US-CERT Vulnerability Summary for the Week of August 28, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
earcms — ear_app | An issue found in Earcms Ear App v.20181124 allows a remote cyber threat actor to execute arbitrary code via the uload/index-uplog.php. | 2023-08-29 | 9.8 | CVE-2020-18912 MISC MISC |
tripspark — veo_transportation_novusedu | TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the “Student Busing Information” search queries. | 2023-08-29 | 9.8 | CVE-2021-3262 MISC MISC MISC |
motorola_mobility — mbts_site_controller_firmware | Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled. | 2023-08-29 | 9.8 | CVE-2023-23770 MISC |
ibm — guardium_cloud_key_manager | IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote cyber threat actor to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, a cyber threat actor could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119. | 2023-08-28 | 9.8 | CVE-2023-26270 MISC MISC |
schweitzer_engineering_laboratories — sel-5037_sel_grid_configurator | An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow a cyber threat actor to run system commands with the highest-level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | 2023-08-31 | 9.8 | CVE-2023-31175 MISC MISC |
broadcom — brocade_sannav | Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization. | 2023-08-31 | 9.8 | CVE-2023-31424 MISC |
wordpress — wordpress | The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated cyber threat actors to log in as users who have orders, who are typically customers. | 2023-08-31 | 9.8 | CVE-2023-3162 MISC MISC MISC |
chitor-cms — chitor-cms | Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities. | 2023-08-30 | 9.8 | CVE-2023-31714 MISC MISC MISC MISC |
e-excellence — u-office_force | e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote cyber threat actor without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. | 2023-08-25 | 9.8 | CVE-2023-32757 MISC |
vmware — aria_operations_for_networks | Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. | 2023-08-29 | 9.8 | CVE-2023-34039 MISC MISC |
zoho_corp — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass. | 2023-08-28 | 9.8 | CVE-2023-35785 MISC MISC |
relic_project — relic | Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows cyber threat actors to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. | 2023-09-01 | 9.8 | CVE-2023-36326 MISC MISC |
relic_project — relic | Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows cyber threat actors to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function. | 2023-09-01 | 9.8 | CVE-2023-36327 MISC MISC |
libtom — libtommath | Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows cyber threat actors to execute arbitrary code and cause a denial of service (DoS). | 2023-09-01 | 9.8 | CVE-2023-36328 MISC FEDORA |
spotcam_co._ltd. — spotcam_fhd_2 | SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. A remote unauthenticated cyber threat actor can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. | 2023-08-28 | 9.8 | CVE-2023-38024 MISC |
spotcam_co._ltd. — spotcam_fhd_2 | SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. A remote unauthenticated cyber threat actor can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service. | 2023-08-28 | 9.8 | CVE-2023-38025 MISC |
spotcam_co._ltd. — spotcam_fhd_2 | SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. A remote cyber threat actor can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service. | 2023-08-28 | 9.8 | CVE-2023-38026 MISC |
spotcam_co._ltd. — spotcam_fhd_2 | SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. A remote unauthenticated cyber threat actor can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service. | 2023-08-28 | 9.8 | CVE-2023-38027 MISC |
saho — adm-100/adm-100fp | Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote cyber threat actor authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service. | 2023-08-28 | 9.8 | CVE-2023-38029 MISC |
ectouch — ectouch | ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr[‘id’] parameter at \default\helpers\insert.php. | 2023-08-28 | 9.8 | CVE-2023-39560 MISC |
langchain — langchain | An issue in LanChain-ai Langchain v.0.0.245 allows a remote cyber threat actor to execute arbitrary code via the evaluate function in the numexpr library. | 2023-09-01 | 9.8 | CVE-2023-39631 MISC MISC |
prestashop — theme_volty | Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single. | 2023-08-28 | 9.8 | CVE-2023-39650 MISC MISC |
prestashop — theme_volty | theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run(). | 2023-08-28 | 9.8 | CVE-2023-39652 MISC MISC |
icewarp — mail_server | IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows cyber threat actors to include or execute files from the local file system of the targeted server. | 2023-08-25 | 9.8 | CVE-2023-39699 MISC MISC MISC |
oracle — weblogic-framework | weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the data returned by the server without verifying it. At the same time, the classloader loads a lot of deserialization calls. In this case, the malicious serialized data returned by the server will cause remote code execution. Version 0.2.4 contains a patch for this issue. | 2023-08-25 | 9.8 | CVE-2023-40571 MISC MISC |
find-exec — find-exec | find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via a cyber threat actor-controlled parameter. As a result, cyber threat actors may run malicious shell commands in the context of the running process. This issue has been addressed in version 1.0.3. users are advised to upgrade. Users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source. | 2023-08-30 | 9.8 | CVE-2023-40582 MISC MISC |
splunk — enterprise/cloud_platform | In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, a cyber threat actor can execute a specially crafted query that they can then use to serialize untrusted data. The cyber threat actor can use the query to execute arbitrary code. | 2023-08-30 | 9.8 | CVE-2023-40595 MISC |
phpjabbers — food_delivery_script | PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the “q” parameter of index.php. | 2023-08-28 | 9.8 | CVE-2023-40748 MISC MISC |
phpjabbers — food_delivery_script | PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the “column” parameter of index.php. | 2023-08-28 | 9.8 | CVE-2023-40749 MISC MISC |
phpjabbers — callback_widget | User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-28 | 9.8 | CVE-2023-40756 MISC MISC |
phpjabbers — food_delivery_script | User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-28 | 9.8 | CVE-2023-40757 MISC MISC |
phpjabbers — document_creator | User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-28 | 9.8 | CVE-2023-40758 MISC MISC |
phpjabbers — restaurant_booking_script | User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-28 | 9.8 | CVE-2023-40759 MISC MISC |
phpjabbers — hotel_booking_system | User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-28 | 9.8 | CVE-2023-40760 MISC MISC |
phpjabbers — yacht_listing_script | User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-28 | 9.8 | CVE-2023-40761 MISC MISC |
phpjabbers — fundraising_script | User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-28 | 9.8 | CVE-2023-40762 MISC MISC |
phpjabbers — taxi_booking_script | User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-28 | 9.8 | CVE-2023-40763 MISC MISC |
phpjabbers — jabbers_car_rental_script | User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-28 | 9.8 | CVE-2023-40764 MISC MISC |
phpjabbers — event_booking_calendar | User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-28 | 9.8 | CVE-2023-40765 MISC MISC |
phpjabbers — ticket_support_script | User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-28 | 9.8 | CVE-2023-40766 MISC MISC |
phpjabbers — make_an_offer_widget | User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-28 | 9.8 | CVE-2023-40767 MISC MISC |
bladex — springblade | In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. | 2023-08-29 | 9.8 | CVE-2023-40787 MISC MISC |
tenda — ac23_firmware | Tenda AC23 V16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function. | 2023-08-25 | 9.8 | CVE-2023-40799 MISC |
tenda — ac6_firmware | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function ‘sub_ADD50’ contains a command execution vulnerability. In the “formSetIptv” function, obtaining the “list” and “vlanId” fields, unfiltered passing these two fields as parameters to the “sub_ADD50” function to execute commands. | 2023-08-30 | 9.8 | CVE-2023-40837 MISC |
tenda — ac6_firmware | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function ‘sub_3A1D0’ contains a command execution vulnerability. | 2023-08-30 | 9.8 | CVE-2023-40838 MISC |
tenda — ac6_firmware | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998. | 2023-08-28 | 9.8 | CVE-2023-40846 MISC |
zbar_project — zbar | A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, a cyber threat actor can digitally input the malicious QR code or prepare it to be physically scanned by the vulnerable scanner. | 2023-08-29 | 9.8 | CVE-2023-40889 MISC |
zbar_project — zbar | A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, a cyber threat actor can digitally input the malicious QR code or prepare it to be physically scanned by the vulnerable scanner. | 2023-08-29 | 9.8 | CVE-2023-40890 MISC |
patton_electronics — smartnode_sn200_firmware | SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection. | 2023-08-28 | 9.8 | CVE-2023-41109 MISC MISC |
frrouting — frrouting_frr | An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. | 2023-08-29 | 9.8 | CVE-2023-41361 MISC |
tenda — ac9 | Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set. | 2023-08-30 | 9.8 | CVE-2023-41552 MISC |
tenda — ac9 | Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg. | 2023-08-30 | 9.8 | CVE-2023-41553 MISC |
tenda — ac9 | Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet. | 2023-08-30 | 9.8 | CVE-2023-41554 MISC |
tenda — ac7 | Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet. | 2023-08-30 | 9.8 | CVE-2023-41555 MISC |
tenda — ac9 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind. | 2023-08-30 | 9.8 | CVE-2023-41556 MISC |
tenda — ac7 | Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat. | 2023-08-30 | 9.8 | CVE-2023-41557 MISC |
tenda — ac7 | Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg. | 2023-08-30 | 9.8 | CVE-2023-41558 MISC |
tenda — ac9 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting. | 2023-08-30 | 9.8 | CVE-2023-41559 MISC |
tenda — ac9 | Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg. | 2023-08-30 | 9.8 | CVE-2023-41560 MISC |
tenda — ac9 | Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg. | 2023-08-30 | 9.8 | CVE-2023-41561 MISC |
tenda — ac9 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet. | 2023-08-30 | 9.8 | CVE-2023-41562 MISC |
tenda — ac9 | Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo. | 2023-08-30 | 9.8 | CVE-2023-41563 MISC |
grupposcai — realgimm | A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows cyber threat actors to access the database and execute arbitrary commands via a crafted SQL query. | 2023-08-31 | 9.8 | CVE-2023-41636 MISC |
grupposcai — realgimm | An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows cyber threat actors to execute arbitrary code via uploading a crafted HTML file. | 2023-08-31 | 9.8 | CVE-2023-41637 MISC |
dlink — dar-8000-10 | A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-25 | 9.8 | CVE-2023-4542 MISC MISC MISC |
ibos — ibos | A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. This vulnerability affects unknown code of the file ?r=recruit/contact/export&contactids=x. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-25 | 9.8 | CVE-2023-4543 MISC MISC MISC |
ibos_oa — ibos_oa | A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export&checkids=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-26 | 9.8 | CVE-2023-4545 MISC MISC MISC |
spa-cart — ecommerce_cms | A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059. | 2023-08-26 | 9.8 | CVE-2023-4548 MISC MISC MISC |
sourcecodester — online_graduate_tracer_system | A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238154 is the identifier assigned to this vulnerability. | 2023-08-27 | 9.8 | CVE-2023-4556 MISC MISC MISC |
sourcecodester — inventory_management_system | A vulnerability classified as critical has been found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_purchase_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238158 is the identifier assigned to this vulnerability. | 2023-08-27 | 9.8 | CVE-2023-4557 MISC MISC MISC |
sourcecodester — inventory_management_system | A vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file staff_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238159. | 2023-08-27 | 9.8 | CVE-2023-4558 MISC MISC MISC |
bettershop– laiketui | A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-238160. | 2023-08-27 | 9.8 | CVE-2023-4559 MISC MISC |
wordpress — wordpress | The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated cyber threat actors to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2023-08-30 | 9.8 | CVE-2023-4596 MISC MISC MISC |
usememos — memos | Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. | 2023-09-01 | 9.8 | CVE-2023-4696 MISC MISC |
infosoftbd — clcknshop | A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-238571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | 9.8 | CVE-2023-4708 MISC MISC MISC |
google — chrome | Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote cyber threat actor to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | 2023-08-25 | 9.6 | CVE-2019-13690 MISC MISC |
saho — adm-100/adm-100fp | Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote cyber threat actor can exploit this vulnerability to bypass authentication to read system information and operate user’s data but can’t control system or disrupt service. | 2023-08-28 | 9.1 | CVE-2023-38028 MISC |
frrouting — frrouting_frr | An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation. | 2023-08-29 | 9.1 | CVE-2023-41359 MISC |
frrouting — frrouting_frr | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. | 2023-08-29 | 9.1 | CVE-2023-41360 MISC |
qemu — qemu | An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local cyber threat actors to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). | 2023-08-28 | 8.8 | CVE-2020-24165 MISC MISC |
ibm — security_guardium | IBM Security Guardium 11.4 could allow a remote authenticated cyber threat actor to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901. | 2023-08-27 | 8.8 | CVE-2022-43907 MISC MISC |
google — chrome | Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote cyber threat actor to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-25 | 8.8 | CVE-2022-4452 MISC MISC |
dassault_systèmes — simulia_3dorchestrate | An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution. | 2023-08-28 | 8.8 | CVE-2023-1997 MISC |
wordpress — wordpress | The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated cyber threat actors with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-08-31 | 8.8 | CVE-2023-2229 MISC MISC |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote cyber threat actor could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368. | 2023-08-28 | 8.8 | CVE-2023-22877 MISC MISC |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an cyber threat actor to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400. | 2023-08-28 | 8.8 | CVE-2023-23473 MISC MISC |
motorola_mobility — mbts_site_controller_firmware | Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated cyber threat actor to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device. | 2023-08-29 | 8.8 | CVE-2023-23772 MISC |
motorola_mobility — ebts_base_radio_firmware | Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated cyber threat actor to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device. | 2023-08-29 | 8.8 | CVE-2023-23773 MISC |
zte — mf286r_firmware | There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated cyber threat actor could use the vulnerability to execute arbitrary commands. | 2023-08-25 | 8.8 | CVE-2023-25649 MISC |
apache — airflow_sqoop_provider | Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows a cyber threat actor to pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import –connect’, obtain airflow server permissions, etc. The cyber threat actor needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected. This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it. | 2023-08-28 | 8.8 | CVE-2023-27604 MISC MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote cyber threat actor with low privileges could potentially exploit this vulnerability, leading to escalation of privileges. | 2023-08-29 | 8.8 | CVE-2023-32457 MISC |
schweitzer_engineering_laboratories — sel-5037_sel_grid_configurator | A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow a cyber threat actor to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | 2023-08-31 | 8.8 | CVE-2023-34392 MISC MISC |
wordpress — wordpress | The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the ‘save_users_map_name’ function. This makes it possible for authenticated cyber threat actors, with minimal permissions such as a subscriber, to modify their user role by supplying the ‘usernames’ parameter. | 2023-08-31 | 8.8 | CVE-2023-3636 MISC MISC MISC |
wordpress — wordpress | The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for subscribers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-08-31 | 8.8 | CVE-2023-3677 MISC MISC MISC |
infoblox — nios | Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. | 2023-08-25 | 8.8 | CVE-2023-37249 CONFIRM MISC |
ansible-semaphore — ansible_semaphore | An issue in ansible semaphore v.2.8.90 allows a remote cyber threat actor to execute arbitrary code via a crafted payload to the extra variable’s parameter. | 2023-08-28 | 8.8 | CVE-2023-39059 MISC MISC |
apache — airflow_spark_provider | Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks can effectively run arbitrary code on the Airflow node by pointing it at a malicious Spark server. Prior to version 4.1.3, this was not called out in the documentation explicitly, so it is possible that administrators provided authorizations to configure Spark hooks without taking this into account. We recommend administrators to review their configurations to make sure the authorization to configure Spark hooks is only provided to fully trusted users. To view the warning in the docs, please visit https://airflow.apache.org/docs/apache-airflow-providers-apache-spark/4.1.3/connections/spark.html | 2023-08-28 | 8.8 | CVE-2023-40195 MISC MISC |
splunk — enterprise/cloud_platform | In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. A cyber threat actor can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine. | 2023-08-30 | 8.8 | CVE-2023-40596 MISC |
splunk — enterprise/cloud_platform | In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, a cyber threat actor can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk. | 2023-08-30 | 8.8 | CVE-2023-40597 MISC |
splunk — enterprise/cloud_platform | In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, a cyber threat actor can create an external lookup that calls a legacy internal function. The cyber threat actor can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance. | 2023-08-30 | 8.8 | CVE-2023-40598 MISC |
phpjabbers — car_rental_script | In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote cyber threat actors to take over accounts. | 2023-08-28 | 8.8 | CVE-2023-40754 MISC MISC |
tenda — ac23 | In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. | 2023-08-25 | 8.8 | CVE-2023-40797 MISC |
tenda — ac23 | In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability. | 2023-08-25 | 8.8 | CVE-2023-40798 MISC |
tenda — ac23 | The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. | 2023-08-25 | 8.8 | CVE-2023-40800 MISC |
tenda — ac23 | The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn | 2023-08-25 | 8.8 | CVE-2023-40801 MISC |
virustotal — yara | Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote cyber threat actor to execute arbtirary code via the yr_execute_cod function in the exe.c component. | 2023-08-28 | 8.8 | CVE-2023-40857 MISC |
grupposcai — realgimm | An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows cyber threat actors to execute arbitrary code via uploading a crafted file. | 2023-08-31 | 8.8 | CVE-2023-41638 MISC MISC |
grupposcai — realgimm | An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows cyber threat actors to obtain sensitive technical information via a crafted SQL query. | 2023-08-31 | 8.8 | CVE-2023-41640 MISC |
google — chrome | Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote cyber threat actor to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-29 | 8.8 | CVE-2023-4572 MISC MISC MISC |
usememos — memos | Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. | 2023-09-01 | 8.8 | CVE-2023-4697 MISC MISC |
splunk — it_service_intelligence | In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine. | 2023-08-30 | 8.6 | CVE-2023-4571 MISC |
motorola_mobility– mbts_base_radio_firmware | Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled. | 2023-08-29 | 8.4 | CVE-2023-23771 MISC |
motorola_mobility — ebts_site_controller_firmware | Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device’s serial port in case of an unhandled exception. This allows a cyber threat actor with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device. | 2023-08-29 | 8.4 | CVE-2023-23774 MISC |
schweitzer_engineering_laboratories — sel-5037_sel_grid_configurator | Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | 2023-08-31 | 8.4 | CVE-2023-31173 MISC MISC |
mattermost — mattermost | Mattermost fails to restrict which parameters’ values it takes from the request during signup allowing a cyber threat actor to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts. | 2023-08-25 | 8.2 | CVE-2023-4478 MISC |
sliver — sliver | Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows cyber threat actors to execute a man-in-the-middle attack via intercepted and crafted responses. | 2023-08-28 | 8.1 | CVE-2023-34758 MISC MISC MISC MISC |
google — chrome | Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote cyber threat actor to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) | 2023-08-25 | 7.8 | CVE-2019-13689 MISC MISC |
stormshield — ssl_vpn_client | Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions. | 2023-08-25 | 7.8 | CVE-2021-27932 MISC MISC |
esoteric_software — yamlbeans | An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed. | 2023-08-25 | 7.8 | CVE-2023-24621 MISC MISC MISC |
archive_project — archive | An issue in Archive v3.3.7 allows cyber threat actors to spoof zip filenames which can lead to inconsistent filename parsing. | 2023-08-30 | 7.8 | CVE-2023-39137 MISC MISC MISC MISC |
peakstep — zipfoundation | An issue in ZIPFoundation v0.9.16 allows cyber threat actors to execute a path traversal via extracting a crafted zip file. | 2023-08-30 | 7.8 | CVE-2023-39138 MISC MISC MISC MISC |
archive_project — archive | An issue in Archive v3.3.7 allows cyber threat actors to execute a path traversal via extracting a crafted zip file. | 2023-08-30 | 7.8 | CVE-2023-39139 MISC MISC MISC |
notepad-plus-plus — notepad-plus-plus | Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++. | 2023-08-25 | 7.8 | CVE-2023-40031 MISC |
gitpython — gitpython | GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user’s `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren’t affected by this. But probably people using GitPython usually run it from the CWD of a repo. A cyber threat actor can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the cyber threat actor to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\Program Files\\Git\\cmd\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable. | 2023-08-28 | 7.8 | CVE-2023-40590 MISC MISC |
phicomm — k2 | Phicomm k2 v22.6.529.216 is vulnerable to command injection. | 2023-08-25 | 7.8 | CVE-2023-40796 MISC |
pagekit — pagekit | An issue in Pagekit pagekit v.1.0.18 alows a remote cyber threat actor to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php | 2023-08-28 | 7.8 | CVE-2023-41005 MISC |
acronis — multiple_products | Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979. | 2023-08-31 | 7.8 | CVE-2023-41743 MISC MISC |
acronis — multiple_products_for_macos | Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979. | 2023-08-31 | 7.8 | CVE-2023-41744 MISC |
zope — restrictedpython | RestrictedPython is a restricted execution environment for Python to run untrusted code. Python’s “format” functionality allows someone controlling the format string to “read” all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the `format` and `format_map` methods of `str` (and `unicode`) (accessed either via the class or its instances) and via `string.Formatter`. All known versions of `RestrictedPython` are vulnerable. This issue has been addressed in commit `4134aedcff1` which has been included in the 5.4 and 6.2 releases. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-30 | 7.7 | CVE-2023-41039 MISC MISC |
ibm — security_guardium | IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to a cyber threat actor due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895. | 2023-08-28 | 7.5 | CVE-2022-43904 MISC MISC |
hitachi — hirdb_server_with_additional_function | Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02. | 2023-08-29 | 7.5 | CVE-2023-1995 MISC |
ibm — infosphere_information_server | IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332. | 2023-08-28 | 7.5 | CVE-2023-24959 MISC MISC |
stormshield — stormshield_network_security | ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analyzing a crafted SIP packet. | 2023-08-28 | 7.5 | CVE-2023-26095 MISC |
ibm — guardium_cloud_key_manager | IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote cyber threat actor to brute force account credentials. IBM X-Force ID: 248126. | 2023-08-28 | 7.5 | CVE-2023-26271 MISC MISC |
e-excellence — u-office_force | e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote cyber threat actor can exploit this vulnerability to read arbitrary system files but can’t control system or disrupt service. | 2023-08-25 | 7.5 | CVE-2023-32756 MISC |
ibm — security_verify_information_queue | IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote cyber threat actor to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015. | 2023-08-31 | 7.5 | CVE-2023-33835 MISC MISC |
techview — la-5570_wireless_gateway | An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows cyber threat actors to gain sensitive information via /config/system.conf. | 2023-08-25 | 7.5 | CVE-2023-34723 MISC MISC |
broadcom — brocade_fabric_operating_system | The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. | 2023-08-31 | 7.5 | CVE-2023-3489 MISC |
skale_network — sgxwallet | Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows a cyber threat actor to cause a denial of service via the trustedBlsSignMessage function. | 2023-08-25 | 7.5 | CVE-2023-36198 MISC |
skale_network — sgxwallet | An issue in skalenetwork sgxwallet v.1.9.0 and below allows a cyber threat actor to cause a denial of service via the trustedGenerateEcdsaKey component. | 2023-08-25 | 7.5 | CVE-2023-36199 MISC |
arista_networks — eos | On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload. | 2023-08-29 | 7.5 | CVE-2023-3646 MISC |
samsung — exynos_9810 | An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop. | 2023-08-28 | 7.5 | CVE-2023-36481 MISC |
microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-08-26 | 7.5 | CVE-2023-36741 MISC |
saho — adm-100/adm-100fp | Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote cyber threat actor can execute system commands in partial website URLs to read sensitive device information without permissions. | 2023-08-28 | 7.5 | CVE-2023-38030 MISC |
libreswan — libreswan | An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload’s protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20. | 2023-08-25 | 7.5 | CVE-2023-38710 MISC MISC |
libreswan — libreswan | An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6. | 2023-08-25 | 7.5 | CVE-2023-38711 MISC MISC |
libreswan — libreswan | An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart. | 2023-08-25 | 7.5 | CVE-2023-38712 MISC MISC |
ibm — storage_copy_data_management | IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow a cyber threat actor to decrypt highly sensitive information. IBM X-Force ID: 262268. | 2023-08-27 | 7.5 | CVE-2023-38730 MISC MISC |
frrouting — frrouting_frr | FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote cyber threat actorto cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). | 2023-08-29 | 7.5 | CVE-2023-38802 MISC MISC |
qdrant — qdrant | * Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote cyber threat actorcause a denial of service via the chucnked_vectors.rs component. | 2023-08-29 | 7.5 | CVE-2023-38975 MISC MISC |
mitel — mivoice_connect | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated cyber threat actor to conduct an account enumeration attack due to improper configuration. A successful exploit could allow a cyber threat actor to access system information. | 2023-08-25 | 7.5 | CVE-2023-39289 MISC MISC |
aomedia — aomedia | AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h. | 2023-08-29 | 7.5 | CVE-2023-39616 MISC |
mathjax — mathjax | Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. | 2023-08-29 | 7.5 | CVE-2023-39663 MISC |
libp2p — libp2p | libp2p is a networking stack and library modularized out of The IPFS Project and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. If users of go-libp2p in production are not monitoring memory consumption over time, it could be a silent attack i.e., the cyber threat actor could bring down nodes over a period of time (how long depends on the node resources i.e., a go-libp2p node on a virtual server with 4 gb of memory takes about 90 sec to bring down; on a larger server, it might take a bit longer.) This issue was patched in version 0.27.4. | 2023-08-25 | 7.5 | CVE-2023-40583 MISC MISC MISC MISC |
metal3 — ironic-image | ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listening in host network. In case the node is not behind a firewall, the API could be accessed by anyone via network without authentication. By default, Ironic API in Metal3 is protected by TLS and basic authentication, so this vulnerability requires operator to configure API without TLS for it to be vulnerable. TLS and authentication however should not be coupled as they are in versions prior to capm3-v1.4.3. A patch exists in versions capm3-v1.4.3 and newer. Some workarounds are available. Either configure TLS for Ironic API (`deploy.sh -t …`, `IRONIC_TLS_SETUP=true`) or split Ironic API and Conductor via configuration change (old implementation, not recommended). With both workarounds, services are configured with httpd front-end, which has proper authentication configuration in place. | 2023-08-25 | 7.5 | CVE-2023-40585 MISC MISC |
coraza — coraza | OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from cyber threat actors. The application will immediately crash after receiving a malicious request that triggers an error in `mime.ParseMediaType`. This issue was patched in version 3.0.1. | 2023-08-25 | 7.5 | CVE-2023-40586 MISC MISC |
splunk — enterprise/cloud_platform | In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon. | 2023-08-30 | 7.5 | CVE-2023-40593 MISC |
splunk — enterprise/cloud_platform | In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, a cyber threat actor can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance. | 2023-08-30 | 7.5 | CVE-2023-40594 MISC |
synck_graphica — mailform_pro_cgi | Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated cyber threat actor to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js. | 2023-08-25 | 7.5 | CVE-2023-40599 MISC MISC |
dataease — dataease | SQL injection vulnerability in DataEase v.1.18.9 allows a remote cyber threat actor to obtain sensitive information via a crafted string outside of the blacklist function. | 2023-09-01 | 7.5 | CVE-2023-40771 MISC |
pf4j — pf4j | An issue in pf4j pf4j v.3.9.0 and before allows a remote cyber threat actor to obtain sensitive information and execute arbitrary code via the zippluginPath parameter. | 2023-08-28 | 7.5 | CVE-2023-40826 MISC |
pf4j — pf4j | An issue in pf4j pf4j v.3.9.0 and before allows a remote cyber threat actor to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter. | 2023-08-28 | 7.5 | CVE-2023-40827 MISC MISC MISC |
pf4j — pf4j | An issue in pf4j pf4j v.3.9.0 and before allows a remote cyber threat actor to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function. | 2023-08-28 | 7.5 | CVE-2023-40828 MISC MISC MISC |
tenda — ax3 | Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows cyber threat actors to cause a Denial of Service (DoS) via the ssid parameter. | 2023-08-25 | 7.5 | CVE-2023-40915 MISC |
timg — timg | Buffer Overflow vulnerability in hzeller timg v.1.5.2 and before allows a remote cyber threat actorto cause a denial of service via the 0x61200000045c address. | 2023-09-01 | 7.5 | CVE-2023-40968 MISC |
jira — o-ran_software_community | Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote cyber threat actor to cause a denial of service via a crafted packet. | 2023-08-28 | 7.5 | CVE-2023-40997 MISC |
jira — o-ran_software_community | Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote cyber threat actor to cause a denial of service via the packet size component. | 2023-08-28 | 7.5 | CVE-2023-40998 MISC |
array_networks — arrayos_ag | Array AG OS before 9.4.0.499 allows denial of service: remote cyber threat actors can cause system service processes to crash through abnormal HTTP operations. | 2023-08-25 | 7.5 | CVE-2023-41121 MISC MISC |
adguard_dns — adguard_dns | AdGuard DNS before 2.2 allows remote cyber threat actors to cause a denial of service via malformed UDP packets. | 2023-08-25 | 7.5 | CVE-2023-41173 MISC |
frrouting — frrouting_frr | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. | 2023-08-29 | 7.5 | CVE-2023-41358 MISC |
nokia — service_router_linux | Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes. | 2023-08-29 | 7.5 | CVE-2023-41376 MISC MISC MISC |
phpjabbers — business_directory_script | phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter. | 2023-08-30 | 7.5 | CVE-2023-41539 MISC |
juniper_network_inc — junos_os | An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based cyber threat actor to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers. Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote cyber threat actor to have at least one established BGP session. | 2023-09-01 | 7.5 | CVE-2023-4481 MISC MISC MISC MISC |
yugabyte — yugabytedb | The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.3 | 2023-08-30 | 7.5 | CVE-2023-4640 MISC |
usememos — memos | Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. | 2023-09-01 | 7.5 | CVE-2023-4698 MISC MISC |
schweitzer_engineering_laboratories — sel-5030_acselerator_quickset | An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow a cyber threat actor to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | 2023-08-31 | 7.4 | CVE-2023-31172 MISC MISC |
vmware — aria_operations_for_networks | Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution. | 2023-08-29 | 7.2 | CVE-2023-20890 MISC |
gitlab — gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects. | 2023-09-01 | 7.2 | CVE-2023-3915 MISC MISC |
perfree — perfreeblog | An issue in Perfree PerfreeBlog v.3.1.2 allows a remote cyber threat actor to execute arbitrary code via crafted plugin listed in admin/plugin/access/list. | 2023-08-28 | 7.2 | CVE-2023-40825 MISC |
mybb — mybb | MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP. | 2023-08-29 | 7.2 | CVE-2023-41362 MISC CONFIRM CONFIRM |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
techview — la-5570_wireless_gateway | An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical cyber threat actors to gain escalated privileges via the UART interface. | 2023-08-28 | 6.8 | CVE-2023-34724 MISC MISC |
techview — la-5570_wireless_gateway | An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical cyber threat actors to gain escalated privileges via a telnet connection. | 2023-08-28 | 6.8 | CVE-2023-34725 MISC MISC |
github — enterprise_server | An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, a cyber threat actor would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ . | 2023-08-30 | 6.5 | CVE-2023-23765 MISC MISC MISC MISC |
arista_networks — eos | On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place. | 2023-08-29 | 6.5 | CVE-2023-24548 MISC |
wireshark — wireshark | Due to a failure in validating the length provided by a cyber threat actor-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial-of-service attack. | 2023-08-25 | 6.5 | CVE-2023-2906 MISC MISC |
schweitzer_engineering_laboratories — sel-5030_acselerator_quickset | An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow a cyber threat actor to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | 2023-08-31 | 6.5 | CVE-2023-31168 MISC MISC |
schweitzer_engineering_laboratories — sel-5030_acselerator_quickset | An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow a cyber threat actor to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | 2023-08-31 | 6.5 | CVE-2023-31170 MISC MISC |
schweitzer_engineering_laboratories — sel-5030_acselerator_quickset | An Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow a cyber threat actor to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | 2023-08-31 | 6.5 | CVE-2023-31171 MISC MISC |
schweitzer_engineering_laboratories — sel-5037_sel_grid_configurator | A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow a cyber threat actor to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | 2023-08-31 | 6.5 | CVE-2023-31174 MISC MISC |
broadcom — brocade_sannav | Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump. | 2023-08-31 | 6.5 | CVE-2023-31925 MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content. | 2023-09-01 | 6.5 | CVE-2023-3205 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content. | 2023-09-01 | 6.5 | CVE-2023-3210 MISC MISC |
tenable — nessus | An arbitrary file write vulnerability exists where an authenticated, remote cyber threat actor with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial-of-service condition. | 2023-08-29 | 6.5 | CVE-2023-3252 MISC |
zulip — zulip_server | Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3. | 2023-08-25 | 6.5 | CVE-2023-32678 MISC MISC |
m-files — classic_web | Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server | 2023-08-25 | 6.5 | CVE-2023-3406 MISC |
wordpress — wordpress | The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow cyber threat actors to make logged in admins upload files (including HTML containing JS code for users with the unfiltered_html capability) on their behalf. | 2023-08-30 | 6.5 | CVE-2023-3720 MISC |
keylime — keylime | A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow a cyber threat actor to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database. | 2023-08-25 | 6.5 | CVE-2023-38201 MISC MISC MISC MISC |
xmlsoft — libxml2 | Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows cyber threat actors to cause a Denial of Service (DoS) via supplying a crafted XML file. | 2023-08-29 | 6.5 | CVE-2023-39615 MISC |
wordpress — wordpress | The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow cyber threat actors to make logged in admins update and deactivate the plugin’s license via CSRF attacks | 2023-08-30 | 6.5 | CVE-2023-4013 MISC |
neutrinolabs — xrdp | xrdp is an open-source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don’t use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-08-30 | 6.5 | CVE-2023-40184 MISC MISC MISC |
openfga — openfga | OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1. | 2023-08-25 | 6.5 | CVE-2023-40579 MISC MISC |
stellar — freighter | Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1. | 2023-08-25 | 6.5 | CVE-2023-40580 MISC MISC MISC |
libming — libming | Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote cyber threat actor to cause a denial of service via a crafted .swf file to the makeswf function. | 2023-08-28 | 6.5 | CVE-2023-40781 MISC |
tenda — ac23 | The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn | 2023-08-25 | 6.5 | CVE-2023-40802 MISC |
gitpython — gitpython | GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn’t check if this file is located outside the `.git` directory. This allows a cyber threat actor to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed. | 2023-08-30 | 6.5 | CVE-2023-41040 MISC MISC |
grupposcai — realgimm | A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows cyber threat actors to read any file in the filesystem via supplying a crafted XML file. | 2023-08-31 | 6.5 | CVE-2023-41635 MISC |
byzoro — smart_s85f_management_platform | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The identifier VDB-238057 was assigned to this vulnerability. | 2023-08-26 | 6.5 | CVE-2023-4546 MISC MISC MISC |
omeka — omeka_s | Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4. | 2023-08-28 | 6.5 | CVE-2023-4560 MISC MISC |
wordpress — wordpress | The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fa’ and ‘fa-stack’ shortcodes in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated cyber threat actors with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-02 | 6.4 | CVE-2023-4718 MISC MISC MISC |
linux — kernel | A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault and may allow a local cyber threat actor to crash the system or lead to a kernel information leak. | 2023-08-29 | 6.3 | CVE-2023-4611 MISC MISC MISC |
doc2k — re-chat | A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file js_on_radio-emergency.de_/re_chat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named bd17d497ddd3bab4ef9c6831c747c37cc016c570. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-238155. | 2023-08-28 | 6.1 | CVE-2016-15035 MISC MISC MISC |
humaxdigital — hgb10r-02_brgcab | Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local cyber threat actors to execute arbitrary code. | 2023-08-28 | 6.1 | CVE-2020-27366 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio Chaty plugin <= 3.0.9 versions | 2023-08-30 | 6.1 | CVE-2023-25019 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sadovy WordPress Tables plugin <= 1.3.9 versions. | 2023-08-30 | 6.1 | CVE-2023-25453 MISC |
mordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin <= 1.4.14.3 versions. | 2023-08-30 | 6.1 | CVE-2023-25466 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions. | 2023-08-30 | 6.1 | CVE-2023-25471 MISC |
wordpress — wordpress | The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated cyber threat actors to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-08-30 | 6.1 | CVE-2023-3136 MISC MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions. | 2023-08-29 | 6.1 | CVE-2023-32241 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <= 1.1.16 versions. | 2023-08-25 | 6.1 | CVE-2023-32518 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10 versions. | 2023-08-30 | 6.1 | CVE-2023-32597 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.8.1 versions. | 2023-08-30 | 6.1 | CVE-2023-32740 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in VeronaLabs WP SMS plugin <= 6.1.4 versions. | 2023-08-30 | 6.1 | CVE-2023-32742 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions. | 2023-08-30 | 6.1 | CVE-2023-32801 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions. | 2023-08-30 | 6.1 | CVE-2023-32802 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions. | 2023-08-30 | 6.1 | CVE-2023-33317 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mohammad I. Okfie WP-Hijri plugin <= 1.5.1 versions. | 2023-08-30 | 6.1 | CVE-2023-33320 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions. | 2023-08-30 | 6.1 | CVE-2023-33325 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin <= 1.12.3 versions. | 2023-08-30 | 6.1 | CVE-2023-34008 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rakib Hasan Dynamic QR Code Generator plugin <= 0.0.5 versions. | 2023-08-30 | 6.1 | CVE-2023-34022 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <= 3.0.4 versions. | 2023-08-30 | 6.1 | CVE-2023-34023 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions. | 2023-08-30 | 6.1 | CVE-2023-34032 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BBS e-Theme BBS e-Popup plugin <= 2.4.5 versions. | 2023-08-30 | 6.1 | CVE-2023-34174 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions. | 2023-08-30 | 6.1 | CVE-2023-34175 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chilexpress Chilexpress woo oficial plugin <= 1.2.9 versions. | 2023-08-30 | 6.1 | CVE-2023-34176 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugins Google Fonts For WordPress plugin <= 3.0.0 versions. | 2023-08-30 | 6.1 | CVE-2023-34180 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik Patel Woocommerce Order address Print plugin <= 3.2 versions. | 2023-08-30 | 6.1 | CVE-2023-34184 MISC |
html2pdf — html2pdf | Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote cyber threat actor to execute arbitrary code via a crafted script to the forms.php. | 2023-08-28 | 6.1 | CVE-2023-39062 MISC MISC MISC |
web-audimex — audimexee | AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component. | 2023-08-29 | 6.1 | CVE-2023-39558 MISC MISC |
icewarp — icewarp | IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. | 2023-08-25 | 6.1 | CVE-2023-39600 MISC MISC |
bdcom — p3310d-2ac | A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. | 2023-08-29 | 6.1 | CVE-2023-39678 MISC |
icewarp — mail_server | IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. | 2023-08-25 | 6.1 | CVE-2023-39700 MISC MISC MISC |
sourcecodester — free_and_open_source_inventory_management_system | A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows cyber threat actors to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section. | 2023-08-28 | 6.1 | CVE-2023-39708 MISC MISC MISC |
sourcecodester — free_and_open_source_inventory_management_system | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows cyber threat actors to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section. | 2023-08-28 | 6.1 | CVE-2023-39709 MISC MISC MISC |
sourcecodester — free_and_open_source_inventory_management_system | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows cyber threat actors to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section. | 2023-09-01 | 6.1 | CVE-2023-39714 MISC MISC MISC |
wordpress — wordpress | The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-08-30 | 6.1 | CVE-2023-3992 MISC |
jupyter — jupyter_server | jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-28 | 6.1 | CVE-2023-39968 MISC MISC |
jupyter — jupyter_server | jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents or accessing files when opening untrusted files via “Open image in new tab”. This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `–ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks. | 2023-08-28 | 6.1 | CVE-2023-40170 MISC MISC |
splunk — enterprise/cloud_platform | In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, a cyber threat actor can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance. | 2023-08-30 | 6.1 | CVE-2023-40592 MISC |
phpjabbers — yacht_listing_script | There is a Cross Site Scripting (XSS) vulnerability in the “action” parameter of index.php in PHPJabbers Yacht Listing Script v1.0. | 2023-08-28 | 6.1 | CVE-2023-40750 MISC MISC |
phpjabbers — fundraising_script | PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the “action” parameter of index.php. | 2023-08-28 | 6.1 | CVE-2023-40751 MISC MISC |
phpjabbers — make_an_offer_widget | There is a Cross Site Scripting (XSS) vulnerability in the “action” parameter of index.php in PHPJabbers Make an Offer Widget v1.0. | 2023-08-28 | 6.1 | CVE-2023-40752 MISC MISC |
phpjabbers — callback_widgets | There is a Cross Site Scripting (XSS) vulnerability in the “theme” parameter of preview.php in PHPJabbers Callback Widget v1.0. | 2023-08-28 | 6.1 | CVE-2023-40755 MISC MISC |
decentraland — single_sign_on_client | @dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function. | 2023-09-01 | 6.1 | CVE-2023-41049 MISC MISC |
apache — tomcat | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. | 2023-08-25 | 6.1 | CVE-2023-41080 MISC |
usermin — usermin | A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote cyber threat actors to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down. | 2023-08-30 | 6.1 | CVE-2023-41163 MISC MISC |
phpjabbers — business_directory_script | phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. | 2023-08-30 | 6.1 | CVE-2023-41537 MISC |
phpjabbers — php_forum_script | phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. | 2023-08-30 | 6.1 | CVE-2023-41538 MISC |
grupposcai — realgimm | Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow cyber threat actors to execute arbitrary Javascript in the context of a victim user’s browser via a crafted payload injected into the VIEWSTATE parameter. | 2023-08-31 | 6.1 | CVE-2023-41642 MISC |
wordpress — wordpress | The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the wcemails_edit parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated cyber threat actors to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-08-31 | 6.1 | CVE-2023-4315 MISC MISC |
wordpress — wordpress | The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the start_date and end_date parameters in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated cyber threat actors to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-08-31 | 6.1 | CVE-2023-4471 MISC MISC MISC |
wordpress — wordpress | The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the ‘save’ function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the ‘save’ function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated cyber threat actors to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and makes it possible to update the user metas arbitrarily, but the meta value can only be a string. | 2023-08-25 | 6.1 | CVE-2023-4520 MISC MISC MISC |
neomind — fusion_platform | A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-25 | 6.1 | CVE-2023-4534 MISC MISC MISC |
spa-cart — ecommerce_cms | A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability. | 2023-08-26 | 6.1 | CVE-2023-4547 MISC MISC MISC |
sourcecodester — inventory_management_system | A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliar_data.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238153 was assigned to this vulnerability. | 2023-08-27 | 6.1 | CVE-2023-4555 MISC MISC MISC |
instantsoft — instantsoft/icms2 | Cross-site Scripting (XSS) – Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1. | 2023-08-31 | 6.1 | CVE-2023-4655 MISC MISC |
infosoftbd — clcknshop | A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been declared as problematic. This vulnerability affects unknown code of the file /collection/all. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. VDB-238570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | 6.1 | CVE-2023-4707 MISC MISC MISC |
schweitzer_engineering_laboratories — sel-5030_acselerator_quickset | An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow a cyber threat actor to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | 2023-08-31 | 5.7 | CVE-2023-31169 MISC MISC |
cloudflare — warp | Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim’s device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app. | 2023-08-29 | 5.5 | CVE-2023-0238 MISC MISC |
esoteric_software — yamlbeans | An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception. | 2023-08-25 | 5.5 | CVE-2023-24620 MISC MISC MISC |
broadcom — brocade_sannav | Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local cyber threat actormust have access to an already collected Brocade SANnav “supportsave” outputs. | 2023-08-31 | 5.5 | CVE-2023-31423 MISC |
schweitzer_engineering_laboratories — sel-5033_acselerator_real-time_automation_controller | Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000. | 2023-08-31 | 5.5 | CVE-2023-34391 MISC MISC |
mitel — mivoice_connect | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated cyber threat actorwith elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow a cyber threat actor to access network information and to generate excessive network traffic. | 2023-08-25 | 5.5 | CVE-2023-39287 MISC MISC |
mitel — mivoice_connect | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated cyber threat actor with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow a cyber threat actor to access network information and to generate excessive network traffic. | 2023-08-25 | 5.5 | CVE-2023-39288 MISC MISC |
gpac — gpac | GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows cyber threat actors to cause a Denial of Service (DoS) via supplying a crafted file. | 2023-08-28 | 5.5 | CVE-2023-39562 MISC MISC |
notepad-plus-plus — notepad-plus-plus | Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. | 2023-08-25 | 5.5 | CVE-2023-40036 MISC |
notepad-plus-plus — notepad-plus-plus | Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. | 2023-08-25 | 5.5 | CVE-2023-40164 MISC |
notepad-plus-plus — notepad-plus-plus | Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. | 2023-08-25 | 5.5 | CVE-2023-40166 MISC |
catdoc — catdoc | Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c. | 2023-09-01 | 5.5 | CVE-2023-41633 MISC MISC |
linux — kernel | A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local cyber threat actorto cause a double deactivation of catchall elements, which results in a memory leak. | 2023-08-28 | 5.5 | CVE-2023-4569 MISC MISC MISC |
gpac — gpac | Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-08-31 | 5.5 | CVE-2023-4678 MISC MISC |
gpac — gpac | NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-08-31 | 5.5 | CVE-2023-4681 MISC MISC |
gpac — gpac | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-08-31 | 5.5 | CVE-2023-4682 MISC MISC |
gpac — gpac | NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-08-31 | 5.5 | CVE-2023-4683 MISC MISC |
gpac — gpac | Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-09-01 | 5.5 | CVE-2023-4720 MISC MISC |
gpac — gpac | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-09-01 | 5.5 | CVE-2023-4721 MISC MISC |
gpac — gpac | Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV. | 2023-09-01 | 5.5 | CVE-2023-4722 MISC MISC |
ibm — security_guardium | IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 240905. | 2023-08-27 | 5.4 | CVE-2022-43909 MISC MISC |
wordpress — wordpress | The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated cyber threat actors with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-08-31 | 5.4 | CVE-2023-2171 MISC MISC |
wordpress — wordpress | The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the ‘admin_page_display’ function. This makes it possible for unauthenticated cyber threat actors to delete or change plugin settings, import demo data, modify or delete Directory Kit related posts and terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Partial patches were made avilable in versions 1.2.0 and 1.2.1 but the issue was not fully patched until 1.2.2 | 2023-08-31 | 5.4 | CVE-2023-2279 MISC MISC MISC |
wordpress — wordpress | The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated cyber threat actors, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-08-31 | 5.4 | CVE-2023-2354 MISC MISC MISC MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions. | 2023-08-25 | 5.4 | CVE-2023-25981 MISC |
ibm — security_guardium | IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291. | 2023-08-27 | 5.4 | CVE-2023-30435 MISC MISC |
ibm — security_guardium | IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292. | 2023-08-27 | 5.4 | CVE-2023-30436 MISC MISC |
wordpress — wordpress | Auth. (subscriber+) Stored Cross-Site Scripting’) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions. | 2023-08-25 | 5.4 | CVE-2023-32576 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions. | 2023-08-30 | 5.4 | CVE-2023-32746 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions. | 2023-08-30 | 5.4 | CVE-2023-32793 MISC |
ibm — security_guardium | IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote cyber threat actor could send specially crafted SQL statements, which could allow the cyber threat actor to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614. | 2023-08-27 | 5.4 | CVE-2023-33852 MISC MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions. | 2023-08-30 | 5.4 | CVE-2023-34004 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Julien Berthelot / MPEmbed WP Matterport Shortcode plugin <= 2.1.4 versions. | 2023-08-30 | 5.4 | CVE-2023-35094 MISC |
uatech — badaso | Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote cyber threat actor to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function. | 2023-08-28 | 5.4 | CVE-2023-38969 MISC MISC |
uatech — badaso | Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote cyber threat actor to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function. | 2023-08-30 | 5.4 | CVE-2023-38970 MISC MISC |
uatech — badaso | Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote cyber threat actor to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function. | 2023-08-29 | 5.4 | CVE-2023-38971 MISC MISC |
uatech — badaso | A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | 2023-08-25 | 5.4 | CVE-2023-38973 MISC |
uatech — badaso | A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | 2023-08-25 | 5.4 | CVE-2023-38974 MISC |
sourcecodester — free_and_open_source_inventory_management_system | A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows cyber threat actors to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section. | 2023-08-25 | 5.4 | CVE-2023-39707 MISC MISC MISC |
wordpress — wordpress | The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-08-30 | 5.4 | CVE-2023-4035 MISC |
prometheus — alertmanager | Alertmanager handles alerts sent by client applications such as the Prometheus server. A cyber threat actor with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51. | 2023-08-25 | 5.4 | CVE-2023-40577 MISC |
phpjabbers — ticket_support_script | There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2. | 2023-08-28 | 5.4 | CVE-2023-40753 MISC MISC |
usermin — usermin | A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote cyber threat actors to inject arbitrary web script or HTML via options for the host value while editing the host options. | 2023-08-29 | 5.4 | CVE-2023-41153 MISC MISC |
wordpress — wordpress | The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slimstat’ shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated cyber threat actors with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-08-30 | 5.4 | CVE-2023-4597 MISC MISC MISC |
wordpress — wordpress | The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eeb_mailto’ shortcode in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated cyber threat actors with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-08-30 | 5.4 | CVE-2023-4599 MISC MISC MISC |
instantsoft — instantsoft/icms2 | Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. | 2023-08-31 | 5.4 | CVE-2023-4649 MISC MISC |
instantsoft — instantsoft/icms2 | Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1. | 2023-08-31 | 5.4 | CVE-2023-4651 MISC MISC |
instantsoft — instantsoft/icms2 | Cross-site Scripting (XSS) – Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 2023-08-31 | 5.4 | CVE-2023-4652 MISC MISC |
mediawiki — mediawiki | A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 850c726d6bbfe0bf270801fbb92a30babea4155c. It is recommended to upgrade the affected component. The identifier VDB-238157 was assigned to this vulnerability. | 2023-08-28 | 5.3 | CVE-2018-25089 MISC MISC MISC MISC |
wordpress — wordpress | The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible for cyber threat actors to access restricted content in certain situations. | 2023-08-30 | 5.3 | CVE-2022-1601 MISC |
stormshield — ssl_vpn_client | An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, a cyber threat actor may be able to access the other encrypted address book. | 2023-08-28 | 5.3 | CVE-2022-46783 MISC MISC |
esri — arcgis_server | ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized cyber threat actor may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed. | 2023-08-25 | 5.3 | CVE-2023-25848 MISC |
ibm — guardium_cloud_key_manager | IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote cyber threat actor to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133. | 2023-08-28 | 5.3 | CVE-2023-26272 MISC MISC |
ibm — security_guardium | IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293. | 2023-08-27 | 5.3 | CVE-2023-30437 MISC MISC |
e-excellence — u-office_force | e-Excellence U-Office Force generates an error message in website service. An unauthenticated remote cyber threat actorcan obtain partial sensitive system information from error message by sending a crafted command. | 2023-08-25 | 5.3 | CVE-2023-32755 MISC |
ibm — security_verify_information_queue | IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote cyber threat actor to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014. | 2023-08-31 | 5.3 | CVE-2023-33834 MISC MISC |
m-files — classic_web | Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory. | 2023-08-25 | 5.3 | CVE-2023-3425 MISC |
spinnaker — spinnaker | Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It’s recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a “low” since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope. | 2023-08-28 | 5.3 | CVE-2023-39348 MISC MISC |
goauthentik — authentik | goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage a cyber threat actor is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system with the recovery flow described above is susceptible to having their username/email revealed as existing. A cyber threat actor can easily enumerate and check users’ existence using the recovery flow, as a clear message is shown when a user doesn’t exist. Depending on configuration this can either be done by username, email, or both. This issue has been addressed in versions 2023.5.6 and 2023.6.2. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-08-29 | 5.3 | CVE-2023-39522 MISC MISC |
web-audimex — audimexee | AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability. | 2023-08-29 | 5.3 | CVE-2023-39559 MISC MISC |
silverware_games — silverware_games | Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the “Enter the code” form if the email is associated with a member of the site. Since version 1.3.6, the “Enter the code” form is always returned, showing the message “If the entered email is associated with an account, a code will be sent now”. This change prevents potential violators from determining if our site has a user with the specified email. | 2023-08-25 | 5.3 | CVE-2023-40179 MISC |
python — python | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as “not connected” and won’t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) | 2023-08-25 | 5.3 | CVE-2023-40217 CONFIRM MISC |
datasette — datasette | Datasette is an open-source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha – 1.0a0, 1.0a1, 1.0a2 or 1.0a3 – in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables – but not their contents – to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4. | 2023-08-25 | 5.3 | CVE-2023-40570 MISC MISC |
pyramid — pyramid | Pyramid is an open-source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view’s file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series. | 2023-08-25 | 5.3 | CVE-2023-40587 MISC MISC MISC MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit | 2023-08-30 | 5.3 | CVE-2023-4522 MISC MISC |
wordpress — wordpress | The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated cyber threat actors with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-08-31 | 4.9 | CVE-2023-2188 MISC MISC MISC |
tenable — nessus | A pass-back vulnerability exists where an authenticated, remote cyber threat actor with administrator privileges could uncover stored SMTP credentials within the Nessus application. This issue affects Nessus: before 10.6.0. | 2023-08-29 | 4.9 | CVE-2023-3251 MISC |
wordpress — wordpress | The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the ‘pm_encrypt_decrypt_pass’ function and used across all sites running the plugin. This makes it possible for authenticated cyber threat actors, with administrator-level permissions or above to decrypt and view users’ passwords. If combined with another vulnerability, this can potentially grant lower-privileged users access to users’ passwords. | 2023-08-31 | 4.9 | CVE-2023-3404 MISC MISC MISC |
mitel — mivoice_connect | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated cyber threat actor with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an cyber threat actor to view system information. | 2023-08-25 | 4.9 | CVE-2023-39290 MISC MISC |
mitel — mivoice_connect | A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated cyber threat actor with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow a cyber threat actor to view system information. | 2023-08-25 | 4.9 | CVE-2023-39291 MISC MISC |
chamilo_lms — chamilo_lms | SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged cyber threat actor to obtain sensitive information via the import sessions functions. | 2023-09-01 | 4.9 | CVE-2023-39582 MISC |
stormshield — stormshield_network_security | An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim’s browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form. | 2023-08-25 | 4.8 | CVE-2020-11711 MISC MISC MISC |
wordpress — wordpress | The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-08-30 | 4.8 | CVE-2023-1982 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions. | 2023-08-25 | 4.8 | CVE-2023-24394 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions. | 2023-08-30 | 4.8 | CVE-2023-24397 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davidsword Mobile Call Now & Map Buttons plugin <= 1.5.0 versions. | 2023-08-30 | 4.8 | CVE-2023-24401 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions. | 2023-09-01 | 4.8 | CVE-2023-24412 MISC |
bluditcms — bluditcms | Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows cyber threat actors to execute arbitrary code via the Categories Friendly URL. | 2023-09-01 | 4.8 | CVE-2023-24675 MISC MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <= 2.3.0 versions. | 2023-09-01 | 4.8 | CVE-2023-25042 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions. | 2023-09-01 | 4.8 | CVE-2023-25044 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <= 3.5.1 versions. | 2023-08-30 | 4.8 | CVE-2023-25462 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions. | 2023-08-30 | 4.8 | CVE-2023-27426 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDemonWolf Livestream Notice plugin <= 1.2.0 versions. | 2023-08-30 | 4.8 | CVE-2023-27621 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XootiX Side Cart Woocommerce (Ajax) plugin <= 2.2 versions. | 2023-08-30 | 4.8 | CVE-2023-28415 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.3 versions. | 2023-08-30 | 4.8 | CVE-2023-28692 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Radical Web Design GDPR Cookie Consent Notice Box plugin <= 1.1.6 versions. | 2023-08-30 | 4.8 | CVE-2023-32294 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <= 4.0.0 versions. | 2023-08-25 | 4.8 | CVE-2023-32577 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions. | 2023-08-25 | 4.8 | CVE-2023-32584 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions. | 2023-08-25 | 4.8 | CVE-2023-32591 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions. | 2023-08-30 | 4.8 | CVE-2023-32962 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions. | 2023-08-30 | 4.8 | CVE-2023-33208 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <= 0.1.0 versions. | 2023-08-30 | 4.8 | CVE-2023-33210 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin <= 1.3 versions. | 2023-08-30 | 4.8 | CVE-2023-33929 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <= 3.0.4 versions. | 2023-08-30 | 4.8 | CVE-2023-34172 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Semikashev Yandex Metrica Counter plugin <= 1.4.3 versions. | 2023-08-30 | 4.8 | CVE-2023-34173 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions. | 2023-08-30 | 4.8 | CVE-2023-34183 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Tien Call Now Icon Animate plugin <= 0.1.0 versions. | 2023-08-30 | 4.8 | CVE-2023-34187 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions. | 2023-08-30 | 4.8 | CVE-2023-34372 MISC |
wordpress — wordpress | The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-08-30 | 4.8 | CVE-2023-3501 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abhay Yadav Breadcrumb simple plugin <= 1.3 versions. | 2023-08-30 | 4.8 | CVE-2023-35092 MISC |
zenario_cms — zenario_cms | A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field. | 2023-08-28 | 4.8 | CVE-2023-39578 MISC MISC |
wordpress — wordpress | The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability. | 2023-08-30 | 4.8 | CVE-2023-4109 MISC |
webiny — webiny | @webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user’s browser when the main page or admin page loads. | 2023-08-25 | 4.8 | CVE-2023-41167 MISC MISC |
wordpress — wordpress | The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping. This makes it possible for authenticated cyber threat actors, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-08-31 | 4.8 | CVE-2023-4160 MISC MISC MISC |
wordpress — wordpress | The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the order status parameter in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated cyber threat actors (admin or higher) to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-08-31 | 4.8 | CVE-2023-4500 MISC MISC |
omeka — omeka_s | Cross-site Scripting (XSS) – Stored in GitHub repository omeka/omeka-s prior to 4.0.4. | 2023-08-28 | 4.8 | CVE-2023-4561 MISC MISC |
instantsoft — instantsoft/icms2 | Cross-site Scripting (XSS) – Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 2023-08-31 | 4.8 | CVE-2023-4653 MISC MISC |
skylark — skylark | Improper authorization in handler for custom URL scheme issue in ‘Skylark’ App for Android 6.2.13 and earlier and ‘Skylark’ App for iOS 6.2.13 and earlier allows a cyber threat actor to lead a user to access an arbitrary website via another application installed on the user’s device. | 2023-08-25 | 4.7 | CVE-2023-40530 MISC MISC MISC |
instantsoft — instantsoft/icms2 | Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 2023-08-31 | 4.7 | CVE-2023-4650 MISC MISC |
brocade — fabric_operating_system | A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS switch using the cli “passwdcfg –set -expire -minDiff“. | 2023-08-31 | 4.4 | CVE-2023-4162 MISC |
broadcom — fabric_operating_system | In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. | 2023-08-31 | 4.4 | CVE-2023-4163 MISC |
wordpress — wordpress | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_first_name’ shortcode in versions up to, and including, 3.3.1. This allows authenticated cyber threat actors, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, including the submitter’s first name. | 2023-08-31 | 4.3 | CVE-2023-0689 MISC MISC MISC |
wordpress — wordpress | The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, and badgeos_update_ranks_req_steps_ajax_handler functions. This makes it possible for authenticated cyber threat actors, with subscriber-level permissions and above, to overwrite arbitrary post titles. | 2023-08-31 | 4.3 | CVE-2023-2172 MISC MISC MISC MISC MISC |
wordpress — wordpress | The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_delete_step_ajax_handler, badgeos_delete_award_step_ajax_handler, badgeos_delete_deduct_step_ajax_handler, and badgeos_delete_rank_req_step_ajax_handler functions. This makes it possible for authenticated cyber threat actors, with subscriber-level permissions and above, to delete arbitrary posts. | 2023-08-31 | 4.3 | CVE-2023-2173 MISC MISC MISC MISC MISC |
wordpress — wordpress | The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated cyber threat actors, with subscriber-level permissions and above, to delete the plugin’s log entries. | 2023-08-31 | 4.3 | CVE-2023-2174 MISC MISC |
wordpress — wordpress | The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chp_abd_action function. This makes it possible for unauthenticated cyber threat actors to update or reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-08-31 | 4.3 | CVE-2023-2352 MISC MISC MISC MISC |
wordpress — wordpress | The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chp_abd_action function in versions up to, and including, 3.9.4. This makes it possible for subscriber-level cyber threat actors to change or reset plugin settings. CVE-2023-36509 appears to be a duplicate of this issue. | 2023-08-31 | 4.3 | CVE-2023-2353 MISC MISC MISC MISC |
tenable — nessus | An improper authorization vulnerability exists where an authenticated, low privileged remote cyber threat actor could view a list of all the users available in the application. | 2023-08-29 | 4.3 | CVE-2023-3253 MISC |
wordpress — wordpress | The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow cyber threat actors to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitization and escaping | 2023-08-30 | 4.3 | CVE-2023-3356 MISC |
wordpress — wordpress | The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated cyber threat actors to make changes to invoices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-08-31 | 4.3 | CVE-2023-3764 MISC MISC MISC |
wordpress — wordpress | The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated cyber threat actors, with subscriber-level permissions and above, to create and delete countdowns as well as manipulate other plugin settings. | 2023-08-31 | 4.3 | CVE-2023-3999 MISC MISC |
wordpress — wordpress | The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated cyber threat actors to create and delete countdowns, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-08-31 | 4.3 | CVE-2023-4000 MISC MISC |
wordpress — wordpress | The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger. | 2023-08-30 | 4.3 | CVE-2023-4023 MISC |
wordpress — wordpress | The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones | 2023-08-30 | 4.3 | CVE-2023-4036 MISC |
cerebrate-project — cerebrate | In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users. | 2023-08-29 | 4.3 | CVE-2023-41363 MISC |
wordpress — wordpress | The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow cyber threat actors to make logged in admins update and deactivate the plugin’s license via CSRF attacks | 2023-08-30 | 4.3 | CVE-2023-4150 MISC |
wordpress — wordpress | The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated cyber threat actors to create invoice fields provided they can trick an admin into performing an action such as clicking on a link. | 2023-08-31 | 4.3 | CVE-2023-4161 MISC MISC MISC |
wordpress — wordpress | The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow cyber threat actors to make logged in admins perform unwanted actions, such as reset the plugin’s settings and update its API key via CSRF attacks. | 2023-08-30 | 4.3 | CVE-2023-4209 MISC |
wordpress — wordpress | The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the order id and invoice id. | 2023-08-31 | 4.3 | CVE-2023-4245 MISC MISC MISC |
beijing_baichuo — smart_s85f_management_platform | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-26 | 4.3 | CVE-2023-4544 MISC MISC MISC |
wordpress — wordpress | The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘affwp_activate_addons_page_plugin’ function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated cyber threat actors, with subscriber-level access and above, to activate arbitrary plugins. | 2023-08-30 | 4.3 | CVE-2023-4600 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
gitlab — gitlab | An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it. | 2023-09-01 | 3.8 | CVE-2023-3950 MISC MISC |
cloudflare — warp | Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that a cyber threat actor built a malicious application and managed to install it on a victim’s device, the cyber threat actor would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the cyber threat actor’s app. | 2023-08-29 | 3.7 | CVE-2023-0654 MISC MISC |
instantsoft — instantsoft/icms2 | Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1. | 2023-08-31 | 3.5 | CVE-2023-4654 MISC MISC |
ibm — security_verify_information_queue | IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013. | 2023-08-31 | 3.3 | CVE-2023-33833 MISC MISC |
graylog2 — graylog2_server | Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. Upon a cache-miss, the session is loaded from the database. After that, the node operates solely on the cached session. Modifications to sessions will update the cached version as well as the session persisted in the database. However, each node maintains their isolated version of the session. When the user logs out, the session is removed from the node-local cache and deleted from the database. The other nodes will however still use the cached session. These nodes will only fail to accept the session id if they intent to update the session in the database. They will then notice that the session is gone. This is true for most API requests originating from user interaction with the Graylog UI because these will lead to an update of the session’s “last access” timestamp. If the session update is however prevented by setting the `X-Graylog-No-Session-Extension:true` header in the request, the node will consider the (cached) session valid until the session is expired according to its timeout setting. No session identifiers are leaked. After a user has logged out, the UI shows the login screen again, which gives the user the impression that their session is not valid anymore. However, if the session becomes compromised later, it can still be used to perform API requests against the Graylog cluster. The time frame for this is limited to the configured session lifetime, starting from the time when the user logged out. This issue has been addressed in versions 5.0.9 and 5.1.3. Users are advised to upgrade. | 2023-08-30 | 3.1 | CVE-2023-41041 MISC MISC |
bookstackapp — bookstack | Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. | 2023-08-30 | 2.4 | CVE-2023-4624 MISC MISC |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
mybb — mybb | Installer RCE on settings file write in MyBB before 1.8.22. | 2023-09-01 | not yet calculated | CVE-2020-22612 MISC |
mongodb_inc — mongodb_c_driver | Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0). | 2023-08-29 | not yet calculated | CVE-2021-32050 MISC MISC MISC MISC MISC |
fortinet — multiple_products | An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated cyber threat actorto man-in-the-middle the communication between the listed products and some external peers. | 2023-09-01 | not yet calculated | CVE-2022-22305 MISC |
motorola_mobility — motorola_smartphones | I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile network connection with the host PC, if the user originates a call on the device, then the device’s modem may reset and cause the phone call to not succeed. This may block the user from dialing emergency services. This patch resolves the device’s modem reset issue. | 2023-09-01 | not yet calculated | CVE-2022-3407 MISC |
gitlab — gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile. | 2023-09-01 | not yet calculated | CVE-2022-4343 MISC MISC |
navblue_s.a.s. — n-ops_&_crew | NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS). | 2023-09-01 | not yet calculated | CVE-2022-44349 MISC MISC |
acronis — cyber_protect_home_office_for_windows | Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984. | 2023-08-31 | not yet calculated | CVE-2022-45451 MISC MISC |
elsys — ers_1.5_sound | ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser. | 2023-09-01 | not yet calculated | CVE-2022-46527 MISC MISC |
acronis — cyber_protect_home_office_for_windows | Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173. | 2023-08-31 | not yet calculated | CVE-2022-46868 MISC |
acronis — cyber_protect_home_office_for_windows | Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278. | 2023-08-31 | not yet calculated | CVE-2022-46869 MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation, it was possible to edit labels description by an unauthorized user. | 2023-09-01 | not yet calculated | CVE-2023-0120 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project. | 2023-09-01 | not yet calculated | CVE-2023-1279 MISC MISC |
canonical_ltd. — snapd_for_linux | Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected – this can only be exploited when snaps are run on a virtual console. | 2023-09-01 | not yet calculated | CVE-2023-1523 MISC MISC MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API. | 2023-09-01 | not yet calculated | CVE-2023-1555 MISC MISC |
cisco — cisco_emergency_responder | A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote cyber threat actor to elevate privileges to root on an affected device. This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. A cyber threat actor could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the cyber threat actor to elevate privileges to root. To exploit this vulnerability, the cyber threat actor must have valid platform administrator credentials on an affected device. | 2023-08-30 | not yet calculated | CVE-2023-20266 MISC |
vmware — vmware_tools | VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the-middle (MITM) network positioning in the virtual machine network may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations. | 2023-08-31 | not yet calculated | CVE-2023-20900 MISC MISC |
github — enterprise_server | An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program. | 2023-09-01 | not yet calculated | CVE-2023-23763 MISC MISC MISC MISC |
bludit_cms — bludit_cms | Permissions vulnerability found in Bludit CMS v.4.0.0 allows local cyber threat actors to escalate privileges via the role:admin parameter. | 2023-09-01 | not yet calculated | CVE-2023-24674 MISC MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin <= 1.3.12 versions. | 2023-09-01 | not yet calculated | CVE-2023-25477 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <= 1.0.1.1 versions. | 2023-09-01 | not yet calculated | CVE-2023-25488 MISC |
eclipse_mosquito — eclipse_mosquito | The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. | 2023-09-01 | not yet calculated | CVE-2023-28366 CONFIRM MISC MISC CONFIRM |
zscaler — zia_admin_portal | An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation. This issue affects Admin UI: from 6.2 before 6.2r. | 2023-08-31 | not yet calculated | CVE-2023-28801 MISC |
schweitzer_engineering_laboratories — sel-5036_acselerator_bay_screen_builder_software | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details. This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778. | 2023-08-31 | not yet calculated | CVE-2023-31167 MISC MISC |
canonical_ltd — accountservice | In Ubuntu’s accountsservice, an unprivileged local cyber threat actor can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. | 2023-09-01 | not yet calculated | CVE-2023-3297 MISC MISC MISC MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <= 1.1.2 versions. | 2023-09-01 | not yet calculated | CVE-2023-34011 MISC |
smanga– smanga | SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote cyber threat actors to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php. | 2023-09-01 | not yet calculated | CVE-2023-36076 MISC |
nebulagraph — nebulagraph_studio | Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote cyber threat actors to gain sensitive information. | 2023-09-01 | not yet calculated | CVE-2023-36088 MISC MISC MISC |
icecms — icecms | An issue was discovered in IceCMS version 2.0.1, allows cyber threat actors to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. | 2023-09-01 | not yet calculated | CVE-2023-36100 MISC |
netgear — r6400v2 | Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated cyber threat actors to execute arbitrary code via crafted URL to httpd. | 2023-09-01 | not yet calculated | CVE-2023-36187 MISC |
borgbackup — borgbackup | borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed a cyber threat actor to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires a cyber threat actor to be able to: 1. insert files (with no additional headers) into backups and 2. gain write access to the repository. This vulnerability does not disclose plaintext to the cyber threat actor, nor does it affect the authenticity of existing archives. Creating plausible fake archives may be feasible for empty or small archives but is unlikely for large archives. The issue has been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally, to installing the fixed code, users must follow the upgrade procedure as documented in the change log. Data loss after being attacked can be avoided by reviewing the archives (timestamp and contents valid and as expected) after any “borg check –repair” and before “borg prune”. There are no known workarounds for this vulnerability. | 2023-08-30 | not yet calculated | CVE-2023-36811 MISC MISC MISC |
wordpress — wordpress | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter. | 2023-09-01 | not yet calculated | CVE-2023-37826 MISC MISC |
wordpress — wordpress | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter. | 2023-09-01 | not yet calculated | CVE-2023-37827 MISC MISC |
wordpress — wordpress | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter. | 2023-09-01 | not yet calculated | CVE-2023-37828 MISC MISC |
wordpress — wordpress | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter. | 2023-09-01 | not yet calculated | CVE-2023-37829 MISC MISC |
wordpress — wordpress | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | 2023-09-01 | not yet calculated | CVE-2023-37830 MISC MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin <= 2.2.4 versions. | 2023-09-01 | not yet calculated | CVE-2023-37893 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login plugin <= 1.1.3 versions. | 2023-09-01 | not yet calculated | CVE-2023-37986 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Artem Abramovich Art Decoration Shortcode plugin <= 1.5.6 versions. | 2023-09-01 | not yet calculated | CVE-2023-37994 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh Patel Post List With Featured Image plugin <= 1.2 versions. | 2023-09-01 | not yet calculated | CVE-2023-37997 MISC |
openbgpd– openbgpd | In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006. | 2023-08-29 | not yet calculated | CVE-2023-38283 MISC MISC CONFIRM MISC MISC |
zip_swift — zip_swift | An issue in Zip Swift v2.1.2 allows cyber threat actors to execute a path traversal attack via a crafted zip entry. | 2023-08-30 | not yet calculated | CVE-2023-39135 MISC MISC MISC MISC |
ziparchive — ziparchive | An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows cyber threat actors to cause a Denial of Service (DoS) via a crafted zip file. | 2023-08-30 | not yet calculated | CVE-2023-39136 MISC MISC MISC MISC |
hewlett_packard_enterprise — arubaos-switch | A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote cyber threat actor to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an cyber threat actorto execute arbitrary script code in a victim’s browser in the context of the affected interface. | 2023-08-29 | not yet calculated | CVE-2023-39266 MISC |
hewlett_packard_enterprise — arubaos-switch | An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch. | 2023-08-29 | not yet calculated | CVE-2023-39267 MISC |
hewlett_packard_enterprise — arubaos-switch | A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-08-29 | not yet calculated | CVE-2023-39268 MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g., abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-31 | not yet calculated | CVE-2023-39350 MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-31 | not yet calculated | CVE-2023-39351 MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-31 | not yet calculated | CVE-2023-39352 MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result, crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-31 | not yet calculated | CVE-2023-39353 MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should a cyber threat actor be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-31 | not yet calculated | CVE-2023-39354 MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-31 | not yet calculated | CVE-2023-39355 MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-31 | not yet calculated | CVE-2023-39356 MISC MISC MISC MISC |
hjson-java — hjson-java | An issue in hjson-java up to v3.0.0 allows cyber threat actors to cause a Denial of Service (DoS) via supplying a crafted JSON string. | 2023-09-01 | not yet calculated | CVE-2023-39685 MISC |
typora — typora | A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows cyber threat actors to execute arbitrary code via uploading a crafted Markdown file. | 2023-09-01 | not yet calculated | CVE-2023-39703 MISC |
sourcecodester — free_and_open_source_inventory_management_system | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows cyber threat actors to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section. | 2023-09-01 | not yet calculated | CVE-2023-39710 MISC MISC MISC |
zoho_corp — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus through 7202 allows admin users to download any file from the server machine via directory traversal. | 2023-08-31 | not yet calculated | CVE-2023-39912 MISC MISC |
moxa — mxsecurity_series | There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote cyber threat actor might access the system if the web service authenticator has insufficient random values. | 2023-09-02 | not yet calculated | CVE-2023-39979 MISC |
moxa — mxsecurity_series | A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote cyber threat actors to alter SQL commands. | 2023-09-02 | not yet calculated | CVE-2023-39980 MISC |
moxa — mxsecurity_series | A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote cyber threat actor. | 2023-09-02 | not yet calculated | CVE-2023-39981 MISC |
moxa — mxsecurity_series | A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. | 2023-09-02 | not yet calculated | CVE-2023-39982 MISC |
moxa — mxsecurity_series | A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote cyber threat actorto register or add devices via the nsm-web application. | 2023-09-02 | not yet calculated | CVE-2023-39983 MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation, it was possible to create model experiments in public projects. | 2023-09-01 | not yet calculated | CVE-2023-4018 MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it’s possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-08-31 | not yet calculated | CVE-2023-40181 MISC MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-08-31 | not yet calculated | CVE-2023-40186 MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the `avc420_ensure_buffer` and `avc444_ensure_buffer` functions. If the value of `piDstSize[x]` is 0, `ppYUVDstData[x]` will be freed. However, in this case `ppYUVDstData[x]` will not have been updated which leads to a Use-After-Free vulnerability. This issue has been addressed in version 3.0.0-beta3. Users of the 3.x beta releases are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-31 | not yet calculated | CVE-2023-40187 MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-08-31 | not yet calculated | CVE-2023-40188 MISC MISC |
lexmark — multiple_products | Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., ‘*’ indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability. | 2023-09-01 | not yet calculated | CVE-2023-40239 MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. | 2023-08-31 | not yet calculated | CVE-2023-40567 MISC MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. | 2023-08-31 | not yet calculated | CVE-2023-40569 MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep` variables. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-08-31 | not yet calculated | CVE-2023-40574 MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` variable and results in crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-08-31 | not yet calculated | CVE-2023-40575 MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable without checking if it contains data of sufficient length. Insufficient data in the `pbSrcBuffer` variable may cause errors or crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-08-31 | not yet calculated | CVE-2023-40576 MISC MISC |
freerdp — freerdp | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-08-31 | not yet calculated | CVE-2023-40589 MISC MISC |
tenda — ac6 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function ‘sub_ADF3C’ contains a command execution vulnerability. In the “formSetIptv” function, obtaining the “list” and “vlanId” fields, unfiltered passing these two fields as parameters to the “sub_ADF3C” function to execute commands. | 2023-08-30 | not yet calculated | CVE-2023-40839 MISC |
tenda — ac6 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function “fromGetWirelessRepeat.” | 2023-08-30 | not yet calculated | CVE-2023-40840 MISC |
tenda — ac6 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function “add_white_node,” | 2023-08-30 | not yet calculated | CVE-2023-40841 MISC |
tenda — ac6 | Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function “R7WebsSecurityHandler.” | 2023-08-30 | not yet calculated | CVE-2023-40842 MISC |
tenda — ac6 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function “sub_73004.” | 2023-08-30 | not yet calculated | CVE-2023-40843 MISC |
tenda — ac6 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function ‘formWifiBasicSet.’ | 2023-08-30 | not yet calculated | CVE-2023-40844 MISC |
tenda — ac6 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function ‘sub_34FD0.’ In the function, it reads user provided parameters and passes variables to the function without any length checks. | 2023-08-30 | not yet calculated | CVE-2023-40845 MISC |
tenda — ac6 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function “initIpAddrInfo.” In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check. | 2023-08-30 | not yet calculated | CVE-2023-40847 MISC |
tenda — ac6 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function “sub_7D858.” | 2023-08-30 | not yet calculated | CVE-2023-40848 MISC |
senyan_library_management_systems — slims_9_bulian | Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. | 2023-09-01 | not yet calculated | CVE-2023-40969 MISC MISC |
senyan_library_management_systems — slims_9_bulian | Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. | 2023-09-01 | not yet calculated | CVE-2023-40970 MISC MISC |
dwsurvey — dwsurvey-oss | File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote cyber threat actor to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. | 2023-09-01 | not yet calculated | CVE-2023-40980 MISC |
eclipse_foundation — eclipse_leshan | Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser` and `DefaultDDFFileValidator` (and so `ObjectLoader`) are vulnerable to `XXE Attacks`. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files (e.g., if they let external users provide their own model), in that case they MUST upgrade to fixed version. If you parse only trusted DDF file and validate only with trusted xml schema, upgrading is not mandatory. This issue has been fixed in versions 1.5.0 and 2.0.0-M13. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-31 | not yet calculated | CVE-2023-41034 MISC MISC MISC MISC MISC |
openpgp.js — openpgp.js | OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a “Hash: …” header declaring the hash algorithm used to compute the signature digest. OpenPGP.js up to v5.9.0 ignored any data preceding the “Hash: …” texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleartext Signed Message, to lead the victim to believe that the arbitrary text was signed. A user or application is vulnerable to said attack vector if it verifies the CleartextMessage by only checking the returned `verified` property, discarding the associated `data` information, and instead _visually trusting_ the contents of the original message. Since `verificationResult.data` would always contain the actual signed data, users and apps that check this information are not vulnerable. Similarly, given a CleartextMessage object, retrieving the data using `getText()` or the `text` field returns only the contents that are considered when verifying the signature. Finally, re-armoring a CleartextMessage object (using `armor()` will also result in a “sanitised” version, with the extraneous text being removed. This issue has been addressed in version 5.10.1 (current stable version) which will reject messages when calling `openpgp.readCleartextMessage()` and in version 4.10.11 (legacy version) which will will reject messages when calling `openpgp.cleartext.readArmored()`. Users are advised to upgrade. Users unable to upgrade should check the contents of `verificationResult.data` to see what data was actually signed, rather than visually trusting the contents of the armored message. | 2023-08-29 | not yet calculated | CVE-2023-41037 MISC MISC |
graylog2 — graylog2_server | Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog’s `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog’s Support Bundle feature allows a cyber threat actor with valid Admin role credentials to download or delete files in sibling directories of the support bundle directory. The default `data_dir` in operating system packages (DEB, RPM) is set to `/var/lib/graylog-server`. The data directory for the Support Bundle feature is always `<data_dir>/support-bundle`. Due to the partial path traversal vulnerability, a cyber threat actor with valid Admin role credentials can read or delete files in directories that start with a `/var/lib/graylog-server/support-bundle` directory name. The vulnerability would allow the download or deletion of files in the following example directories: `/var/lib/graylog-server/support-bundle-test` and `/var/lib/graylog-server/support-bundlesdirectory`. For the Graylog Docker images, the `data_dir` is set to `/usr/share/graylog/data` by default. This vulnerability is fixed in Graylog version 5.1.3 and later. Users are advised to upgrade. Users unable to upgrade should block all HTTP requests to the following HTTP API endpoints by using a reverse proxy server in front of Graylog. `GET /api/system/debug/support/bundle/download/{filename}` and `DELETE /api/system/debug/support/bundle/{filename}`. | 2023-08-31 | not yet calculated | CVE-2023-41044 MISC MISC MISC |
graylog2 — graylog2_server | Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bound to a random port number it is never changed again. This goes against recommended practice since 2008, when Dan Kaminsky discovered how easy is to carry out DNS cache poisoning attacks. In order to prevent cache poisoning with spoofed DNS responses, it is necessary to maximise the uncertainty in the choice of a source port for a DNS query. Although unlikely in many setups, an external cyber threat actor could inject forged DNS responses into a Graylog’s lookup table cache. In order to prevent this, it is at least recommendable to distribute the DNS queries through a pool of distinct sockets, each of them with a random source port and renew them periodically. This issue has been addressed in versions 5.0.9 and 5.1.3. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-08-31 | not yet calculated | CVE-2023-41045 MISC MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type “TextArea” and content type “VelocityCode” or “VelocityWiki”. For the former, the syntax of the document needs to be set the `xwiki/1.0` (this syntax doesn’t need to be installed). In both cases, when adding the property to an object, the Velocity code is executed regardless of the rights of the author of the property (edit right is still required, though). In both cases, the code is executed with the correct context author so no privileged APIs can be accessed. However, Velocity still grants access to otherwise inaccessible data and APIs that could allow further privilege escalation. At least for “VelocityCode”, this behavior is most likely very old but only since XWiki 7.2, script right is a separate right, before that version all users were allowed to execute Velocity and thus this was expected and not a security issue. This has been patched in XWiki 14.10.10 and 15.4 RC1. Users are advised to upgrade. There are no known workarounds. | 2023-09-01 | not yet calculated | CVE-2023-41046 MISC MISC MISC MISC |
rust-vmm — vm-memory | In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function’s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`’s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-09-01 | not yet calculated | CVE-2023-41051 MISC MISC MISC |
qlik — qlik_sense_enterprise_for_windows | An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote cyber threat actor to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13. | 2023-08-29 | not yet calculated | CVE-2023-41265 MISC MISC |
qlik — qlik_sense_enterprise_for_windows | A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote cyber threat actor to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13. | 2023-08-29 | not yet calculated | CVE-2023-41266 MISC MISC |
tine — tine | In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. | 2023-09-01 | not yet calculated | CVE-2023-41364 MISC MISC MISC |
jira — o-ran_software_community | O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing cyber threat actors to send forged routing tables to the device. | 2023-09-01 | not yet calculated | CVE-2023-41627 MISC |
jira — o-ran_software_community | An issue in O-RAN Software Community E2 G-Release allows cyber threat actors to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components. | 2023-09-01 | not yet calculated | CVE-2023-41628 MISC |
jira — o-ran_software_community | Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local cyber threat actors to bypass file download/upload restrictions. | 2023-08-31 | not yet calculated | CVE-2023-41717 MISC |
synology — synology_router_manager | Improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 2023-08-31 | not yet calculated | CVE-2023-41738 MISC |
synology — synology_router_manager | Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. | 2023-08-31 | not yet calculated | CVE-2023-41739 MISC |
synology — synology_router_manager | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote cyber threat actors to read specific files via unspecified vectors. | 2023-08-31 | not yet calculated | CVE-2023-41740 MISC |
synology — synology_router_manager | Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote cyber threat actors to obtain sensitive information via unspecified vectors. | 2023-08-31 | not yet calculated | CVE-2023-41741 MISC |
acronis — cyber_protect_15 | Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | 2023-08-31 | not yet calculated | CVE-2023-41742 MISC |
acronis — cyber_protect_15 | Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | 2023-08-31 | not yet calculated | CVE-2023-41745 MISC |
acronis — cloud_manager_for_windows | Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | 2023-08-31 | not yet calculated | CVE-2023-41746 MISC |
acronis — acronis_cloud_manager_for_windows | Sensitive information disclosure due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | 2023-08-31 | not yet calculated | CVE-2023-41747 MISC |
acronis — acronis_cloud_manager_for_windows | Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | 2023-08-31 | not yet calculated | CVE-2023-41748 MISC |
acronis — acronis_agent_for_windows | Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979. | 2023-08-31 | not yet calculated | CVE-2023-41749 MISC |
acronis — acronis_agent | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047. | 2023-08-31 | not yet calculated | CVE-2023-41750 MISC |
acronis — acronis_agent_for_windows | Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047. | 2023-08-31 | not yet calculated | CVE-2023-41751 MISC |
ptc — codebeamer | If a cyber threat actor tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the cyber threat actor to inject arbitrary code to be executed in the browser on the target device. | 2023-08-29 | not yet calculated | CVE-2023-4296 MISC MISC |
digi_international — digi_realport | Digi RealPort Protocol is vulnerable to a replay attack that may allow a cyber threat actor to bypass authentication to access connected equipment. | 2023-08-31 | not yet calculated | CVE-2023-4299 MISC MISC |
knx_association — knx_protocol_connection_authorization | KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, a cyber threat actor with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, a cyber threat actor with physical access to the device could also exploit this vulnerability in the same way. | 2023-08-29 | not yet calculated | CVE-2023-4346 MISC |
gitlab — gitlab_ce/ee | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365. | 2023-09-01 | not yet calculated | CVE-2023-4378 MISC MISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances. | 2023-09-01 | not yet calculated | CVE-2023-4647 MISC |
acronis — acronis_agent | Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433. | 2023-08-31 | not yet calculated | CVE-2023-4688 MISC |
pkp — pkp/pkp-lib | Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-09-01 | not yet calculated | CVE-2023-4695 MISC MISC |
instantsoft — instantsoft/icms2 | External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 2023-09-01 | not yet calculated | CVE-2023-4704 MISC MISC |
totvs — rm | A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-238572. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | not yet calculated | CVE-2023-4709 MISC MISC |
totvs — rm | A vulnerability classified as problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an unknown functionality of the component Portal. The manipulation of the argument d leads to cross site scripting. The attack can be launched remotely. The identifier VDB-238573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | not yet calculated | CVE-2023-4710 MISC MISC |
d-link — dar-8000-10 | A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | not yet calculated | CVE-2023-4711 MISC MISC MISC |
xintian_smart_table_integrated_management_system — xintian_smart_table_integrated_management_system | A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. This affects an unknown part of the file /SysManage/AddUpdateRole.aspx. The manipulation of the argument txtRoleName leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | not yet calculated | CVE-2023-4712 MISC MISC MISC |
ibos_oa — ibos_oa | A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | not yet calculated | CVE-2023-4713 MISC MISC MISC |
playtube — playtube | A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-01 | not yet calculated | CVE-2023-4714 MISC MISC MISC |
vim — vim | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. | 2023-09-02 | not yet calculated | CVE-2023-4734 MISC MISC |
vim — vim | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. | 2023-09-02 | not yet calculated | CVE-2023-4735 MISC MISC |
vim — vim | Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. | 2023-09-02 | not yet calculated | CVE-2023-4736 MISC MISC |
vim — vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. | 2023-09-02 | not yet calculated | CVE-2023-4738 MISC MISC |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.