco — identity_services_engine | Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | 2023-04-05 | not yet calculated | CVE-2023-20152 CISCO |
cisco — identity_services_engine | Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | 2023-04-05 | not yet calculated | CVE-2023-20153 CISCO |
amd — multiple_products | Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. | 2023-04-02 | not yet calculated | CVE-2023-20558 MISC |
amd — multiple_products | Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. | 2023-04-02 | not yet calculated | CVE-2023-20559 MISC |
mediatek — keyinstall | In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589135. | 2023-04-06 | not yet calculated | CVE-2023-20652 MISC |
mediatek — keyinstall | In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589144. | 2023-04-06 | not yet calculated | CVE-2023-20653 MISC |
mediatek — keyinstall | In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589148. | 2023-04-06 | not yet calculated | CVE-2023-20654 MISC |
mediatek — mmsdk | In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022. | 2023-04-06 | not yet calculated | CVE-2023-20655 MISC |
mediatek — geniezone | In geniezone, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571494; Issue ID: ALPS07571494. | 2023-04-06 | not yet calculated | CVE-2023-20656 MISC |
mediatek — mtee | In mtee, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571485; Issue ID: ALPS07571485. | 2023-04-06 | not yet calculated | CVE-2023-20657 MISC |
mediatek — isp | In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396. | 2023-04-06 | not yet calculated | CVE-2023-20658 MISC |
mediatek — wlan | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588413. | 2023-04-06 | not yet calculated | CVE-2023-20659 MISC |
mediatek — wlan | In wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588383; Issue ID: ALPS07588383. | 2023-04-06 | not yet calculated | CVE-2023-20660 MISC |
mediatek — wlan | In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560782; Issue ID: ALPS07560782. | 2023-04-06 | not yet calculated | CVE-2023-20661 MISC |
mediatek — wlan | In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560765; Issue ID: ALPS07560765. | 2023-04-06 | not yet calculated | CVE-2023-20662 MISC |
mediatek — wlan | In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560741; Issue ID: ALPS07560741. | 2023-04-06 | not yet calculated | CVE-2023-20663 MISC |
mediatek — gz | In gz, there is a possible double free due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505952; Issue ID: ALPS07505952. | 2023-04-06 | not yet calculated | CVE-2023-20664 MISC |
mediatek — ril | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628604. | 2023-04-06 | not yet calculated | CVE-2023-20665 MISC |
mediatek — display_drm | In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173. | 2023-04-06 | not yet calculated | CVE-2023-20666 MISC |
mediatek — audio | In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710. | 2023-04-06 | not yet calculated | CVE-2023-20670 MISC |
mediatek — wlan | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588552. | 2023-04-06 | not yet calculated | CVE-2023-20674 MISC |
mediatek — wlan | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588569. | 2023-04-06 | not yet calculated | CVE-2023-20675 MISC |
mediatek — wlan | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07628518. | 2023-04-06 | not yet calculated | CVE-2023-20676 MISC |
mediatek — wlan | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436. | 2023-04-06 | not yet calculated | CVE-2023-20677 MISC |
mediatek — wlan | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588453. | 2023-04-06 | not yet calculated | CVE-2023-20679 MISC |
mediatek — adsp | In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785. | 2023-04-06 | not yet calculated | CVE-2023-20680 MISC |
mediatek — adsp | In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696134; Issue ID: ALPS07696134. | 2023-04-06 | not yet calculated | CVE-2023-20681 MISC |
mediatek — wlan | In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441605; Issue ID: ALPS07441605. | 2023-04-06 | not yet calculated | CVE-2023-20682 MISC |
mediatek — vdec | In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671069; Issue ID: ALPS07671069. | 2023-04-06 | not yet calculated | CVE-2023-20684 MISC |
mediatek — vdec | In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608575; Issue ID: ALPS07608575. | 2023-04-06 | not yet calculated | CVE-2023-20685 MISC |
mediatek — display_drm | In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570826; Issue ID: ALPS07570826. | 2023-04-06 | not yet calculated | CVE-2023-20686 MISC |
mediatek — display_drm | In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570772; Issue ID: ALPS07570772. | 2023-04-06 | not yet calculated | CVE-2023-20687 MISC |
mediatek — power | In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441821; Issue ID: ALPS07441821. | 2023-04-06 | not yet calculated | CVE-2023-20688 MISC |
cisco_talos_intelligence_group — ichitaro_word_processor_2022 | An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2023-04-05 | not yet calculated | CVE-2023-22291 MISC MISC |
cisco_talos_intelligence_group — ichitaro_word_processor_2022 | A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document. | 2023-04-05 | not yet calculated | CVE-2023-22660 MISC MISC |
sourcecodester — simple_guestbook_management_system | Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and Comments. | 2023-04-06 | not yet calculated | CVE-2023-22985 MISC MISC |
sato – cl4nx_plus_printer | An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes. | 2023-03-31 | not yet calculated | CVE-2023-23594 MISC MISC MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions. | 2023-04-04 | not yet calculated | CVE-2023-23685 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions. | 2023-04-04 | not yet calculated | CVE-2023-23686 MISC |
github — enterprise_server | An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users’ secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist’s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. | 2023-04-07 | not yet calculated | CVE-2023-23761 MISC MISC MISC MISC MISC |
github — enterprise_server | An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. | 2023-04-07 | not yet calculated | CVE-2023-23762 MISC MISC MISC MISC MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin <= 1.1.4 versions. | 2023-04-07 | not yet calculated | CVE-2023-23799 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions. | 2023-04-06 | not yet calculated | CVE-2023-23801 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Jackson Multi-column Tag Map plugin <= 17.0.24 versions. | 2023-04-06 | not yet calculated | CVE-2023-23815 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin <= 1.2 versions. | 2023-04-04 | not yet calculated | CVE-2023-23821 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 versions. | 2023-04-04 | not yet calculated | CVE-2023-23870 MISC |
wordpress — wordpress | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions. | 2023-04-04 | not yet calculated | CVE-2023-23878 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions. | 2023-04-07 | not yet calculated | CVE-2023-23885 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.1 versions. Needs the OceanWP theme installed and activated. | 2023-04-06 | not yet calculated | CVE-2023-23891 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeThemes Blocksy Companion plugin <= 1.8.67 versions. | 2023-04-06 | not yet calculated | CVE-2023-23898 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions. | 2023-04-06 | not yet calculated | CVE-2023-23971 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions. | 2023-04-06 | not yet calculated | CVE-2023-23972 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin <= 1.6.1 versions. | 2023-04-04 | not yet calculated | CVE-2023-23977 MISC |
wordpress — wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions. | 2023-04-06 | not yet calculated | CVE-2023-23979 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin <= 1.2.54.0 versions. | 2023-04-06 | not yet calculated | CVE-2023-23980 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions. | 2023-04-06 | not yet calculated | CVE-2023-23981 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions. | 2023-04-06 | not yet calculated | CVE-2023-23982 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions. | 2023-04-06 | not yet calculated | CVE-2023-23987 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions. | 2023-04-07 | not yet calculated | CVE-2023-23994 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.3 versions. | 2023-04-06 | not yet calculated | CVE-2023-23996 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin <= 1.3.0 versions. | 2023-04-06 | not yet calculated | CVE-2023-23998 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.9 versions. | 2023-04-06 | not yet calculated | CVE-2023-24001 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions. | 2023-04-06 | not yet calculated | CVE-2023-24002 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPress Popup plugin <= 2.1.4.8 versions. | 2023-04-06 | not yet calculated | CVE-2023-24003 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions. | 2023-04-06 | not yet calculated | CVE-2023-24004 MISC |
wordpress — wordpress | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions. | 2023-04-06 | not yet calculated | CVE-2023-24006 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions. | 2023-04-06 | not yet calculated | CVE-2023-24374 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeat Glossary plugin <= 2.1.27 versions. | 2023-04-06 | not yet calculated | CVE-2023-24378 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions. | 2023-04-06 | not yet calculated | CVE-2023-24383 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions. | 2023-04-06 | not yet calculated | CVE-2023-24387 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions. | 2023-04-06 | not yet calculated | CVE-2023-24396 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions. | 2023-04-07 | not yet calculated | CVE-2023-24398 MISC |
wordpress — wordpress | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions. | 2023-04-07 | not yet calculated | CVE-2023-24402 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions. | 2023-04-06 | not yet calculated | CVE-2023-24403 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin <= 2.0.7 versions. | 2023-04-06 | not yet calculated | CVE-2023-24411 MISC |
go — go | HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers. | 2023-04-06 | not yet calculated | CVE-2023-24534 MISC MISC MISC MISC |
go — go | Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. | 2023-04-06 | not yet calculated | CVE-2023-24536 MISC MISC MISC MISC MISC MISC |
go — go | Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. | 2023-04-06 | not yet calculated | CVE-2023-24537 MISC MISC MISC MISC |
go — go | Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. “var a = {{.}}”), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. | 2023-04-06 | not yet calculated | CVE-2023-24538 MISC MISC MISC MISC |
gnu_screen — gnu_screen | socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. | 2023-04-08 | not yet calculated | CVE-2023-24626 CONFIRM MISC MISC |
readium_js — readium_js | An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file. | 2023-04-05 | not yet calculated | CVE-2023-24720 MISC |
sas — sasadmin | A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface (SASAdmin). For the product release, the reported version is 9.4_M2 and the fixed version is 9.4_M3. For the SAS release, the reported version is 9.4 TS1M2 and the fixed version is 9.4 TS1M3. | 2023-04-03 | not yet calculated | CVE-2023-24724 MISC MISC CONFIRM |
jfinal_cms — jfinal_cms | Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list. | 2023-04-05 | not yet calculated | CVE-2023-24747 MISC |
d_link — dir878_dir_878_fw120b05 | D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-24797 MISC MISC |
d_link — dir878_dir_878_fw120b05 | D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-24798 MISC MISC |
d_link — dir878_dir_878_fw120b05 |
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-24799 MISC MISC |
d_link — dir878_dir_878_fw120b05 |
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-24800 MISC MISC |
wordpress — wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions. | 2023-04-07 | not yet calculated | CVE-2023-25020 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.8 versions. | 2023-04-07 | not yet calculated | CVE-2023-25022 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saleswonder.Biz Webinar ignition plugin <= 2.14.2 versions. | 2023-04-07 | not yet calculated | CVE-2023-25023 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Icegram Icegram Collect plugin <= 1.3.8 versions. | 2023-04-07 | not yet calculated | CVE-2023-25024 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions. | 2023-04-07 | not yet calculated | CVE-2023-25027 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions. | 2023-04-07 | not yet calculated | CVE-2023-25031 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme <= 2.0.6 versions. | 2023-04-07 | not yet calculated | CVE-2023-25041 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions. | 2023-04-07 | not yet calculated | CVE-2023-25046 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions. | 2023-04-07 | not yet calculated | CVE-2023-25049 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions. | 2023-04-07 | not yet calculated | CVE-2023-25059 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions. | 2023-04-07 | not yet calculated | CVE-2023-25061 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions. | 2023-04-06 | not yet calculated | CVE-2023-25062 MISC |
tenda — ac5 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-25210 MISC |
tenda — ac5 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-25211 MISC |
tenda — ac5 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-25212 MISC |
tenda — ac5 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-25213 MISC |
tenda — ac5 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-25214 MISC |
tenda — ac5 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-25215 MISC |
tenda — ac5 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-25216 MISC |
tenda — ac5 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-25217 MISC |
tenda — ac5 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-25218 MISC MISC |
tenda — ac5 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-25219 MISC |
tenda — ac5 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-25220 MISC MISC |
atlauncher — atlauncher | ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory. | 2023-04-04 | not yet calculated | CVE-2023-25303 MISC MISC |
polymc_launcher — polymc_launcher | PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory. | 2023-04-04 | not yet calculated | CVE-2023-25305 MISC MISC |
mybatis_plus — mybaties_plus | A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. | 2023-04-05 | not yet calculated | CVE-2023-25330 MISC |
coredial — sipxcom | CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`. | 2023-04-04 | not yet calculated | CVE-2023-25355 MISC |
coredial — sipxcom | CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution. | 2023-04-04 | not yet calculated | CVE-2023-25356 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions. | 2023-04-07 | not yet calculated | CVE-2023-25442 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions. | 2023-04-07 | not yet calculated | CVE-2023-25464 MISC |
dell — trusted_device_agent | Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges. | 2023-04-06 | not yet calculated | CVE-2023-25542 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. | 2023-04-07 | not yet calculated | CVE-2023-25702 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin <= 1.9.6 versions. | 2023-04-07 | not yet calculated | CVE-2023-25705 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0 versions. | 2023-04-07 | not yet calculated | CVE-2023-25711 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions. | 2023-04-07 | not yet calculated | CVE-2023-25712 MISC |
wordpress — wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. | 2023-04-07 | not yet calculated | CVE-2023-25713 MISC |
wordpress — wordpress | Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions. | 2023-04-07 | not yet calculated | CVE-2023-25716 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees. | 2023-04-04 | not yet calculated | CVE-2023-25940 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. | 2023-04-04 | not yet calculated | CVE-2023-25941 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service. | 2023-04-04 | not yet calculated | CVE-2023-25942 MISC |
arm_developer — mali_gpu_kernel_driver | Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 – r32p0, Bifrost GPU Kernel Driver all versions from r0p0 – r42p0, Valhall GPU Kernel Driver all versions from r19p0 – r42p0, and Avalon GPU Kernel Driver all versions from r41p0 – r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata. | 2023-04-06 | not yet calculated | CVE-2023-26083 MISC MISC CONFIRM |
configobj — configobj | All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file. | 2023-04-03 | not yet calculated | CVE-2023-26112 MISC MISC |
apache — james_server |
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users. | 2023-04-03 | not yet calculated | CVE-2023-26269 MISC |
powerdns — recursor | Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3. | 2023-04-04 | not yet calculated | CVE-2023-26437 MISC |
wordpress — wordpress | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.05 versions. | 2023-04-05 | not yet calculated | CVE-2023-26536 MISC |
tinytiff – tinytiffreader | Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file. | 2023-04-04 | not yet calculated | CVE-2023-26733 MISC MISC |
yiisoft — yii_framework | SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows a remote attacker to execute arbitrary code via the runAction function. | 2023-04-04 | not yet calculated | CVE-2023-26750 MISC |
monitorr — monitorr |
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. | 2023-04-04 | not yet calculated | CVE-2023-26775 MISC MISC MISC MISC |
monitorr — monitorr | Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file. | 2023-04-04 | not yet calculated | CVE-2023-26776 MISC MISC MISC MISC MISC |
uptime_kuma — uptime_kuma | Cross Site Scripting vulnerability found in :ouislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint. | 2023-04-04 | not yet calculated | CVE-2023-26777 MISC MISC |
veritas — netbackup_opscenter | Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user’s browser. | 2023-04-05 | not yet calculated | CVE-2023-26789 MISC MISC |
codefever — codefever | codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php. | 2023-04-07 | not yet calculated | CVE-2023-26817 MISC |
siteproxy — siteproxy | siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js. | 2023-04-07 | not yet calculated | CVE-2023-26820 MISC |
totolink — a7100ru | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. | 2023-04-07 | not yet calculated | CVE-2023-26848 MISC |
churchcrm — churchcrm | The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords. | 2023-04-04 | not yet calculated | CVE-2023-26855 MISC |
sourcecodester — dynamic_transaction_queuing_system | Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login. | 2023-04-05 | not yet calculated | CVE-2023-26856 MISC |
sourcecodester — dynamic_transaction_queuing_system | An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2023-04-05 | not yet calculated | CVE-2023-26857 MISC |
greenpacket — oh736 | GreenPacket OH736’s WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover. | 2023-04-04 | not yet calculated | CVE-2023-26866 MISC |
quectel — ag550qcn | OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via ql_atfwd. | 2023-04-04 | not yet calculated | CVE-2023-26921 MISC |
infranview — infranview | Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0. | 2023-04-04 | not yet calculated | CVE-2023-26974 MISC |
totolink — a7100ru | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. | 2023-04-07 | not yet calculated | CVE-2023-26978 MISC |
swftools — swftools | SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c. | 2023-04-04 | not yet calculated | CVE-2023-26991 MISC |
tenda — ac10 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27012 MISC |
tenda — ac10 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27013 MISC |
tenda — ac10 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27014 MISC |
tenda — ac10 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27015 MISC |
tenda — ac10 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27016 MISC |
tenda — ac10 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27017 MISC |
tenda — ac10 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27018 MISC |
tenda — ac10 |
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27019 MISC |
tenda — ac10 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27020 MISC |
tenda — ac10 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27021 MISC |
prestashop — cdesigner | Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). | 2023-04-07 | not yet calculated | CVE-2023-27033 MISC MISC |
ehuacui — bbs | Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter. | 2023-04-04 | not yet calculated | CVE-2023-27089 MISC MISC |
xiaobingby — teacms | An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s). | 2023-04-04 | not yet calculated | CVE-2023-27091 MISC MISC |
gdidees — cms | GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php. | 2023-04-07 | not yet calculated | CVE-2023-27180 MISC MISC MISC |
envoyproxy — envoy | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue. | 2023-04-04 | not yet calculated | CVE-2023-27487 MISC |
envoyproxy — envoy | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service. When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with “failure_mode_allow: true“, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests. As of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a `!` character. This behavioral change can be temporarily reverted by setting runtime guard `envoy.reloadable_features.service_sanitize_non_utf8_strings` to false. As a workaround, one may set `failure_mode_allow: false` for `ext_authz`. | 2023-04-04 | not yet calculated | CVE-2023-27488 MISC |
envoyproxy — envoy | Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9. | 2023-04-04 | not yet calculated | CVE-2023-27491 MISC MISC MISC MISC |
envoyproxy — envoy | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes. As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter. | 2023-04-04 | not yet calculated | CVE-2023-27492 MISC |
envoyproxy — envoy | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties. | 2023-04-04 | not yet calculated | CVE-2023-27493 MISC |
envoyproxy — envoy | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script). | 2023-04-04 | not yet calculated | CVE-2023-27496 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions. | 2023-04-07 | not yet calculated | CVE-2023-27620 MISC |
edb-debugger — edb-debugger | An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker to causea denial of service via the collect_symbols function in plugins/BinaryInfo/symbols.cpp. | 2023-04-04 | not yet calculated | CVE-2023-27734 MISC |
wondershare_technology — edrawmind | An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file. | 2023-04-04 | not yet calculated | CVE-2023-27759 MISC |
wondershare_technology — filmora | An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allows a remote attacker to execute arbitrary commands via the filmora_setup_full846.exe. | 2023-04-04 | not yet calculated | CVE-2023-27760 MISC |
wondershare_technology — uniconverter | An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter14_64bit_setup_full14204.exe file. | 2023-04-04 | not yet calculated | CVE-2023-27761 MISC |
wondershare_technology — democreator | An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file. | 2023-04-04 | not yet calculated | CVE-2023-27762 MISC |
wondershare_technology — mobiletrans | An issue found in Wondershare Technology Co., Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file. | 2023-04-04 | not yet calculated | CVE-2023-27763 MISC |
wondershare_technology — repairit | An issue found in Wondershare Technology Co., Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file. | 2023-04-04 | not yet calculated | CVE-2023-27764 MISC |
wondershare_technology — recoverit | An issue found in Wondershare Technology Co., Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file. | 2023-04-04 | not yet calculated | CVE-2023-27765 MISC |
wondershare_technology — anireel | An issue found in Wondershare Technology Co., Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file. | 2023-04-04 | not yet calculated | CVE-2023-27766 MISC |
wondershare_technology — dr.fone | An issue found in Wondershare Technology Co., Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file. | 2023-04-04 | not yet calculated | CVE-2023-27767 MISC |
wondershare_technology — pdfelement | An issue found in Wondershare Technology Co., Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file. | 2023-04-04 | not yet calculated | CVE-2023-27768 MISC |
wondershare_technology — pdf_reader | An issue found in Wondershare Technology Co., Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file. | 2023-04-04 | not yet calculated | CVE-2023-27769 MISC |
wondershare_technology — edraw-max | An issue found in Wondershare Technology Co., Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file. | 2023-04-04 | not yet calculated | CVE-2023-27770 MISC |
wondershare_technology — creative_centerr | An issue found in Wondershare Technology Co., Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file. | 2023-04-04 | not yet calculated | CVE-2023-27771 MISC |
phicomm — h3c_magic_r100 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27801 MISC |
phicomm — h3c_magic_r100 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parameter at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27802 MISC |
phicomm — h3c_magic_r100 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27803 MISC |
phicomm — h3c_magic_r100 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27804 MISC |
phicomm — h3c_magic_r100 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27805 MISC |
phicomm — h3c_magic_r100 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27806 MISC |
phicomm — h3c_magic_r100 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27807 MISC |
phicomm — h3c_magic_r100 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27808 MISC |
phicomm — h3c_magic_r100 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. | 2023-04-07 | not yet calculated | CVE-2023-27810 MISC |
ibm — tritiga_application_platform | IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975. | 2023-04-07 | not yet calculated | CVE-2023-27876 MISC MISC |
dell — diplay_manager | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. | 2023-04-06 | not yet calculated | CVE-2023-28046 MISC |
dell — power_manager | Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system. | 2023-04-07 | not yet calculated | CVE-2023-28051 MISC |
dell — streaming_data_platform | Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks. | 2023-04-05 | not yet calculated | CVE-2023-28069 MISC |
zoho — manageengine | Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API. | 2023-04-05 | not yet calculated | CVE-2023-28342 MISC MISC |
samsung — multiple_products | An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments. | 2023-04-04 | not yet calculated | CVE-2023-28613 MISC MISC MISC |
openidc — mod_auth_openidc | mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`. | 2023-04-03 | not yet calculated | CVE-2023-28625 MISC MISC MISC MISC |
glpi-project — glpi | GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the “forgotten password” feature. By modifying emails, the user can also receive sensitive data through GLPI notifications. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, account takeover can be prevented by deactivating all notifications related to `Forgotten password?` event. However, it will not prevent unauthorized modification of any user emails. | 2023-04-05 | not yet calculated | CVE-2023-28632 MISC MISC MISC |
glpi-project — glpi | GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature does not check safety or URLs. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | 2023-04-05 | not yet calculated | CVE-2023-28633 MISC MISC MISC MISC |
glpi-project — glpi | GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | 2023-04-05 | not yet calculated | CVE-2023-28634 MISC MISC MISC |
glpi-project — glpi | GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7. | 2023-04-05 | not yet calculated | CVE-2023-28636 MISC MISC MISC |
glpi-project — glpi | GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is fixed in versions 9.5.13 and 10.0.7. | 2023-04-05 | not yet calculated | CVE-2023-28639 MISC CONFIRM MISC |
apache — airflow_hive_provider | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider: before 6.0.0. | 2023-04-07 | not yet calculated | CVE-2023-28706 MISC MISC MISC |
apache — airflow_drill_provider | Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. This issue affects Apache Airflow Drill Provider: before 2.3.2. | 2023-04-07 | not yet calculated | CVE-2023-28707 MISC MISC MISC |
apache — airflow_spark_provider | Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider. This issue affects Apache Airflow Spark Provider: before 4.0.1. | 2023-04-07 | not yet calculated | CVE-2023-28710 MISC MISC MISC |
wordpress — wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions. | 2023-04-07 | not yet calculated | CVE-2023-28781 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions. | 2023-04-07 | not yet calculated | CVE-2023-28789 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions. | 2023-04-07 | not yet calculated | CVE-2023-28792 MISC |
nextcloud — server/enterprise_server | Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get the full data directory path of the Nextcloud server from an API endpoint. By itself this information is not problematic as it can also be guessed for most common setups, but it could speed up other unknown attacks in the future if the information is known. Nextcloud Server 24.0.6 and 25.0.4 and Nextcloud Enterprise Server 23.0.11, 24.0.6, and 25.0.4 contain patches for this issue. There are no known workarounds. | 2023-04-03 | not yet calculated | CVE-2023-28834 MISC MISC MISC MISC |
wagtail — wagtail | Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user’s credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the “Choose a parent page” ModelAdmin view (`ChooseParentView`), available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view (`InspectView`) when displaying document fields. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2. Site owners who are unable to upgrade to the new versions can disable or override the corresponding functionality. | 2023-04-03 | not yet calculated | CVE-2023-28836 MISC MISC MISC MISC MISC MISC MISC MISC |
wagtail — wagtail | Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail’s handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents. Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files. | 2023-04-03 | not yet calculated | CVE-2023-28837 MISC MISC MISC MISC MISC MISC MISC MISC |
glpi-project — glpi | GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, remove `Assistance > Statistics` and `Tools > Reports` read rights from every user. | 2023-04-05 | not yet calculated | CVE-2023-28838 MISC MISC MISC |
moby — moby | Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet’s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime’s 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster. | 2023-04-04 | not yet calculated | CVE-2023-28840 MISC MISC MISC MISC MISC MISC MISC |
moby — moby | Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet’s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. An iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation. Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees. It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime’s 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster. | 2023-04-04 | not yet calculated | CVE-2023-28841 MISC MISC MISC MISC MISC MISC MISC MISC |
moby — moby | Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet’s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. The `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate. Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime’s 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec. | 2023-04-04 | not yet calculated | CVE-2023-28842 MISC MISC MISC MISC MISC |
nextcloud — nextcloud | user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available. | 2023-04-04 | not yet calculated | CVE-2023-28848 MISC MISC MISC |
glpi-project — glpi | GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory. | 2023-04-05 | not yet calculated | CVE-2023-28849 MISC MISC |
pimcore — pimcore | Pimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. This vulnerability has the potential to steal a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie or redirect users to other malicious sites. Version 1.5.1 has a patch. As a workaround, one may apply the patch manually. | 2023-04-03 | not yet calculated | CVE-2023-28850 MISC MISC MISC |
silverstripe — silverstripe | Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack. The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge error, and has been re-patched in versions 2.2.5 and 3.1.1. There are no known workarounds for this vulnerability. | 2023-04-03 | not yet calculated | CVE-2023-28851 MISC MISC |
glpi-project — glpi | GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | 2023-04-05 | not yet calculated | CVE-2023-28852 MISC MISC MISC |
mastodon — mastodon | Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection attack to leak arbitrary attributes from LDAP database. This issue is fixed in versions 3.5.8, 4.0.4, and 4.1.2. | 2023-04-04 | not yet calculated | CVE-2023-28853 MISC MISC MISC MISC MISC MISC MISC |
nophp — nophp | nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function such as `env_patchsample230330.php` to env.php. | 2023-04-03 | not yet calculated | CVE-2023-28854 MISC MISC MISC |
glpi-project — glpi | Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue. | 2023-04-05 | not yet calculated | CVE-2023-28855 MISC MISC MISC MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions. | 2023-04-07 | not yet calculated | CVE-2023-28993 MISC |
nextcloud — desktop_client | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available. | 2023-04-04 | not yet calculated | CVE-2023-28997 MISC MISC MISC |
nextcloud — desktop_client | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files.? Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available. | 2023-04-04 | not yet calculated | CVE-2023-28998 MISC MISC MISC |
nextcloud — desktop_client | Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.? This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available. | 2023-04-04 | not yet calculated | CVE-2023-28999 MISC MISC MISC |
nextcloud — desktop_client | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available. | 2023-04-04 | not yet calculated | CVE-2023-29000 MISC MISC MISC |
sveltekit — sveltekit | SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. While the implementation does a sufficient job in mitigating common CSRF attacks, prior to version 1.15.1, the protection can be bypassed by simply specifying a different `Content-Type` header value. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim’s session, and in extreme scenarios can lead to unauthorized access to users’ accounts. SvelteKit 1.15.1 updates the `is_form_content_type` function call in the CSRF protection logic to include `text/plain`. As additional hardening of the CSRF protection mechanism against potential method overrides, SvelteKit 1.15.1 is now performing validation on `PUT`, `PATCH` and `DELETE` methods as well. This latter hardening is only needed to protect users who have put in some sort of `?_method= override` feature themselves in their `handle` hook, so that the request that resolve sees could be `PUT`/`PATCH`/`DELETE` when the browser issues a `POST` request. | 2023-04-04 | not yet calculated | CVE-2023-29003 MISC MISC MISC |
glpi-project — glpi | The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin. | 2023-04-05 | not yet calculated | CVE-2023-29006 MISC MISC |
sveltekit — sveltekit | The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. The protection is implemented at `kit/src/runtime/server/respond.js`. While the implementation does a sufficient job of mitigating common CSRF attacks, the protection can be bypassed in versions prior to 1.15.2 by simply specifying an upper-cased `Content-Type` header value. The browser will not send uppercase characters, but this check does not block all expected CORS requests. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim’s session, and in extreme scenarios can lead to unauthorized access to users’ accounts. This may lead to all POST operations requiring authentication being allowed in the following cases: If the target site sets `SameSite=None` on its auth cookie and the user visits a malicious site in a Chromium-based browser; if the target site doesn’t set the `SameSite` attribute explicitly and the user visits a malicious site with Firefox/Safari with tracking protections turned off; and/or if the user is visiting a malicious site with a very outdated browser. SvelteKit 1.15.2 contains a patch for this issue. It is also recommended to explicitly set `SameSite` to a value other than `None` on authentication cookies especially if the upgrade cannot be done in a timely manner. | 2023-04-06 | not yet calculated | CVE-2023-29008 MISC MISC |
budibase — budibase | Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed. | 2023-04-06 | not yet calculated | CVE-2023-29010 MISC MISC MISC |
goobi_viewer — goobi_viewer | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user’s browser. The vulnerability has been fixed in version 23.03. | 2023-04-06 | not yet calculated | CVE-2023-29014 MISC MISC |
goobi_viewer — goobi_viewer | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user’s browser when displaying the comment. The vulnerability has been fixed in version 23.03. | 2023-04-06 | not yet calculated | CVE-2023-29015 MISC MISC |
goobi_viewer — goobi_viewer | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts into their profile’s nickname, resulting in the execution in the user’s browser when displaying the nickname on certain pages. The vulnerability has been fixed in version 23.03. | 2023-04-06 | not yet calculated | CVE-2023-29016 MISC MISC |
vm2_sandbox — vm2_sandbox | vm2 is a sandbox that can run untrusted code with whitelisted Node’s built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds. | 2023-04-06 | not yet calculated | CVE-2023-29017 MISC MISC MISC MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.20 versions. | 2023-04-07 | not yet calculated | CVE-2023-29094 MISC |
mediawiki — mediawiki | An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. | 2023-03-31 | not yet calculated | CVE-2023-29141 MISC MISC FEDORA |
wordpress — wordpress | Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions. | 2023-04-07 | not yet calculated | CVE-2023-29170 MISC |
wordpress — wordpress | Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions. | 2023-04-07 | not yet calculated | CVE-2023-29171 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions. | 2023-04-07 | not yet calculated | CVE-2023-29172 MISC |
twitter — twitter_recommendation_algorithm | The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023. | 2023-04-03 | not yet calculated | CVE-2023-29218 MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Outdoor theme <= 3.9.6 versions. | 2023-04-07 | not yet calculated | CVE-2023-29236 MISC |
openbsd — openbsd | ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address. | 2023-04-04 | not yet calculated | CVE-2023-29323 MISC MISC MISC MISC MISC MISC MISC |
langchain — langchain | In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. | 2023-04-05 | not yet calculated | CVE-2023-29374 MISC MISC MISC MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions. | 2023-04-07 | not yet calculated | CVE-2023-29388 MISC |
toyota — rav4_2021 | Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged “Key is validated” messages via CAN Injection, as exploited in the wild in (for example) July 2022. | 2023-04-05 | not yet calculated | CVE-2023-29389 MISC MISC |
bzip3 — bzip3 | An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. | 2023-04-06 | not yet calculated | CVE-2023-29415 MISC MISC MISC |
bzip3 — bzip3 | An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. | 2023-04-06 | not yet calculated | CVE-2023-29416 MISC MISC MISC |
bzip3 — bzip3 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read. | 2023-04-06 | not yet calculated | CVE-2023-29418 MISC MISC MISC |
bzip3 — bzip3 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read. | 2023-04-06 | not yet calculated | CVE-2023-29419 MISC MISC MISC |
bzip3 — bzip3 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block. | 2023-04-06 | not yet calculated | CVE-2023-29420 MISC MISC MISC |
bzip3 — bzip3 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block. | 2023-04-06 | not yet calculated | CVE-2023-29421 MISC MISC |
sagemath — flintqs | SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS). | 2023-04-06 | not yet calculated | CVE-2023-29465 MISC MISC |
atos_unify — openscape_4000_platform | webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710. | 2023-04-06 | not yet calculated | CVE-2023-29473 MISC MISC |
atos_unify — openscape_4000_platform | inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23552. | 2023-04-06 | not yet calculated | CVE-2023-29474 MISC MISC |
atos_unify — openscape_4000_platform | inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23543. | 2023-04-06 | not yet calculated | CVE-2023-29475 MISC MISC |
bibliocraft — bibliocraft | BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution. | 2023-04-07 | not yet calculated | CVE-2023-29478 MISC |
redpanda — redpanda | rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches. | 2023-04-08 | not yet calculated | CVE-2023-30450 MISC MISC MISC MISC MISC |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.