US-CERT Vulnerability Summary for the Week of August 7, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device. | 2023-08-08 | 9.9 | CVE-2023-3572 MISC |
qualcomm_inc. — snapdragon | Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder. | 2023-08-08 | 9.8 | CVE-2022-40510 MISC |
microsoft — exchange_server | Microsoft Exchange Server Elevation of Privilege Vulnerability | 2023-08-08 | 9.8 | CVE-2023-21709 MISC |
joomla — joomla | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability allows SQL Injection. | 2023-08-07 | 9.8 | CVE-2023-23757 MISC |
joomla — joomla | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability allows SQL Injection. | 2023-08-07 | 9.8 | CVE-2023-23758 MISC |
qualcomm_inc. — snapdragon | Memory corruption in QESL while processing payload from external ESL device to firmware. | 2023-08-08 | 9.8 | CVE-2023-28561 MISC |
pyrocms — pyrocms | PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system. | 2023-08-04 | 9.8 | CVE-2023-29689 MISC MISC |
pega — pega_platform | Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | 2023-08-07 | 9.8 | CVE-2023-32090 MISC |
paessler — prtg_network_monitor | An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution. | 2023-08-09 | 9.8 | CVE-2023-32781 MISC MISC |
paessler — prtg_network_monitor | An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the DICOM sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution. | 2023-08-09 | 9.8 | CVE-2023-32782 MISC MISC |
assaabloy — control_id_idsecure | A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server’s root directory, resulting in remote code execution. | 2023-08-05 | 9.8 | CVE-2023-33367 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device’s firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. | 2023-08-04 | 9.8 | CVE-2023-33372 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices. | 2023-08-04 | 9.8 | CVE-2023-33373 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution. | 2023-08-04 | 9.8 | CVE-2023-33374 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices. | 2023-08-04 | 9.8 | CVE-2023-33375 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | 2023-08-04 | 9.8 | CVE-2023-33376 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | 2023-08-04 | 9.8 | CVE-2023-33377 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | 2023-08-04 | 9.8 | CVE-2023-33378 MISC MISC |
connected_io — connected_io | Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO’s devices. | 2023-08-04 | 9.8 | CVE-2023-33379 MISC MISC |
ai-dev — ai-table | ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | 2023-08-04 | 9.8 | CVE-2023-33665 MISC MISC |
a2technology — camera_trap_tracking_system | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905. | 2023-08-08 | 9.8 | CVE-2023-3386 MISC |
joomla — joomla | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability allows SQL Injection. | 2023-08-07 | 9.8 | CVE-2023-34476 MISC |
joomla — joomla | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability allows SQL Injection. | 2023-08-07 | 9.8 | CVE-2023-34477 MISC |
wordpress — wordpress | The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the ‘wp_abspath’ parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server. | 2023-08-12 | 9.8 | CVE-2023-3452 MISC MISC MISC |
cszcms– cszcms | A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. | 2023-08-09 | 9.8 | CVE-2023-34545 MISC MISC |
a2technology — license_portal_system | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48. | 2023-08-08 | 9.8 | CVE-2023-3522 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-08-08 | 9.8 | CVE-2023-35385 MISC |
langchain — langchain | An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the PALChain,from_math_prompt(llm).run in the python exec method. | 2023-08-05 | 9.8 | CVE-2023-36095 MISC MISC MISC |
phpjabbers — class_scheduling_system | In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | 2023-08-04 | 9.8 | CVE-2023-36134 MISC MISC |
phpjabbers — document_creator | There is a SQL injection (SQLi) vulnerability in the “column” parameter of index.php in PHPJabbers Document Creator v1.0. | 2023-08-10 | 9.8 | CVE-2023-36311 MISC MISC |
aerospike — aerospike_java_client | The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue. | 2023-08-04 | 9.8 | CVE-2023-36480 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
digital_ant — e-commerce_software | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Digital Ant E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: before 11. | 2023-08-08 | 9.8 | CVE-2023-3651 MISC |
zoom — zoom_for_windows | Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. | 2023-08-08 | 9.8 | CVE-2023-36534 MISC |
microsoft — windows_server_2008 | Windows System Assessment Tool Elevation of Privilege Vulnerability | 2023-08-08 | 9.8 | CVE-2023-36903 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-08-08 | 9.8 | CVE-2023-36910 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-08-08 | 9.8 | CVE-2023-36911 MISC |
oduyo — online_collection | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Oduyo Online Collection Software allows SQL Injection. This issue affects Online Collection Software: before 1.0.1. | 2023-08-08 | 9.8 | CVE-2023-3716 MISC |
farmakom — remote_administration_console | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Farmakom Remote Administration Console allows SQL Injection. This issue affects Remote Administration Console: before 1.02. | 2023-08-08 | 9.8 | CVE-2023-3717 MISC |
siemens — ruggedcom_crossbow | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database. | 2023-08-08 | 9.8 | CVE-2023-37372 MISC |
metabase — metabase | Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one’s Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite. | 2023-08-04 | 9.8 | CVE-2023-37470 MISC |
sap — powerdesigner | SAP PowerDesigner – version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy. | 2023-08-08 | 9.8 | CVE-2023-37483 MISC MISC |
sourcecodester — judging_management_system | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php. | 2023-08-08 | 9.8 | CVE-2023-37682 MISC MISC |
hikashop — hikashop | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability allows SQL Injection. | 2023-08-07 | 9.8 | CVE-2023-38044 MISC MISC |
microsoft — windows_server_2022 | Windows Mobile Device Management Elevation of Privilege Vulnerability | 2023-08-08 | 9.8 | CVE-2023-38186 MISC |
minecraft — minecraft | Logistics Pipes is a modification (a.k.a. mod) for the computer game Minecraft Java Edition. The mod used Java’s `ObjectInputStream#readObject` on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue (back then unknown) was fixed in 2016 by a refactoring of the network IO code. The issue is present in all Logistics Pipes versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads. For Minecraft version 1.7.10 the issue was fixed in build 0.10.0.71. Everybody on Minecraft 1.7.10 should check their version number of Logistics Pipes in their modlist and update, if the version number is smaller than 0.10.0.71. Any newer supported Minecraft version (like 1.12.2) never had a Logistics Pipes version with vulnerable code. The best available workaround for vulnerable versions is to play in singleplayer only or update to newer Minecraft versions and modpacks. | 2023-08-04 | 9.8 | CVE-2023-38689 MISC MISC MISC |
matrix — matrix_irc_bridge | matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist. | 2023-08-04 | 9.8 | CVE-2023-38690 MISC MISC MISC |
fit2cloud — cloudexplorer_lite | CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading. | 2023-08-04 | 9.8 | CVE-2023-38692 MISC MISC MISC |
datadoghq — import-in-the-middle | import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for remote code execution in cases where an application passes user-supplied input directly to the `import()` function. This vulnerability has been patched in import-in-the-middle version 1.4.2. Some workarounds are available. Do not pass any user-supplied input to `import()`. Instead, verify it against a set of allowed values. If using import-in-the-middle, directly or indirectly, and support for EcmaScript Modules is not needed, ensure that no options are set, either via command-line or the `NODE_OPTIONS` environment variable, that would enable loader hooks. | 2023-08-07 | 9.8 | CVE-2023-38704 MISC MISC |
netgear — r7100lg_firmware | Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. | 2023-08-07 | 9.8 | CVE-2023-38928 MISC MISC |
tenda — 4g300_firmware | Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer. | 2023-08-07 | 9.8 | CVE-2023-38929 MISC |
tenda — ac7_firmware | Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. | 2023-08-07 | 9.8 | CVE-2023-38930 MISC |
tenda — ac10_firmware | Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function. | 2023-08-07 | 9.8 | CVE-2023-38931 MISC |
tenda — f1202_firmware | Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function. | 2023-08-07 | 9.8 | CVE-2023-38932 MISC MISC |
tenda — ac10_firmware | Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function. | 2023-08-07 | 9.8 | CVE-2023-38933 MISC |
tenda — fh1203_firmware | Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function. | 2023-08-07 | 9.8 | CVE-2023-38934 MISC |
tenda — ac1206_firmware | Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function. | 2023-08-07 | 9.8 | CVE-2023-38935 MISC |
tenda — ac10_firmware | Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | 2023-08-07 | 9.8 | CVE-2023-38936 MISC |
tenda — ac10_firmware | Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function. | 2023-08-07 | 9.8 | CVE-2023-38937 MISC |
tenda — f1202_firmware | Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im. | 2023-08-07 | 9.8 | CVE-2023-38938 MISC |
tenda — f1202_firmware | Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function. | 2023-08-07 | 9.8 | CVE-2023-38939 MISC |
tenda — fh1203_firmware | Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | 2023-08-07 | 9.8 | CVE-2023-38940 MISC |
mayanets — e-commerce | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1. | 2023-08-08 | 9.8 | CVE-2023-3898 MISC |
papercut — papercut_mf | PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration). | 2023-08-04 | 9.8 | CVE-2023-39143 MISC MISC |
zoom — zoom | Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. | 2023-08-08 | 9.8 | CVE-2023-39216 MISC |
renjikai — linuxasmcallgraph | LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds. | 2023-08-04 | 9.8 | CVE-2023-39346 MISC MISC MISC MISC |
prestashop — prestashop | PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO’s product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | 2023-08-07 | 9.8 | CVE-2023-39524 MISC MISC |
prestashop — prestashop | PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds. | 2023-08-07 | 9.8 | CVE-2023-39526 MISC MISC |
phpgurukul — online_security_guards_hiring_system | PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php. | 2023-08-04 | 9.8 | CVE-2023-39551 MISC |
phpjabbers — ticket_support_script | A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file. | 2023-08-10 | 9.8 | CVE-2023-39776 MISC MISC |
clusterlabs — libqb | log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. | 2023-08-08 | 9.8 | CVE-2023-39976 MISC MISC MISC |
totolink — t10_v2_firmware | TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code. | 2023-08-08 | 9.8 | CVE-2023-40041 MISC |
totolink — t10_v2_firmware | TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code. | 2023-08-08 | 9.8 | CVE-2023-40042 MISC MISC MISC |
tongda2000 — tongda_oa | A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236181 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-05 | 9.8 | CVE-2023-4165 MISC MISC MISC |
tongda2000 — tongda_oa | A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-05 | 9.8 | CVE-2023-4166 MISC MISC MISC |
sourcecodester — hospital_management_system | A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file appointmentapproval.php. The manipulation of the argument time leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236211. | 2023-08-06 | 9.8 | CVE-2023-4176 MISC MISC MISC |
sourcecodester — free_hospital_management_system_for_small_practices | A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-236214 is the identifier assigned to this vulnerability. | 2023-08-06 | 9.8 | CVE-2023-4179 MISC MISC MISC |
sourcecodester — free_hospital_management_system_for_small_practices | A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236215. | 2023-08-06 | 9.8 | CVE-2023-4180 MISC MISC MISC |
sourcecodester — free_hospital_management_system_for_small_practices | A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216. | 2023-08-06 | 9.8 | CVE-2023-4181 MISC MISC MISC |
sourcecodester — inventory_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability. | 2023-08-06 | 9.8 | CVE-2023-4182 MISC MISC |
sourcecodester — inventory_management_system | A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability. | 2023-08-06 | 9.8 | CVE-2023-4183 MISC MISC |
sourcecodester — inventory_management_system | A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sell_return.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-236219. | 2023-08-06 | 9.8 | CVE-2023-4184 MISC MISC |
sourcecodester — online_hospital_management_system | A vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236220. | 2023-08-06 | 9.8 | CVE-2023-4185 MISC MISC MISC |
sourcecodester — pharmacy_management_system | A vulnerability was found in SourceCodester Pharmacy Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_website.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236221 was assigned to this vulnerability. | 2023-08-06 | 9.8 | CVE-2023-4186 MISC MISC MISC |
sourcecodester — resort_reservation_system | A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236234 is the identifier assigned to this vulnerability. | 2023-08-06 | 9.8 | CVE-2023-4191 MISC MISC MISC |
sourcecodester — resort_reservation_system | A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236235. | 2023-08-07 | 9.8 | CVE-2023-4192 MISC MISC MISC |
sourcecodester — resort_reservation_system | A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236236. | 2023-08-07 | 9.8 | CVE-2023-4193 MISC MISC MISC |
sourcecodester — inventory_management_system | A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236290 is the identifier assigned to this vulnerability. | 2023-08-07 | 9.8 | CVE-2023-4200 MISC MISC MISC |
sourcecodester — inventory_management_system | A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file ex_catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236291. | 2023-08-07 | 9.8 | CVE-2023-4201 MISC MISC MISC |
phoenixcontact — multiple_products | In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user’s browser. | 2023-08-08 | 9.6 | CVE-2023-3526 MISC MISC |
opnsense — opnsense | /ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS. | 2023-08-09 | 9.6 | CVE-2023-39007 MISC MISC |
mitsubishi_electric — gt21_firmware | Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it. | 2023-08-04 | 9.1 | CVE-2023-3373 MISC MISC MISC |
adobe — commerce | Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. | 2023-08-09 | 9.1 | CVE-2023-38208 MISC |
nomachine — nomachine | An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. | 2023-08-04 | 9.1 | CVE-2023-39107 MISC MISC MISC |
prestashop — prestashop | PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | 2023-08-07 | 9.1 | CVE-2023-39525 MISC MISC |
prestashop — prestashop | PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | 2023-08-07 | 9.1 | CVE-2023-39529 MISC MISC |
prestashop — prestashop | PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | 2023-08-07 | 9.1 | CVE-2023-39530 MISC MISC |
instantcms — instantcms | SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 2023-08-05 | 9.1 | CVE-2023-4188 MISC MISC |
sifir_bes_education_and_informatics — kunduz-homework_helper_app | Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz – Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz – Homework Helper App: before 6.2.3. | 2023-08-09 | 9 | CVE-2023-3632 MISC |
sap — businessobjects_business_intelligence | SAP Business Objects Installer – versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system | 2023-08-08 | 9 | CVE-2023-37490 MISC MISC |
sciencelogic — sl1 | A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | 2023-08-09 | 8.8 | CVE-2022-48580 MISC |
sciencelogic — sl1 | A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | 2023-08-09 | 8.8 | CVE-2022-48581 MISC |
sciencelogic — sl1 | A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | 2023-08-09 | 8.8 | CVE-2022-48582 MISC |
sciencelogic — sl1 | A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | 2023-08-09 | 8.8 | CVE-2022-48583 MISC |
sciencelogic — sl1 | A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | 2023-08-09 | 8.8 | CVE-2022-48584 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48585 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48586 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48587 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48588 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48589 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48590 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48591 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48592 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48593 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48594 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48595 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48596 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48597 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48598 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48599 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48600 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48601 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48602 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48603 MISC |
sciencelogic — sl1 | A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database. | 2023-08-09 | 8.8 | CVE-2022-48604 MISC |
siemens — ruggedcom_crossbow | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges. | 2023-08-08 | 8.8 | CVE-2023-27411 MISC |
wordpress — wordpress | The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. | 2023-08-07 | 8.8 | CVE-2023-2843 MISC |
microsoft — teams | Microsoft Teams Remote Code Execution Vulnerability | 2023-08-08 | 8.8 | CVE-2023-29328 MISC |
microsoft — teams | Microsoft Teams Remote Code Execution Vulnerability | 2023-08-08 | 8.8 | CVE-2023-29330 MISC |
zohocorp — manageengine_network_configuration_manager | An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking. | 2023-08-04 | 8.8 | CVE-2023-29505 MISC MISC CONFIRM |
microsoft — exchange_server | Microsoft Exchange Remote Code Execution Vulnerability | 2023-08-08 | 8.8 | CVE-2023-35368 MISC |
microsoft — windows_server_2008 | Windows Fax Service Remote Code Execution Vulnerability | 2023-08-08 | 8.8 | CVE-2023-35381 MISC |
microsoft — windows_server_2012 | Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability | 2023-08-08 | 8.8 | CVE-2023-35387 MISC |
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device. | 2023-08-08 | 8.8 | CVE-2023-3570 MISC |
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device. | 2023-08-08 | 8.8 | CVE-2023-3571 MISC |
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device. | 2023-08-08 | 8.8 | CVE-2023-3573 MISC |
netgear — xr300_firmware | Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi. | 2023-08-07 | 8.8 | CVE-2023-36499 MISC MISC |
zoom — zoom | Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access. | 2023-08-08 | 8.8 | CVE-2023-36541 MISC |
microsoft — windows_server_2008 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2023-08-08 | 8.8 | CVE-2023-36882 MISC |
microsoft — .net_framework | ASP.NET Elevation of Privilege Vulnerability | 2023-08-08 | 8.8 | CVE-2023-36899 MISC |
sap — message_server | The ACL (Access Control List) of SAP Message Server – versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable. | 2023-08-08 | 8.8 | CVE-2023-37491 MISC MISC |
esds.co — emagic_data_center_management | This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system. | 2023-08-08 | 8.8 | CVE-2023-37569 MISC MISC |
esds.co — emagic_data_center_management | This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. By reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system. | 2023-08-08 | 8.8 | CVE-2023-37570 MISC |
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device. | 2023-08-09 | 8.8 | CVE-2023-37861 MISC |
microsoft — sql_server | Microsoft OLE DB Remote Code Execution Vulnerability | 2023-08-08 | 8.8 | CVE-2023-38169 MISC |
microsoft — exchange_server | Microsoft Exchange Server Spoofing Vulnerability | 2023-08-08 | 8.8 | CVE-2023-38181 MISC |
microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability | 2023-08-08 | 8.8 | CVE-2023-38185 MISC |
lw-systems — benno_mailarchiv | A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1. | 2023-08-09 | 8.8 | CVE-2023-38348 MISC MISC |
netgear — r6900p_firmware | Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. | 2023-08-07 | 8.8 | CVE-2023-38412 MISC MISC |
netgear — dg834gv5_firmware | Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. | 2023-08-07 | 8.8 | CVE-2023-38591 MISC MISC |
eng — knowage | Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to `/knowageqbeengine/foo.jsp` to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the `knowageqbeengine` directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8. | 2023-08-04 | 8.8 | CVE-2023-38702 MISC |
pimcore — pimcore | Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service—key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted. | 2023-08-04 | 8.8 | CVE-2023-38708 MISC MISC |
wger — workout_manager | Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components. | 2023-08-08 | 8.8 | CVE-2023-38759 MISC MISC |
netgear — wg302v2_firmware | Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. | 2023-08-07 | 8.8 | CVE-2023-38921 MISC MISC |
netgear — jwnr2000v2_firmware | Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function. | 2023-08-07 | 8.8 | CVE-2023-38922 MISC MISC |
netgear — dc112a_firmware | Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. | 2023-08-07 | 8.8 | CVE-2023-38925 MISC MISC |
netgear — ex6200_firmware | Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. | 2023-08-07 | 8.8 | CVE-2023-38926 MISC MISC |
shuize_0x727_project — shuize_0x727 | ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. | 2023-08-05 | 8.8 | CVE-2023-38943 MISC MISC |
fobybus — social-media-skeleton | social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue. | 2023-08-04 | 8.8 | CVE-2023-39344 MISC MISC |
apache — airflow | Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The “Run Task” feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The “Run Task” feature is considered dangerous and it has been removed entirely in Airflow 2.6.0 This issue affects Apache Airflow: before 2.6.0. | 2023-08-05 | 8.8 | CVE-2023-39508 MISC MISC MISC |
scancode.io — scancode.io | ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the `docker_reference` parameter. In the function `scanpipe/pipes/fetch.py:fetch_docker_image` the parameter `docker_reference` is user controllable. The `docker_reference` variable is then passed to the vulnerable function `get_docker_image_platform`. However, the `get_docker_image_plaform` function constructs a shell command with the passed `docker_reference`. The `pipes.run_command` then executes the shell command without any prior sanitization, making the function vulnerable to command injections. A malicious user who is able to create or add inputs to a project can inject commands. Although the command injections are blind and the user will not receive direct feedback without logs, it is still possible to cause damage to the server/container. The vulnerability appears for example if a malicious user adds a semicolon after the input of `docker://;`, it would allow appending malicious commands. Version 32.5.1 contains a patch for this issue. The `docker_reference` input should be sanitized to avoid command injections and, as a workaround, one may avoid creating commands with user controlled input directly. | 2023-08-07 | 8.8 | CVE-2023-39523 MISC MISC MISC MISC |
netgear — jwnr2000v2_firmware | Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function. | 2023-08-07 | 8.8 | CVE-2023-39550 MISC MISC |
wordpress — wordpress | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the ‘get_header_values’ function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the ‘wp_capabilities->cus1’ parameter. | 2023-08-04 | 8.8 | CVE-2023-4140 MISC MISC MISC |
wordpress — wordpress | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the ‘->cus2’ parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution. | 2023-08-04 | 8.8 | CVE-2023-4141 MISC MISC MISC |
wordpress — wordpress | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the ‘->cus1’ parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution. | 2023-08-04 | 8.8 | CVE-2023-4142 MISC MISC MISC |
omeka — omeka_s | Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3. | 2023-08-04 | 8.8 | CVE-2023-4159 MISC MISC |
ruijie — rg-ew1200g_firmware | A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-05 | 8.8 | CVE-2023-4169 MISC MISC MISC |
cockpit-hq — cockpit | PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | 2023-08-06 | 8.8 | CVE-2023-4195 MISC MISC |
wordpress — wordpress | The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the ‘rem_save_profile_front’ function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the ‘wp_capabilities’ parameter during a profile update. | 2023-08-09 | 8.8 | CVE-2023-4239 MISC MISC |
wordpress — wordpress | The FULL – Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin. | 2023-08-09 | 8.8 | CVE-2023-4243 MISC MISC MISC |
wordpress — wordpress | The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the ‘abpr_profileShortcode’ function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-08-10 | 8.8 | CVE-2023-4276 MISC MISC |
wordpress — wordpress | The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the ‘process_change_profile_form’ function. This makes it possible for unauthenticated attackers to change user email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-08-10 | 8.8 | CVE-2023-4277 MISC MISC |
wordpress — wordpress | The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the ‘wpdmpp_update_profile’ function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the ‘profile[role]’ parameter during a profile update. | 2023-08-12 | 8.8 | CVE-2023-4293 MISC MISC MISC |
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon. | 2023-08-09 | 8.6 | CVE-2023-37860 MISC |
prestashop — prestashop | PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | 2023-08-07 | 8.6 | CVE-2023-39528 MISC MISC |
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service. | 2023-08-09 | 8.2 | CVE-2023-37862 MISC |
hedgedoc — hedgedoc | HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed. Depending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database. This issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`. | 2023-08-04 | 8.2 | CVE-2023-38487 MISC MISC |
cisco — sd-wan_vmanage | A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application. | 2023-08-04 | 8.1 | CVE-2020-26064 MISC |
wordpress — wordpress | The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment | 2023-08-07 | 8.1 | CVE-2023-3365 MISC |
sentry — sentry | Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds. | 2023-08-07 | 8.1 | CVE-2023-39349 MISC MISC MISC MISC MISC |
microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability | 2023-08-08 | 8 | CVE-2023-35388 MISC |
microsoft — sharepoint_server | Microsoft SharePoint Server Spoofing Vulnerability | 2023-08-08 | 8 | CVE-2023-36891 MISC |
microsoft — sharepoint_server | Microsoft SharePoint Server Spoofing Vulnerability | 2023-08-08 | 8 | CVE-2023-36892 MISC |
microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability | 2023-08-08 | 8 | CVE-2023-38182 MISC |
stormshield — ssl_vpn_client | An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine. | 2023-08-05 | 7.8 | CVE-2022-46782 MISC |
qualcomm_inc. — snapdragon | Memory corruption in Trusted Execution Environment while calling service API with invalid address. | 2023-08-08 | 7.8 | CVE-2023-21627 MISC |
qualcomm_inc. — snapdragon | Memory corruption due to untrusted pointer dereference in automotive during system call. | 2023-08-08 | 7.8 | CVE-2023-21643 MISC |
qualcomm_inc. — snapdragon | Memory corruption in RIL while trying to send apdu packet. | 2023-08-08 | 7.8 | CVE-2023-21648 MISC |
qualcomm_inc. — snapdragon | Memory corruption in WLAN while running doDriverCmd for an unspecific command. | 2023-08-08 | 7.8 | CVE-2023-21649 MISC |
qualcomm_inc. — snapdragon | Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length. | 2023-08-08 | 7.8 | CVE-2023-21650 MISC |
qualcomm_inc. — snapdragon | Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE. | 2023-08-08 | 7.8 | CVE-2023-21651 MISC |
qualcomm_inc. — snapdragon | Memory Corruption in Audio while playing amrwbplus clips with modified content. | 2023-08-08 | 7.8 | CVE-2023-22666 MISC |
qualcomm_inc. — snapdragon | Memory corruption while allocating memory in COmxApeDec module in Audio. | 2023-08-08 | 7.8 | CVE-2023-28537 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-29320 MISC |
siemens — parasolid | A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-30795 MISC |
microsoft — windows_server_2008 | Windows Kernel Elevation of Privilege Vulnerability | 2023-08-08 | 7.8 | CVE-2023-35359 MISC |
microsoft — office_online_server | Microsoft Office Remote Code Execution Vulnerability | 2023-08-08 | 7.8 | CVE-2023-35371 MISC |
microsoft — office | Microsoft Office Visio Remote Code Execution Vulnerability | 2023-08-08 | 7.8 | CVE-2023-35372 MISC |
microsoft — windows_server_2008 | Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability | 2023-08-08 | 7.8 | CVE-2023-35379 MISC |
microsoft — windows_server_2008 | Windows Kernel Elevation of Privilege Vulnerability | 2023-08-08 | 7.8 | CVE-2023-35380 MISC |
microsoft — windows_server_2019 | Windows Kernel Elevation of Privilege Vulnerability | 2023-08-08 | 7.8 | CVE-2023-35382 MISC |
microsoft — windows_server_2012 | Windows Kernel Elevation of Privilege Vulnerability | 2023-08-08 | 7.8 | CVE-2023-35386 MISC |
microsoft — visual_studio_2022 | .NET and Visual Studio Remote Code Execution Vulnerability | 2023-08-08 | 7.8 | CVE-2023-35390 MISC |
zoom — zoom | Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | 2023-08-08 | 7.8 | CVE-2023-36540 MISC |
winitor — pestudio | An issue in PEStudio v.9.52 allows a remote attacker to execute arbitrary code via a crafted DLL file to the PESstudio exeutable. | 2023-08-08 | 7.8 | CVE-2023-36546 MISC |
microsoft — office | Microsoft Office Visio Remote Code Execution Vulnerability | 2023-08-08 | 7.8 | CVE-2023-36865 MISC |
microsoft — office | Microsoft Office Visio Remote Code Execution Vulnerability | 2023-08-08 | 7.8 | CVE-2023-36866 MISC |
microsoft — office | Microsoft Outlook Remote Code Execution Vulnerability | 2023-08-08 | 7.8 | CVE-2023-36895 MISC |
microsoft — office_online_server | Microsoft Excel Remote Code Execution Vulnerability | 2023-08-08 | 7.8 | CVE-2023-36896 MISC |
microsoft — windows_11_21h2 | Tablet Windows User Interface Application Core Remote Code Execution Vulnerability | 2023-08-08 | 7.8 | CVE-2023-36898 MISC |
microsoft — windows_server_2008 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | 2023-08-08 | 7.8 | CVE-2023-36900 MISC |
microsoft — windows_server_2019 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 2023-08-08 | 7.8 | CVE-2023-36904 MISC |
microsoft — windows_server_2019 | Windows Kernel Elevation of Privilege Vulnerability | 2023-08-08 | 7.8 | CVE-2023-38154 MISC |
microsoft — hevc_video_extensions | HEVC Video Extensions Remote Code Execution Vulnerability | 2023-08-08 | 7.8 | CVE-2023-38170 MISC |
microsoft — windows_defender | Microsoft Windows Defender Elevation of Privilege Vulnerability | 2023-08-08 | 7.8 | CVE-2023-38175 MISC |
adobe — dimension | Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-09 | 7.8 | CVE-2023-38211 MISC |
adobe — dimension | Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-09 | 7.8 | CVE-2023-38212 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38222 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38223 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38224 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38225 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38226 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38227 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38228 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38229 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38231 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38233 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38234 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38235 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 7.8 | CVE-2023-38246 MISC |
siemens — teamcenter_visualization | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-38524 MISC |
siemens — teamcenter_visualization | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-38525 MISC |
siemens — teamcenter_visualization | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-38526 MISC |
siemens — teamcenter_visualization | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-38527 MISC |
siemens — teamcenter_visualization | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-38528 MISC |
siemens — teamcenter_visualization | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-38529 MISC |
siemens — teamcenter_visualization | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-38530 MISC |
siemens — teamcenter_visualization | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-38531 MISC |
vim — vim | Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3 | 2023-08-07 | 7.8 | CVE-2023-3896 MISC MISC |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-39181 MISC |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-39182 MISC |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-39183 MISC |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-39184 MISC |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-39185 MISC |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-39186 MISC |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-39187 MISC |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | 7.8 | CVE-2023-39188 MISC |
cryptomator — cryptomator | Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround. | 2023-08-07 | 7.8 | CVE-2023-39520 MISC MISC MISC MISC |
wordpress — wordpress | The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action. | 2023-08-07 | 7.5 | CVE-2021-24916 MISC |
rarlab — unrar | UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | 2023-08-07 | 7.5 | CVE-2022-48579 MISC |
mitsubishic_electric — gt_designer3 | Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled. | 2023-08-04 | 7.5 | CVE-2023-0525 MISC MISC MISC |
qualcomm_inc. — snapdragon | Information disclosure in Network Services due to buffer over-read while the device receives DNS response. | 2023-08-08 | 7.5 | CVE-2023-21625 MISC |
qualcomm_inc. — snapdragon | Transient DOS in Audio while remapping channel buffer in media codec decoding. | 2023-08-08 | 7.5 | CVE-2023-28555 MISC |
assmann — ht-ip211hdp_firmware | Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera’s settings and the administrator credentials. | 2023-08-04 | 7.5 | CVE-2023-30146 MISC MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Information Disclosure Vulnerability | 2023-08-08 | 7.5 | CVE-2023-35383 MISC |
microsoft — asp.net_core | ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability | 2023-08-08 | 7.5 | CVE-2023-35391 MISC |
phpjabbers — class_scheduling_system | User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-04 | 7.5 | CVE-2023-36135 MISC MISC |
zoom — zoom | Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. | 2023-08-08 | 7.5 | CVE-2023-36532 MISC |
zoom — zoom | Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access. | 2023-08-08 | 7.5 | CVE-2023-36533 MISC |
microsoft — windows_server_2016 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | 2023-08-08 | 7.5 | CVE-2023-36905 MISC |
microsoft — windows_server_2008 | Windows Cryptographic Services Information Disclosure Vulnerability | 2023-08-08 | 7.5 | CVE-2023-36906 MISC |
microsoft — windows_server_2008 | Windows Cryptographic Services Information Disclosure Vulnerability | 2023-08-08 | 7.5 | CVE-2023-36907 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Denial of Service Vulnerability | 2023-08-08 | 7.5 | CVE-2023-36912 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Information Disclosure Vulnerability | 2023-08-08 | 7.5 | CVE-2023-36913 MISC |
siemens — ruggedcom_crossbow | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application’s file system. | 2023-08-08 | 7.5 | CVE-2023-37373 MISC |
projectdiscovery — nuclei | Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network. | 2023-08-04 | 7.5 | CVE-2023-37896 MISC MISC MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Denial of Service Vulnerability | 2023-08-08 | 7.5 | CVE-2023-38172 MISC |
microsoft — .net | .NET Core and Visual Studio Denial of Service Vulnerability | 2023-08-08 | 7.5 | CVE-2023-38178 MISC |
microsoft — asp.net_core | .NET and Visual Studio Denial of Service Vulnerability | 2023-08-08 | 7.5 | CVE-2023-38180 MISC |
microsoft — windows_server_2008 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 2023-08-08 | 7.5 | CVE-2023-38184 MISC |
metersphere — metersphere | MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue. | 2023-08-04 | 7.5 | CVE-2023-38494 MISC MISC |
xithrius — twitch | twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue. | 2023-08-04 | 7.5 | CVE-2023-38688 MISC MISC MISC |
churchcrm — churchcrm | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. | 2023-08-08 | 7.5 | CVE-2023-38760 MISC MISC MISC MISC |
churchcrm — churchcrm | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. | 2023-08-08 | 7.5 | CVE-2023-38762 MISC MISC MISC MISC |
churchcrm — churchcrm | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. | 2023-08-08 | 7.5 | CVE-2023-38764 MISC MISC MISC MISC |
churchcrm — churchcrm | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. | 2023-08-08 | 7.5 | CVE-2023-38765 MISC MISC MISC MISC |
churchcrm — churchcrm | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the ‘value’ and ‘custom’ parameters within the /QueryView.php. | 2023-08-08 | 7.5 | CVE-2023-38767 MISC MISC MISC MISC |
churchcrm — churchcrm | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. | 2023-08-08 | 7.5 | CVE-2023-38768 MISC MISC MISC MISC |
churchcrm — churchcrm | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. | 2023-08-08 | 7.5 | CVE-2023-38769 MISC MISC MISC MISC |
churchcrm — churchcrm | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. | 2023-08-08 | 7.5 | CVE-2023-38770 MISC MISC MISC MISC |
churchcrm — churchcrm | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. | 2023-08-08 | 7.5 | CVE-2023-38771 MISC MISC MISC MISC |
churchcrm — churchcrm | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php. | 2023-08-08 | 7.5 | CVE-2023-38773 MISC MISC MISC MISC |
phpjabbers — yacht_listing_script | An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients’ credit card numbers from the Reservations module. | 2023-08-10 | 7.5 | CVE-2023-38830 MISC MISC |
zoom — zoom | Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access. | 2023-08-08 | 7.5 | CVE-2023-39217 MISC |
fujitsu — software_infrastructure_manager | Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product’s maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060. | 2023-08-04 | 7.5 | CVE-2023-39379 MISC MISC |
imagemagick — imagemagick | ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. | 2023-08-08 | 7.5 | CVE-2023-39978 MISC MISC MISC |
wordpress — wordpress | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files. | 2023-08-04 | 7.5 | CVE-2023-4139 MISC MISC |
templatecookie — adlisting | A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-05 | 7.5 | CVE-2023-4168 MISC MISC MISC |
chengdu — flash_flood_disaster_monitoring_and_warning_system | A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207. | 2023-08-05 | 7.5 | CVE-2023-4172 MISC MISC MISC |
sourcecodester — inventory_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236289 was assigned to this vulnerability. | 2023-08-07 | 7.5 | CVE-2023-4199 MISC MISC MISC |
rust-lang — cargo | Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one’s system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. | 2023-08-04 | 7.3 | CVE-2023-38497 MISC MISC MISC MISC MISC MISC MISC |
semcms — semcms | File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php. | 2023-08-05 | 7.2 | CVE-2020-23564 MISC MISC |
google — android | In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges needed | 2023-08-07 | 7.2 | CVE-2023-33913 MISC |
textpattern_cms — textpattern_cms | Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function. | 2023-08-07 | 7.2 | CVE-2023-36220 MISC MISC MISC MISC |
phpgurukul — online_nurse_hiring_system | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal. | 2023-08-08 | 7.2 | CVE-2023-37687 MISC MISC MISC |
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root. | 2023-08-09 | 7.2 | CVE-2023-37859 MISC |
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. | 2023-08-09 | 7.2 | CVE-2023-37863 MISC |
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. | 2023-08-09 | 7.2 | CVE-2023-37864 MISC |
microsoft — dynamics_365_business_central | Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability | 2023-08-08 | 7.2 | CVE-2023-38167 MISC |
qualcomm_inc. — snapdragon | Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. | 2023-08-08 | 7.1 | CVE-2023-21626 MISC |
qualcomm_inc. — snapdragon | Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. | 2023-08-08 | 7.1 | CVE-2023-21652 MISC |
microsoft — windows_server_2008 | Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability | 2023-08-08 | 7.1 | CVE-2023-36876 MISC |
n-able_technologies — n-central | An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. | 2023-08-04 | 7 | CVE-2023-30297 MISC MISC |
microsoft — windows_server_2019 | Windows Projected File System Elevation of Privilege Vulnerability | 2023-08-08 | 7 | CVE-2023-35378 MISC |
microsoft — azure_arc-enabled_servers | Azure Arc-Enabled Servers Elevation of Privilege Vulnerability | 2023-08-08 | 7 | CVE-2023-38176 MISC |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wordpress — wordpress | The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitization as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2023-08-07 | 6.8 | CVE-2023-3492 MISC |
google — android | In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826905; Issue ID: ALPS07826905. | 2023-08-07 | 6.7 | CVE-2023-20783 MISC |
google — android | In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826989; Issue ID: ALPS07826989. | 2023-08-07 | 6.7 | CVE-2023-20784 MISC |
google — android | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811. | 2023-08-07 | 6.7 | CVE-2023-20786 MISC |
google — android | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07864900; Issue ID: ALPS07864900. | 2023-08-07 | 6.7 | CVE-2023-20795 MISC |
google — android | In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629582; Issue ID: ALPS07629582. | 2023-08-07 | 6.7 | CVE-2023-20797 MISC |
mediatek_inc. — multiple_products | In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384. | 2023-08-07 | 6.7 | CVE-2023-20804 MISC |
mediatek_inc. — multiple_products | In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411. | 2023-08-07 | 6.7 | CVE-2023-20805 MISC |
google — android | In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437. | 2023-08-07 | 6.7 | CVE-2023-20806 MISC |
google — android | In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433. | 2023-08-07 | 6.7 | CVE-2023-20807 MISC |
google — android | In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895. | 2023-08-07 | 6.7 | CVE-2023-20808 MISC |
google — android | In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03751198; Issue ID: DTV03751198. | 2023-08-07 | 6.7 | CVE-2023-20809 MISC |
google — android | In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. | 2023-08-07 | 6.7 | CVE-2023-20811 MISC |
google — android | In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453560; Issue ID: ALPS07453560. | 2023-08-07 | 6.7 | CVE-2023-20814 MISC |
google — android | In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453587; Issue ID: ALPS07453587. | 2023-08-07 | 6.7 | CVE-2023-20815 MISC |
google — android | In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453589; Issue ID: ALPS07453589. | 2023-08-07 | 6.7 | CVE-2023-20816 MISC |
google — android | In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453600; Issue ID: ALPS07453600. | 2023-08-07 | 6.7 | CVE-2023-20817 MISC |
solarwinds_ — serv-u | A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | 2023-08-11 | 6.6 | CVE-2023-35179 MISC MISC |
cisco — sd-wan_vmanage | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. | 2023-08-04 | 6.5 | CVE-2020-26065 MISC |
gitea — gitea | In Gitea through 1.17.1, repo cloning can occur in the migration function. | 2023-08-07 | 6.5 | CVE-2022-38795 MISC MISC MISC |
openrefine — openrefine | OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. | 2023-08-04 | 6.5 | CVE-2022-41401 MISC MISC MISC |
google — chrome | Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-08-04 | 6.5 | CVE-2022-4955 MISC MISC |
mediatek_inc. — multiple_products | In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955. | 2023-08-07 | 6.5 | CVE-2023-20800 MISC |
mediatek_inc. — multiple_products | In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976. | 2023-08-07 | 6.5 | CVE-2023-20802 MISC |
mediatek_inc. — multiple_products | In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374. | 2023-08-07 | 6.5 | CVE-2023-20803 MISC |
qualcomm_inc. — snapdragon | Information disclosure in Bluetooth when an GATT packet is received due to improper input validation. | 2023-08-08 | 6.5 | CVE-2023-21647 MISC |
paessler — prtg_network_monitor | An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. The NetApp Volume Sensor transmits cleartext credentials over the network when the HTTP protocol is selected. This can be triggered remotely via a CSRF by simply sending a controls/addsensor3.htm link to a logged-in victim. | 2023-08-09 | 6.5 | CVE-2023-31452 MISC MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Denial of Service Vulnerability | 2023-08-08 | 6.5 | CVE-2023-35376 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Denial of Service Vulnerability | 2023-08-08 | 6.5 | CVE-2023-35377 MISC |
microsoft — windows_server_2008 | Windows HTML Platforms Security Feature Bypass Vulnerability | 2023-08-08 | 6.5 | CVE-2023-35384 MISC |
microsoft — dynamics_365 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | 2023-08-08 | 6.5 | CVE-2023-35389 MISC |
phpjabbers — class_scheduling_system | PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. | 2023-08-08 | 6.5 | CVE-2023-36136 MISC MISC |
zoom — zoom | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. | 2023-08-08 | 6.5 | CVE-2023-36535 MISC |
microsoft — sharepoint_server | Microsoft SharePoint Server Information Disclosure Vulnerability | 2023-08-08 | 6.5 | CVE-2023-36890 MISC |
microsoft — outlook | Microsoft Outlook Spoofing Vulnerability | 2023-08-08 | 6.5 | CVE-2023-36893 MISC |
microsoft — sharepoint_server | Microsoft SharePoint Server Information Disclosure Vulnerability | 2023-08-08 | 6.5 | CVE-2023-36894 MISC |
microsoft — 365_apps | Visual Studio Tools for Office Runtime Spoofing Vulnerability | 2023-08-08 | 6.5 | CVE-2023-36897 MISC |
microsoft — windows_server_2008 | Windows Hyper-V Information Disclosure Vulnerability | 2023-08-08 | 6.5 | CVE-2023-36908 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Denial of Service Vulnerability | 2023-08-08 | 6.5 | CVE-2023-36909 MISC |
sap — netweaver_application_server_abap | SAP NetWeaver Application Server ABAP and ABAP Platform – versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack. | 2023-08-08 | 6.5 | CVE-2023-37492 MISC MISC |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2023-08-07 | 6.5 | CVE-2023-38157 MISC |
adobe — commerce | Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user’s data. Exploitation of this issue does not require user interaction. | 2023-08-09 | 6.5 | CVE-2023-38209 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Denial of Service Vulnerability | 2023-08-08 | 6.5 | CVE-2023-38254 MISC |
zohocorp — manageengine_admanager_plus | Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user’s account via sensitive information disclosure. | 2023-08-04 | 6.5 | CVE-2023-38332 MISC MISC |
matrix — matrix-appservice-bridge | matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user’s MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user’s *claimed* MXID) is the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API. | 2023-08-04 | 6.5 | CVE-2023-38691 MISC MISC |
cypress_image_snapshot — cypress_image_snapshot | cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it’s possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2. | 2023-08-04 | 6.5 | CVE-2023-38695 MISC MISC MISC MISC |
ensdomains — ethereum_name_service | Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22. If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost. Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action. | 2023-08-04 | 6.5 | CVE-2023-38698 MISC MISC MISC |
mindsdb — mindsdb | MindsDB’s AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior. | 2023-08-04 | 6.5 | CVE-2023-38699 MISC MISC MISC |
churchcrm — churchcrm | SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. | 2023-08-08 | 6.5 | CVE-2023-38763 MISC MISC MISC MISC |
netgear — dgn3500_firmware | Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. | 2023-08-07 | 6.5 | CVE-2023-38924 MISC MISC |
shopex — ecshop | ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel. | 2023-08-04 | 6.5 | CVE-2023-39112 MISC |
gitlab — gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects’s configured security policies. | 2023-08-04 | 6.5 | CVE-2023-4002 MISC |
qemu — qemu | A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed. | 2023-08-04 | 6.5 | CVE-2023-4135 MISC MISC MISC |
admidio — admidio | Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11. | 2023-08-06 | 6.5 | CVE-2023-4190 MISC MISC |
google — android | In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628524; Issue ID: ALPS07628524. | 2023-08-07 | 6.4 | CVE-2023-20785 MISC |
google — android | In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648734. | 2023-08-07 | 6.4 | CVE-2023-20787 MISC |
google — android | In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648735. | 2023-08-07 | 6.4 | CVE-2023-20788 MISC |
mediatek_inc. — multiple_products | In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968. | 2023-08-07 | 6.4 | CVE-2023-20801 MISC |
wordpress — wordpress | The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ’embedpress_calendar’ shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-08-10 | 6.4 | CVE-2023-4283 MISC MISC MISC |
microsoft — azure_devops_server | Azure DevOps Server Spoofing Vulnerability | 2023-08-08 | 6.3 | CVE-2023-36869 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.15 versions. | 2023-08-08 | 6.1 | CVE-2023-24409 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions. | 2023-08-08 | 6.1 | CVE-2023-24413 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Mocho Blog theme <= 1.0.4 versions. | 2023-08-08 | 6.1 | CVE-2023-27412 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Everest News theme <= 1.1.0 versions. | 2023-08-08 | 6.1 | CVE-2023-27421 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo Woocommerce Email Report plugin <= 2.4 versions. | 2023-08-08 | 6.1 | CVE-2023-27627 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard’s Patron Button and Widgets for Patreon plugin <= 2.1.8 versions. | 2023-08-05 | 6.1 | CVE-2023-30491 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.6 versions. | 2023-08-08 | 6.1 | CVE-2023-32503 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin <= 3.0.7 versions. | 2023-08-05 | 6.1 | CVE-2023-34010 MISC |
wordpress — wordpress | The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | 2023-08-07 | 6.1 | CVE-2023-3524 MISC |
phpjabbers — class_scheduling_system | There is a Cross Site Scripting (XSS) vulnerability in the “theme” parameter of preview.php in PHPJabbers Class Scheduling System 1.0. | 2023-08-04 | 6.1 | CVE-2023-36137 MISC MISC |
sourcecodester — toll_tax_management_system | Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page. | 2023-08-04 | 6.1 | CVE-2023-36158 MISC MISC MISC MISC |
sourcecodester — lost_and_found_information_system | Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. | 2023-08-04 | 6.1 | CVE-2023-36159 MISC MISC MISC |
phpjabbers — document_creator | There is a Cross Site Scripting (XSS) vulnerability in the “action” parameter of index.php in PHPJabbers Document Creator v1.0. | 2023-08-10 | 6.1 | CVE-2023-36309 MISC MISC |
phpjabbers — document_creator | There is a Cross Site Scripting (XSS) vulnerability in the “column” parameter of index.php in PHPJabbers Document Creator v1.0. | 2023-08-10 | 6.1 | CVE-2023-36310 MISC MISC |
phpjabbers — document_creator | PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of “Export Requests” aside from “request_feed”. | 2023-08-10 | 6.1 | CVE-2023-36313 MISC MISC |
phpjabbers — callback_widget | There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0. | 2023-08-10 | 6.1 | CVE-2023-36314 MISC MISC |
phpjabbers — callback_widget | There is a Cross Site Scripting (XSS) vulnerability in the “action” parameter of index.php in PHPJabbers Callback Widget v1.0. | 2023-08-10 | 6.1 | CVE-2023-36315 MISC MISC |
digital_ant — e-commerce_software | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11. | 2023-08-08 | 6.1 | CVE-2023-3652 MISC |
digital_ant — e-commerce_software | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11. | 2023-08-08 | 6.1 | CVE-2023-3653 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions. | 2023-08-05 | 6.1 | CVE-2023-36686 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions. | 2023-08-05 | 6.1 | CVE-2023-36689 MISC |
wordpress — wordpress | The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-08-07 | 6.1 | CVE-2023-3671 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | 2023-08-05 | 6.1 | CVE-2023-37873 MISC |
joomla — joomla | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements. | 2023-08-07 | 6.1 | CVE-2023-38045 MISC |
lw-systems — benno_mailarchiv | An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox. | 2023-08-09 | 6.1 | CVE-2023-38347 MISC MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntactics, Inc. EaSYNC plugin <= 1.3.7 versions. | 2023-08-08 | 6.1 | CVE-2023-38384 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.9 versions. | 2023-08-07 | 6.1 | CVE-2023-38392 MISC |
churchcrm — churchcrm | Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component. | 2023-08-08 | 6.1 | CVE-2023-38761 MISC MISC MISC MISC |
creativeitem — academy_learning_management_system | Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | 2023-08-04 | 6.1 | CVE-2023-38964 MISC |
prestashop — prestashop | PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds. | 2023-08-07 | 6.1 | CVE-2023-39527 MISC MISC |
phpgurukul — online_security_guards_hiring_system | PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS). | 2023-08-04 | 6.1 | CVE-2023-39552 MISC |
emby — media_browser_emby_server | A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-236183. | 2023-08-05 | 6.1 | CVE-2023-4167 MISC MISC MISC |
moosocial — moostore | A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208. | 2023-08-06 | 6.1 | CVE-2023-4173 MISC MISC MISC |
moosocial — moostore | A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability. | 2023-08-06 | 6.1 | CVE-2023-4174 MISC MISC MISC |
moosocial — mootravel | A vulnerability was found in mooSocial mooTravel 3.1.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-236210 is the identifier assigned to this vulnerability. | 2023-08-06 | 6.1 | CVE-2023-4175 MISC MISC |
microsoft — .net_framework | .NET Framework Spoofing Vulnerability | 2023-08-08 | 5.9 | CVE-2023-36873 MISC |
vyperlang — vyper | Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue. | 2023-08-07 | 5.9 | CVE-2023-39363 MISC MISC MISC MISC MISC |
sap — supplier_relationship_management | SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM. | 2023-08-08 | 5.8 | CVE-2023-39436 MISC MISC |
empowerid — empowerid | A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 7.205.0.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236213 was assigned to this vulnerability. | 2023-08-06 | 5.7 | CVE-2023-4177 MISC MISC MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-29303 MISC |
google — android | In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 2023-08-07 | 5.5 | CVE-2023-33906 MISC |
google — android | In Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | 2023-08-07 | 5.5 | CVE-2023-33907 MISC |
google — android | In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | 2023-08-07 | 5.5 | CVE-2023-33908 MISC |
google — android | In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 2023-08-07 | 5.5 | CVE-2023-33909 MISC |
google — android | In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 2023-08-07 | 5.5 | CVE-2023-33910 MISC |
google — android | In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 2023-08-07 | 5.5 | CVE-2023-33911 MISC |
google — android | In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges | 2023-08-07 | 5.5 | CVE-2023-33912 MISC |
microsoft — windows_server_2008 | Windows Group Policy Security Feature Bypass Vulnerability | 2023-08-08 | 5.5 | CVE-2023-36889 MISC |
microsoft — windows_server_2022 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | 2023-08-08 | 5.5 | CVE-2023-36914 MISC |
adobe — xmp_toolkit | Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38210 MISC |
adobe — dimension | Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-09 | 5.5 | CVE-2023-38213 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38230 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38232 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38236 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38237 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38238 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38239 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38240 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38241 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38242 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38243 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38244 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. | 2023-08-10 | 5.5 | CVE-2023-38245 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38247 MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 5.5 | CVE-2023-38248 MISC |
siemens — teamcenter_visualization | A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition. | 2023-08-08 | 5.5 | CVE-2023-38532 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions. | 2023-08-08 | 5.4 | CVE-2022-45821 MISC |
wordpress — wordpress | The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-08-07 | 5.4 | CVE-2023-0604 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin <= 2.3.1 versions. | 2023-08-08 | 5.4 | CVE-2023-23877 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExactMetrics plugin <= 7.14.1 versions. | 2023-08-08 | 5.4 | CVE-2023-23880 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions. | 2023-08-08 | 5.4 | CVE-2023-29099 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in VillaTheme WPBulky plugin <= 1.0.10 versions. | 2023-08-08 | 5.4 | CVE-2023-30482 MISC |
paessler — prtg_network_monitor | An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a HL7 Sensor. When creating this sensor, the user can set the HL7 message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. | 2023-08-09 | 5.4 | CVE-2023-31448 MISC MISC |
paessler — prtg_network_monitor | An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a WMI Custom Sensor. When creating this sensor, the user can set the WQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. | 2023-08-09 | 5.4 | CVE-2023-31449 MISC MISC |
paessler — prtg_network_monitor | An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker’s machine. | 2023-08-09 | 5.4 | CVE-2023-31450 MISC MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions. | 2023-08-06 | 5.4 | CVE-2023-32600 MISC |
wordpress — wordpress | The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-08-07 | 5.4 | CVE-2023-3575 MISC |
phpjabbers — callback_widget | There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0. | 2023-08-10 | 5.4 | CVE-2023-36312 MISC MISC |
apache — roller | Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller’s File Upload feature. | 2023-08-06 | 5.4 | CVE-2023-37581 MISC MISC |
wger — workout_manager | Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components. | 2023-08-08 | 5.4 | CVE-2023-38758 MISC MISC |
churchcrm — churchcrm | Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component. | 2023-08-08 | 5.4 | CVE-2023-38766 MISC MISC MISC MISC |
jeesite — jeesite | An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. | 2023-08-04 | 5.4 | CVE-2023-38991 MISC |
sap — business_one | SAP business One allows – version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application. | 2023-08-08 | 5.4 | CVE-2023-39437 MISC MISC |
fobybus — social-media-skeleton | social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3. | 2023-08-08 | 5.4 | CVE-2023-39518 MISC MISC MISC |
omeka — omeka_s | Cross-site Scripting (XSS) – Stored in GitHub repository omeka/omeka-s prior to 4.0.3. | 2023-08-04 | 5.4 | CVE-2023-4158 MISC MISC |
cockpit — cockpit | Cross-site Scripting (XSS) – Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | 2023-08-06 | 5.4 | CVE-2023-4196 MISC MISC |
advantech — eki-1524_firmware | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. | 2023-08-08 | 5.4 | CVE-2023-4202 MISC MISC |
advantech — eki-1524_firmware | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. | 2023-08-08 | 5.4 | CVE-2023-4203 MISC MISC |
wordpress — wordpress | The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘admin_post_remove’ and ‘remove_private_data’ functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings. | 2023-08-10 | 5.4 | CVE-2023-4282 MISC MISC MISC MISC |
cisco — asyncos | A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. | 2023-08-04 | 5.3 | CVE-2020-26082 MISC |
vmware — horizon_client | VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests. | 2023-08-04 | 5.3 | CVE-2023-34037 MISC |
vmware — horizon_client | VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. | 2023-08-04 | 5.3 | CVE-2023-34038 MISC |
phpjabbers — cleaning_business_software | User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-08-04 | 5.3 | CVE-2023-36141 MISC MISC |
sap — powerdesigner | SAP PowerDesigner – version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client’s memory. | 2023-08-08 | 5.3 | CVE-2023-37484 MISC MISC |
sap — business_one | SAP Business One (Service Layer) – version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application | 2023-08-08 | 5.3 | CVE-2023-37487 MISC MISC |
adobe — commerce | Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction. | 2023-08-09 | 5.3 | CVE-2023-38207 MISC |
matrix — sydent | Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers’ certificates. This makes Sydent’s emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent’s emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one’s control which does not have a listening SMTP server. | 2023-08-04 | 5.3 | CVE-2023-38686 MISC MISC MISC MISC MISC MISC MISC |
socketry — protocol-http1 | protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn’t contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds. | 2023-08-04 | 5.3 | CVE-2023-38697 MISC MISC MISC MISC |
chengdu — flash_flood_disaster_monitoring_and_warning_system | A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: ‘../filedir’. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236206 is the identifier assigned to this vulnerability. | 2023-08-05 | 5.3 | CVE-2023-4171 MISC MISC MISC |
fujitsu — software_infrastructure_manager | An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext. That occurs when users perform any ISM Firmware Repository Address setup test (Test the Connection), or regularly authorize against an already configured remote firmware repository site, as set up in ISM Firmware Repository Address. A privileged attacker is therefore able to potentially gather the associated ismsnap maintenance data, in the same manner as a trusted party allowed to export ismsnap data from ISM. The preconditions for an ISM installation to be generally vulnerable are that the Download Firmware (Firmware Repository Server) function is enabled and configured, and that the character \ (backslash) is used in a user credential (i.e., user/ID or password) of the remote proxy host / firmware repository server. NOTE: this may overlap CVE-2023-39379. | 2023-08-07 | 5 | CVE-2023-39903 MISC MISC |
phoenixcontact — multiple_products | In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service. | 2023-08-08 | 4.9 | CVE-2023-3569 MISC MISC |
zoom — zoom | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. | 2023-08-08 | 4.9 | CVE-2023-39218 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions. | 2023-08-10 | 4.8 | CVE-2022-44629 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pierre JEHAN Owl Carousel plugin <= 0.5.3 versions. | 2023-08-08 | 4.8 | CVE-2023-23829 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin <= 5.2.3 versions. | 2023-08-08 | 4.8 | CVE-2023-25063 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Postsnippets Post Snippets plugin <= 4.0.2 versions. | 2023-08-08 | 4.8 | CVE-2023-25459 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions. | 2023-08-08 | 4.8 | CVE-2023-25984 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions. | 2023-08-08 | 4.8 | CVE-2023-27415 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Decon Digital Decon WP SMS plugin <= 1.1 versions. | 2023-08-08 | 4.8 | CVE-2023-27416 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes NS Coupon To Become Customer plugin <= 1.2.2 versions. | 2023-08-08 | 4.8 | CVE-2023-27422 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Never5 Post Connector plugin <= 1.0.9 versions. | 2023-08-08 | 4.8 | CVE-2023-28931 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions. | 2023-08-08 | 4.8 | CVE-2023-28934 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ransom Christofferson PDQ CSV plugin <= 1.0.0 versions. | 2023-08-08 | 4.8 | CVE-2023-31221 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetButton Chat Button by GetButton.Io plugin <= 1.8.9.4 versions. | 2023-08-08 | 4.8 | CVE-2023-32292 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions. | 2023-08-05 | 4.8 | CVE-2023-34377 MISC |
wordpress — wordpress | The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | 2023-08-07 | 4.8 | CVE-2023-3650 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions. | 2023-08-05 | 4.8 | CVE-2023-36678 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin <= 0.6.11 versions. | 2023-08-08 | 4.8 | CVE-2023-36692 MISC |
phpgurukul– online_nurse_hiring_system | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin. | 2023-08-08 | 4.8 | CVE-2023-37683 MISC MISC MISC |
phpgurukul — online_nurse_hiring_system | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal. | 2023-08-08 | 4.8 | CVE-2023-37684 MISC MISC MISC MISC |
phpgurukul — online_nurse_hiring_system | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal. | 2023-08-08 | 4.8 | CVE-2023-37685 MISC MISC MISC MISC |
phpgurukul — online_nurse_hiring_system | Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal. | 2023-08-08 | 4.8 | CVE-2023-37686 MISC MISC MISC MISC |
phpgurukul– maid_hiring_management_system | Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page. | 2023-08-08 | 4.8 | CVE-2023-37688 MISC MISC MISC MISC |
phpgurukul — maid_hiring_management_system | Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page. | 2023-08-08 | 4.8 | CVE-2023-37689 MISC MISC MISC MISC |
phpgurukul– maid_hiring_management_system | Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page. | 2023-08-08 | 4.8 | CVE-2023-37690 MISC MISC MISC MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions. | 2023-08-05 | 4.8 | CVE-2023-37874 MISC |
omeka — omeka_s | Improper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3. | 2023-08-04 | 4.8 | CVE-2023-4157 MISC MISC |
dedebiz — dedebiz | A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-05 | 4.8 | CVE-2023-4170 MISC MISC MISC |
instantcms — instantcms | Cross-site Scripting (XSS) – Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 2023-08-05 | 4.8 | CVE-2023-4187 MISC MISC |
instantcms — instantcms | Cross-site Scripting (XSS) – Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 2023-08-05 | 4.8 | CVE-2023-4189 MISC MISC |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to Unrestricted, making the attack complexity high. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-08-10 | 4.7 | CVE-2023-29299 MISC |
microsoft — azure_hdinsights | Azure HDInsight Jupyter Notebook Spoofing Vulnerability | 2023-08-08 | 4.6 | CVE-2023-35394 MISC |
microsoft — azure_hdinsights | Azure Apache Hive Spoofing Vulnerability | 2023-08-08 | 4.5 | CVE-2023-35393 MISC |
microsoft — azure_hdinsights | Azure Apache Oozie Spoofing Vulnerability | 2023-08-08 | 4.5 | CVE-2023-36877 MISC |
microsoft — azure_hdinsights | Azure Apache Ambari Spoofing Vulnerability | 2023-08-08 | 4.5 | CVE-2023-36881 MISC |
microsoft — azure_hdinsights | Azure Apache Hadoop Spoofing Vulnerability | 2023-08-08 | 4.5 | CVE-2023-38188 MISC |
google — android | In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2023-08-07 | 4.4 | CVE-2022-47350 MISC |
google — android | In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2023-08-07 | 4.4 | CVE-2022-47351 MISC |
google — android | In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756. | 2023-08-07 | 4.4 | CVE-2023-20780 MISC |
google — android | In keyinstall, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS07905323. | 2023-08-07 | 4.4 | CVE-2023-20781 MISC |
google — android | In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550103. | 2023-08-07 | 4.4 | CVE-2023-20782 MISC |
google — android | In jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07693193; Issue ID: ALPS07693193. | 2023-08-07 | 4.4 | CVE-2023-20789 MISC |
mediatek_inc. — multiple_products | In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194. | 2023-08-07 | 4.4 | CVE-2023-20790 MISC |
google — android | In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818. | 2023-08-07 | 4.4 | CVE-2023-20793 MISC |
mediatek_inc. — multiple_products | In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790. | 2023-08-07 | 4.4 | CVE-2023-20796 MISC |
google — android | In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076. | 2023-08-07 | 4.4 | CVE-2023-20798 MISC |
google — android | In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. | 2023-08-07 | 4.4 | CVE-2023-20810 MISC |
mediatek_inc. — multiple_products | In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944987; Issue ID: ALPS07944987. | 2023-08-07 | 4.4 | CVE-2023-20812 MISC |
google — android | In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453549; Issue ID: ALPS07453549. | 2023-08-07 | 4.4 | CVE-2023-20813 MISC |
google — android | In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460540; Issue ID: ALPS07460540. | 2023-08-07 | 4.4 | CVE-2023-20818 MISC |
sap — businessobjects_business_intelligence | In SAP BusinessObjects Business Intelligence – version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity. | 2023-08-08 | 4.4 | CVE-2023-39440 MISC MISC |
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser. | 2023-08-09 | 4.3 | CVE-2023-37855 MISC |
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser . | 2023-08-09 | 4.3 | CVE-2023-37856 MISC |
sulu — sulu | Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10. | 2023-08-04 | 4.3 | CVE-2023-39343 MISC MISC MISC |
wordpress — wordpress | The FULL – Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check. | 2023-08-09 | 4.3 | CVE-2023-4242 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. This issue cannot be exploited to bypass the web service authentication of the affected device(s). | 2023-08-09 | 3.8 | CVE-2023-37857 MISC |
phoenixcontact — wp_6xxx_series | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password. | 2023-08-09 | 3.8 | CVE-2023-37858 MISC |
matrix — matrix_irc_bridge | matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance. | 2023-08-04 | 3.7 | CVE-2023-38700 MISC MISC MISC |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
jbt_markdown_editor — jbt_markdown_editor | Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file. | 2023-08-11 | not yet calculated | CVE-2020-19952 MISC CONFIRM MISC |
gila_cms — gila_cms | Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation. | 2023-08-11 | not yet calculated | CVE-2020-20523 MISC |
yzmcms — yzmcms | Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. | 2023-08-11 | not yet calculated | CVE-2020-23595 MISC |
laborator — kalium | Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code. | 2023-08-11 | not yet calculated | CVE-2020-24075 MISC |
jerryscript — jerryscript | An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference). | 2023-08-11 | not yet calculated | CVE-2020-24187 MISC MISC |
getbyte — getbyte | An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop). | 2023-08-11 | not yet calculated | CVE-2020-24221 MISC |
ffjpeg – – ffjpeg | Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN. | 2023-08-11 | not yet calculated | CVE-2020-24222 MISC |
cms — cms_dev | Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs. | 2023-08-11 | not yet calculated | CVE-2020-24804 MISC |
lepton-cms — lepton-cms | Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code. | 2023-08-11 | not yet calculated | CVE-2020-24872 MISC |
gnome_gmail — gnome_gmail | An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted “mailto” link. | 2023-08-11 | not yet calculated | CVE-2020-24904 MISC |
xxl-job-admin — xxl-job-admin | Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file. | 2023-08-11 | not yet calculated | CVE-2020-24922 MISC |
daylight_studio_fuel_cms — daylight_studio_fuel_cms | SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. | 2023-08-11 | not yet calculated | CVE-2020-24950 MISC |
thinkcmf — thinkcmf | Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login. | 2023-08-11 | not yet calculated | CVE-2020-25915 MISC |
zoho — manageengine_password_manager_pro | Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. | 2023-08-11 | not yet calculated | CVE-2020-27449 MISC MISC |
zrlog — zrlog | Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS). | 2023-08-11 | not yet calculated | CVE-2020-27514 MISC |
foldingathome_client — foldingathome_client | An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py. | 2023-08-11 | not yet calculated | CVE-2020-27544 MISC |
kindsoft– kindeditor | Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code. | 2023-08-11 | not yet calculated | CVE-2020-28717 MISC |
jhead — jhead | Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS). | 2023-08-11 | not yet calculated | CVE-2020-28840 MISC MISC MISC MISC |
churchcrm — churchcrm | CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. | 2023-08-11 | not yet calculated | CVE-2020-28848 MISC |
churchcrm — churchcrm | Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module. | 2023-08-11 | not yet calculated | CVE-2020-28849 MISC |
faucet — sdn_ryu | An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | 2023-08-11 | not yet calculated | CVE-2020-35139 MISC |
faucet — sdn_ryu | An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | 2023-08-11 | not yet calculated | CVE-2020-35141 MISC |
foxit — pdf_reader | Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file. | 2023-08-11 | not yet calculated | CVE-2020-35990 MISC MISC |
freedesktop — poppler | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. | 2023-08-11 | not yet calculated | CVE-2020-36023 MISC |
freedesktop — poppler | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. | 2023-08-11 | not yet calculated | CVE-2020-36024 MISC |
sourcecodester — school_faculty_scheduling_system | SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php. | 2023-08-11 | not yet calculated | CVE-2020-36034 MISC MISC MISC |
wuzhicms — wuzhicms | An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php. | 2023-08-11 | not yet calculated | CVE-2020-36037 MISC |
bloofoxcms — bloofoxcms | File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module. | 2023-08-11 | not yet calculated | CVE-2020-36082 MISC |
cszcms — cszcms | SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php. | 2023-08-11 | not yet calculated | CVE-2020-36136 MISC |
ffmpeg — ffmpeg | An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS). | 2023-08-11 | not yet calculated | CVE-2020-36138 MISC MISC MISC |
qdpf — qdpf | An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf. | 2023-08-11 | not yet calculated | CVE-2021-25786 MISC |
supermicro — cms | An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php. | 2023-08-11 | not yet calculated | CVE-2021-25856 MISC |
supermicro — cms | An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php. | 2023-08-11 | not yet calculated | CVE-2021-25857 MISC |
huemagic — huemagic | Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js. | 2023-08-11 | not yet calculated | CVE-2021-26504 MISC |
hello.js — hello.js | Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function. | 2023-08-11 | not yet calculated | CVE-2021-26505 MISC |
open-falcon — open-falcon | An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface. | 2023-08-11 | not yet calculated | CVE-2021-27523 MISC |
braft-editor — braft-editor | Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature. | 2023-08-11 | not yet calculated | CVE-2021-27524 MISC |
qt — qt | Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). | 2023-08-11 | not yet calculated | CVE-2021-28025 MISC |
cookieremembermemanager — ruoyi | An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges. | 2023-08-11 | not yet calculated | CVE-2021-28411 MISC |
xnview — xnview | Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file. | 2023-08-11 | not yet calculated | CVE-2021-28427 MISC |
ffmpeg — ffmpeg | Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. | 2023-08-11 | not yet calculated | CVE-2021-28429 MISC |
xnview — xnview | Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file. | 2023-08-11 | not yet calculated | CVE-2021-28835 MISC CONFIRM |
staticpool — staticpool | An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service. | 2023-08-11 | not yet calculated | CVE-2021-29057 MISC |
pear_admin_think — pear_admin_think | SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php. | 2023-08-11 | not yet calculated | CVE-2021-29378 MISC |
vim — vim | vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method. | 2023-08-11 | not yet calculated | CVE-2021-3236 MISC |
siemens — siemens_software_center | A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. | 2023-08-08 | not yet calculated | CVE-2021-41544 MISC |
intel(r) — onemkl | Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-25864 MISC |
intel(r) — proset/wireless_wifi_and_killer(tm)_wifi | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-27635 MISC |
wordpress — wordpress | Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions. | 2023-08-10 | not yet calculated | CVE-2022-27861 MISC |
intel(r) — processors | Improper buffer restrictions in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2022-27879 MISC |
intel(r) — dtt | Improper access control in the Intel DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-29470 MISC |
intel(r) — csme | Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-29871 MISC |
intel(r) — manageability_commander | Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2023-08-11 | not yet calculated | CVE-2022-29887 MISC |
intel(r) — pcsd_bios | Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2022-34657 MISC |
intel(r) — proset/wireless_wifi_and_killer(tm)_wifi | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2023-08-11 | not yet calculated | CVE-2022-36351 MISC |
intel(r) — nuc_bios | Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-36372 MISC |
intel(r) — amt_in_csme/standard_manageability_in_csme | Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access. | 2023-08-11 | not yet calculated | CVE-2022-36392 MISC |
intel(r) — nuc | Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-37336 MISC |
intel(r) — processors | Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-37343 MISC |
intel(r) — proset/wireless_wifi_and_killer(tm)_wifi_software | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-38076 MISC |
intel(r) — processors | Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2022-38083 MISC |
intel(r) — converged_security_and_management_engine | Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access. | 2023-08-11 | not yet calculated | CVE-2022-38102 MISC |
intel(r) — arc(tm)_graphics_cards_a770_and_a750 | Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or infomation disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2022-38973 MISC |
siemens — sicam_toolbox_ii | A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege escalation. | 2023-08-08 | not yet calculated | CVE-2022-39062 MISC |
intel(r) — proset/wireless_wifi_and_killer(tm)_wifi | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-40964 MISC |
intel(r) — processors | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2022-40982 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
intel(r) — xeon(r)_processors | Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-41804 MISC MISC |
intel(r) — arc(tm)_graphics_cards_a770_and_a750 | Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access. | 2023-08-11 | not yet calculated | CVE-2022-41984 MISC |
intel(r) — rst | Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-43456 MISC |
intel(r) — processors | Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | 2023-08-11 | not yet calculated | CVE-2022-43505 MISC |
intel(r) — processors | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. | 2023-08-11 | not yet calculated | CVE-2022-44611 MISC |
intel(r) — unison(tm) | Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2022-44612 MISC |
intel(r) — vroc | Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-45112 MISC |
intel(r) — proset/wireless_wifi | Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2022-46329 MISC |
apache — traffic_server | Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server. This issue affects Apache Traffic Server: through 9.2.1. | 2023-08-09 | not yet calculated | CVE-2022-47185 MISC |
studio_11 — outsystems_service | A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user. | 2023-08-10 | not yet calculated | CVE-2022-47636 MISC MISC |
abb — freelance_controllers | ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1. | 2023-08-07 | not yet calculated | CVE-2023-0425 MISC |
abb — freelance_controllers | ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1. | 2023-08-07 | not yet calculated | CVE-2023-0426 MISC |
the_opennms_group — horizon | XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization’s private networks and should not be directly accessible from the Internet. | 2023-08-11 | not yet calculated | CVE-2023-0871 MISC MISC |
amd — multiple_products | Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. | 2023-08-08 | not yet calculated | CVE-2023-20555 MISC |
amd — uprof | Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service. | 2023-08-08 | not yet calculated | CVE-2023-20556 MISC |
amd — uprof | Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service. | 2023-08-08 | not yet calculated | CVE-2023-20561 MISC |
amd — uprof | Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. | 2023-08-08 | not yet calculated | CVE-2023-20562 MISC |
amd — ryzen_3000_series_desktop_processors | A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | 2023-08-08 | not yet calculated | CVE-2023-20569 MISC MISC MISC MISC MISC MISC MISC MISC |
amd — radeon_software_crimson_relive_edition | A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations | 2023-08-08 | not yet calculated | CVE-2023-20586 MISC |
amd — epyc_7001_processors | A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | 2023-08-08 | not yet calculated | CVE-2023-20588 MISC |
amd — ryzen_3000_series_desktop_processors | An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. | 2023-08-08 | not yet calculated | CVE-2023-20589 MISC |
intel(r) — ethernet_controllers_and_adapters_e810_series | Race condition in firmware for some Intel(R) Ethernet Controllers and Adapters E810 Series before version 1.7.2.4 may allow an authenticated user to potentially enable denial of service via local access. | 2023-08-11 | not yet calculated | CVE-2023-22276 MISC |
intel(r) — nuc_bios_firmware | Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2023-22330 MISC |
intel(r) — onevpl_gpu | Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2023-22338 MISC |
intel(r) — nuc_bios_firmware | Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2023-22356 MISC |
nozomi_networks — guardian/cmc | A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way. | 2023-08-09 | not yet calculated | CVE-2023-22378 MISC |
intel(r) — nuc | Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board and Intel(R) NUC Pro Mini PC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2023-22444 MISC |
intel(r) — nuc_bios | Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-22449 MISC |
intel(r) — onevpl_gpu | Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access. | 2023-08-11 | not yet calculated | CVE-2023-22840 MISC |
intel(r) — 621a_chipset | Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-22841 MISC |
nozomi_networks — guardian | An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule. An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules. The injected code will be executed in the context of the authenticated victim’s session. | 2023-08-09 | not yet calculated | CVE-2023-22843 MISC |
audiocodes — voip_desk_phones | An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware. | 2023-08-11 | not yet calculated | CVE-2023-22955 MISC MISC |
audiocodes — voip_desk_phones | An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information. | 2023-08-11 | not yet calculated | CVE-2023-22956 MISC MISC |
audiocodes — voip_desk_phones | An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password. | 2023-08-11 | not yet calculated | CVE-2023-22957 MISC MISC |
hcl_software — hcl_nomad_for_web | If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. | 2023-08-10 | not yet calculated | CVE-2023-23342 MISC |
hcl_software — hcl_dryice_iautomate | HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | 2023-08-09 | not yet calculated | CVE-2023-23346 MISC |
hcl_software — hcl_dryice_iautomate | HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | 2023-08-09 | not yet calculated | CVE-2023-23347 MISC |
nozomi_networks — guardian/cmc | A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way. | 2023-08-09 | not yet calculated | CVE-2023-23574 MISC |
intel(r) — nuc | Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-23577 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions. | 2023-08-10 | not yet calculated | CVE-2023-23798 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arsham Mirshah Add Posts to Pages plugin <= 1.4.1 versions. | 2023-08-10 | not yet calculated | CVE-2023-23826 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Swashata WP Category Post List Widget plugin <= 2.0.3 versions. | 2023-08-10 | not yet calculated | CVE-2023-23828 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <= 1.1.23 versions. | 2023-08-10 | not yet calculated | CVE-2023-23871 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8 versions. | 2023-08-10 | not yet calculated | CVE-2023-23900 MISC |
nozomi_networks — guardian | An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention. | 2023-08-09 | not yet calculated | CVE-2023-23903 MISC |
intel(r) — xeon(r)_processors | Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2023-23908 MISC MISC |
wordpress — wordpress | Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <= 1.1 versions. | 2023-08-10 | not yet calculated | CVE-2023-24009 MISC |
nozomi_networks — guardian | A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading. | 2023-08-09 | not yet calculated | CVE-2023-24015 MISC |
intel(r) — quartus(r)_prime_pro_and_standard_edition_software_for_linux | Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-24016 MISC |
rockwell_automation — armor_powerflex | A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations. | 2023-08-08 | not yet calculated | CVE-2023-2423 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions. | 2023-08-10 | not yet calculated | CVE-2023-24389 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions. | 2023-08-10 | not yet calculated | CVE-2023-24391 MISC |
wordpress — wordpress | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <= 1.6 versions. | 2023-08-10 | not yet calculated | CVE-2023-24393 MISC |
nozomi_networks — guardian | An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions. | 2023-08-09 | not yet calculated | CVE-2023-24471 MISC |
nozomi_networks — guardian/cmc | In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user’s session. | 2023-08-09 | not yet calculated | CVE-2023-24477 MISC |
foswiki — foswiki | Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. | 2023-08-08 | not yet calculated | CVE-2023-24698 MISC |
siemens — ruggedcom | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The affected products insufficiently block data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior. | 2023-08-08 | not yet calculated | CVE-2023-24845 MISC |
intel(r) — unite(r)_client_for_mac | Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-25182 MISC |
intel(r) — unison(tm) | Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access. | 2023-08-11 | not yet calculated | CVE-2023-25757 MISC |
intel(r) — unite(r)_hub_for_windows | Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-25773 MISC |
intel(r) — ethernet_controller_rdma_driver_for_linux | Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2023-08-11 | not yet calculated | CVE-2023-25775 MISC |
intel(r) — vcust_tool | Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-25944 MISC |
oppo — oneplus_store | A remote code execution vulnerability in the webview component of OnePlus Store app. | 2023-08-10 | not yet calculated | CVE-2023-26309 MISC |
oppo — oppo_find_x3 | There is a command injection problem in the old version of the mobile phone backup app. | 2023-08-09 | not yet calculated | CVE-2023-26310 MISC |
oppo — oppo_store | A remote code execution vulnerability in the webview component of OPPO Store app. | 2023-08-10 | not yet calculated | CVE-2023-26311 MISC |
intel(r) — easy_streaming_wizard | Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-26587 MISC |
alteryx — server | Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files by changing the extension of the uploaded file. | 2023-08-08 | not yet calculated | CVE-2023-26961 MISC MISC |
insyde — h20 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM. | 2023-08-07 | not yet calculated | CVE-2023-27373 MISC |
intel(r) — oneapi_toolkit | Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-27391 MISC |
intel(r) — support_android_application | Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2023-27392 MISC |
intel(r) — advanced_link_analyzer_standard_edition | Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-27505 MISC |
intel(r) — optimization_for_tensorflow | Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-27506 MISC |
intel(r) — ispc_software_installers | Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access. | 2023-08-11 | not yet calculated | CVE-2023-27509 MISC |
intel(r) — dsa | Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access. | 2023-08-11 | not yet calculated | CVE-2023-27515 MISC |
intel(r) — nuc | Improper initialization in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2023-27887 MISC |
ivanti — desktop_&_server_management | Desktop & Server Management (DSM) may have a possible execution of arbitrary commands. | 2023-08-10 | not yet calculated | CVE-2023-28129 MISC |
intel(r) — ai_hackathon_software | Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2023-08-11 | not yet calculated | CVE-2023-28380 MISC |
intel(r) — nuc_pro_software_suite_for_windows | Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access. | 2023-08-11 | not yet calculated | CVE-2023-28385 MISC |
intel(r) — vdistribution_of_openvino(tm)_toolkit | Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-28405 MISC |
qualcomm_inc. — snapdragon | The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it. | 2023-08-08 | not yet calculated | CVE-2023-28575 MISC |
qualcomm_inc. — snapdragon | The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues. | 2023-08-08 | not yet calculated | CVE-2023-28576 MISC |
qualcomm_inc. — snapdragon | In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address. | 2023-08-08 | not yet calculated | CVE-2023-28577 MISC |
intel(r) — onemkl | Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-28658 MISC |
intel(r) — hyperscan_library | Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access. | 2023-08-11 | not yet calculated | CVE-2023-28711 MISC |
intel(r) — proset/wireless_wifi | Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-28714 MISC |
intel(r) — ssd_tools | Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-28736 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kolja Nolte Secondary Title plugin <= 2.0.9.1 versions. | 2023-08-08 | not yet calculated | CVE-2023-28773 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions. | 2023-08-10 | not yet calculated | CVE-2023-28779 MISC |
intel(r) — oneapi_toolkit | Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-28823 MISC |
siemens — solid_edge | A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2023-08-08 | not yet calculated | CVE-2023-28830 MISC |
intel(r) — ssd_tools | Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. | 2023-08-11 | not yet calculated | CVE-2023-28938 MISC |
cesanta — mongoose | Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11. | 2023-08-09 | not yet calculated | CVE-2023-2905 MISC MISC MISC |
intel(r) — psr_sdk | Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-29151 MISC |
intel(r) — realsense(tm)_450_fa | Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access. | 2023-08-11 | not yet calculated | CVE-2023-29243 MISC |
intel(r) — nuc | Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-29494 MISC |
intel(r) — nuc | Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2023-29500 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions. | 2023-08-10 | not yet calculated | CVE-2023-30481 MISC |
samsung_mobile — samsung_mobile_devices | Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location. | 2023-08-10 | not yet calculated | CVE-2023-30654 MISC |
samsung_mobile — samsung_mobile_devices | Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code. | 2023-08-10 | not yet calculated | CVE-2023-30679 MISC |
samsung_mobile — samsung_mobile_devices | Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege. | 2023-08-10 | not yet calculated | CVE-2023-30680 MISC |
samsung_mobile — samsung_mobile_devices | An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. | 2023-08-10 | not yet calculated | CVE-2023-30681 MISC |
samsung_mobile — samsung_mobile_devices | Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission. | 2023-08-10 | not yet calculated | CVE-2023-30682 MISC |
samsung_mobile — samsung_mobile_devices | Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission. | 2023-08-10 | not yet calculated | CVE-2023-30683 MISC |
samsung_mobile — samsung_mobile_devices | Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission. | 2023-08-10 | not yet calculated | CVE-2023-30684 MISC |
samsung_mobile — samsung_mobile_devices | Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode. | 2023-08-10 | not yet calculated | CVE-2023-30685 MISC |
samsung_mobile — samsung_mobile_devices | Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-08-10 | not yet calculated | CVE-2023-30686 MISC |
samsung_mobile — samsung_mobile_devices | Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-08-10 | not yet calculated | CVE-2023-30687 MISC |
samsung_mobile — samsung_mobile_devices | Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-08-10 | not yet calculated | CVE-2023-30688 MISC |
samsung_mobile — samsung_mobile_devices | Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-08-10 | not yet calculated | CVE-2023-30689 MISC |
samsung_mobile — samsung_mobile_devices | Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation. | 2023-08-10 | not yet calculated | CVE-2023-30691 MISC |
samsung_mobile — samsung_mobile_devices | Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-08-10 | not yet calculated | CVE-2023-30693 MISC |
samsung_mobile — samsung_mobile_devices | Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-08-10 | not yet calculated | CVE-2023-30694 MISC |
samsung_mobile — galaxy_book | Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to SAMSUNG ELECTONICS, CO, LTD. – System Hardware Update – 7/13/2023 in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360 allows local attacker to execute arbitrary code. | 2023-08-10 | not yet calculated | CVE-2023-30695 MISC |
samsung_mobile — samsung_mobile_devices | An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. | 2023-08-10 | not yet calculated | CVE-2023-30696 MISC |
samsung_mobile — samsung_mobile_devices | An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. | 2023-08-10 | not yet calculated | CVE-2023-30697 MISC |
samsung_mobile — samsung_mobile_devices | Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege. | 2023-08-10 | not yet calculated | CVE-2023-30698 MISC |
samsung_mobile — samsung_mobile_devices | Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers. | 2023-08-10 | not yet calculated | CVE-2023-30699 MISC |
samsung_mobile — samsung_mobile_devices | PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission. | 2023-08-10 | not yet calculated | CVE-2023-30700 MISC |
samsung_mobile — samsung_mobile_devices | PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access. | 2023-08-10 | not yet calculated | CVE-2023-30701 MISC |
samsung_mobile — samsung_mobile_devices | Stack overflow vulnerability in SSHDCPAPP TA prior to SAMSUNG ELECTONICS, CO, LTD. – System Hardware Update – 7/13/2023 in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360 allows local attacker to execute arbitrary code. | 2023-08-10 | not yet calculated | CVE-2023-30702 MISC |
samsung_mobile — samsung_mobile_devices | Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information. | 2023-08-10 | not yet calculated | CVE-2023-30703 MISC |
samsung_mobile — samsung_mobile_devices | Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. | 2023-08-10 | not yet calculated | CVE-2023-30704 MISC |
samsung_mobile — galaxy_store | Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6 allows local attackers to access privileged content providers as Galaxy Store permission. | 2023-08-10 | not yet calculated | CVE-2023-30705 MISC |
intel(r) — realsense(tm)_450_fa | Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2023-30760 MISC |
siemens — jt_open | A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | not yet calculated | CVE-2023-30796 MISC |
checkmk — checkmk | Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | 2023-08-10 | not yet calculated | CVE-2023-31209 MISC |
intel(r) — sdp_tool | Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-31246 MISC |
arcsight — management_center | A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited. | 2023-08-11 | not yet calculated | CVE-2023-32267 MISC |
intel(r) — nuc_bios | Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | 2023-08-11 | not yet calculated | CVE-2023-32285 MISC |
intel(r) — its | Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-32543 MISC |
intel(r) — falcon_8+ | Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-32547 MISC |
ivanti — avalanche | An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | 2023-08-10 | not yet calculated | CVE-2023-32560 MISC |
ivanti — avalanche | A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1. | 2023-08-10 | not yet calculated | CVE-2023-32561 MISC |
ivanti — avalanche | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1. | 2023-08-10 | not yet calculated | CVE-2023-32562 MISC |
ivanti — avalanche | An unauthenticated attacker could achieve the code execution through a RemoteControl server. | 2023-08-10 | not yet calculated | CVE-2023-32563 MISC |
ivanti — avalanche | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | 2023-08-10 | not yet calculated | CVE-2023-32564 MISC |
ivanti — avalanche | An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | 2023-08-10 | not yet calculated | CVE-2023-32565 MISC |
ivanti — avalanche | An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | 2023-08-10 | not yet calculated | CVE-2023-32566 MISC |
ivanti — avalanche | Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. | 2023-08-10 | not yet calculated | CVE-2023-32567 MISC |
intel(r) — unite(r)_android_application | Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access. | 2023-08-11 | not yet calculated | CVE-2023-32609 MISC |
intel(r) — multiple_products | Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NUC Kit and Intel(R) Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-32617 MISC |
intel(r) — realsense(tm)_450_fa | Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-32656 MISC |
intel(r) — realsense(tm)_sdks | Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-32663 MISC |
zoho — manageengine_adaudit_plus | The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a “$” symbol suffix. | 2023-08-07 | not yet calculated | CVE-2023-32783 MISC |
gg_tss_implementations — wallet | Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signatures or more fully exfiltrate the other parties’ private key shares. | 2023-08-09 | not yet calculated | CVE-2023-33241 MISC MISC MISC MISC MISC |
lindell_tss_implementations — wallet | Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper’s security proof’s assumption regarding handling aborts after a failed signature. | 2023-08-09 | not yet calculated | CVE-2023-33242 MISC MISC MISC MISC |
kramer_electronics — kramerav_via_connect/via_go | KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen. | 2023-08-09 | not yet calculated | CVE-2023-33468 MISC MISC |
kramer_electronics — kramerav_via_connect/via_go | In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level. | 2023-08-09 | not yet calculated | CVE-2023-33469 MISC MISC |
foswiki — foswiki | An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. | 2023-08-08 | not yet calculated | CVE-2023-33756 CONFIRM |
intel(r) — realsense(tm)_450_fa | Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-33867 MISC |
intel(r) — realsense(tm)_450_fa | Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-33877 MISC |
apache — traffic_server | Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. This issue affects Apache Traffic Server: through 9.2.1. | 2023-08-09 | not yet calculated | CVE-2023-33934 MISC |
google — grpc | gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: – Unbounded memory buffering in the HPACK parser – Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: – The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. – HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. – gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc… | 2023-08-09 | not yet calculated | CVE-2023-33953 MISC |
sap_se — sap_business_one | B1i module of SAP Business One – version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application. | 2023-08-08 | not yet calculated | CVE-2023-33993 MISC MISC |
intel(r) — nuc_bios | Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-34086 MISC |
intel(r) — nuc_bios | Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-34349 MISC |
intel(r) — server_board_m10jnp2sb_integrated_bmc_video_drivers | Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-34355 MISC |
wordpress — wordpress | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rahul Aryan AnsPress plugin <= 4.3.0 versions. | 2023-08-10 | not yet calculated | CVE-2023-34374 MISC |
intel(r) — realsense(tm)_450_fa | Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-34427 MISC |
intel(r) — nuc_bios | Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-08-11 | not yet calculated | CVE-2023-34438 MISC |
ubiquiti_inc — unifi_access_points/switches | An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later. | 2023-08-10 | not yet calculated | CVE-2023-35085 MISC |
hashicorp — consul/consul_enterprise | HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1. | 2023-08-09 | not yet calculated | CVE-2023-3518 MISC |
wireguard — wireguard | The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to “LocalNet attack resulting in the blocking of traffic” rather than to only WireGuard. | 2023-08-09 | not yet calculated | CVE-2023-35838 MISC MISC |
massachusetts_institute_of_technology — kerberos_5 | lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. | 2023-08-07 | not yet calculated | CVE-2023-36054 MISC MISC CONFIRM MISC |
adiscon — aiscon_loganalyzer | A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components. | 2023-08-08 | not yet calculated | CVE-2023-36306 MISC |
diebold_nixdorf — vynamic_view_console | An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature. | 2023-08-08 | not yet calculated | CVE-2023-36344 MISC MISC |
samsung_mobile — samsung_mobile_devices | An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart. | 2023-08-08 | not yet calculated | CVE-2023-36482 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions. | 2023-08-10 | not yet calculated | CVE-2023-36530 MISC |
clario — vpn | An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server’s IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. This allows an adversary to trick the victim into sending plaintext traffic to the VPN server’s IP address and thereby deanonymize the victim. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to “ServerIP attack for only traffic to the real IP address of the VPN server” rather than to only Clario. | 2023-08-09 | not yet calculated | CVE-2023-36671 MISC MISC |
clario — vpn | An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an adversary to trick the victim into sending arbitrary IP traffic in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to “LocalNet attack resulting in leakage of traffic in plaintext” rather than to only Clario. | 2023-08-09 | not yet calculated | CVE-2023-36672 MISC MISC MISC |
avira — phantom_vpn | An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server’s IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server’s IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to “ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address” rather than to only Avira Phantom VPN. | 2023-08-09 | not yet calculated | CVE-2023-36673 MISC MISC |
sap_se — sap_powerdesigner | SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application. | 2023-08-08 | not yet calculated | CVE-2023-36923 MISC MISC |
sap_se — sap_host_agent | Due to missing authentication check in SAP Host Agent – version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability. | 2023-08-08 | not yet calculated | CVE-2023-36926 MISC MISC |
code-projects — gym_management_system | Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks. | 2023-08-09 | not yet calculated | CVE-2023-37068 MISC |
code-projects — online_hospital_management_system | Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code. | 2023-08-10 | not yet calculated | CVE-2023-37069 MISC MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sudipto Pratap Mahato Simple Light Weight Social Share plugin <= 2.0 versions. | 2023-08-10 | not yet calculated | CVE-2023-37388 MISC |
sap_se — sap_commerce | Under certain conditions SAP Commerce (OCC API) – versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and availability of the application. | 2023-08-08 | not yet calculated | CVE-2023-37486 MISC MISC |
sap_se — sap_netweaver_process_integration | In SAP NetWeaver Process Integration – versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system. | 2023-08-08 | not yet calculated | CVE-2023-37488 MISC MISC |
hcl_software — hcl_traveler_to_do | If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved. | 2023-08-11 | not yet calculated | CVE-2023-37511 MISC |
hcl_software — hcl_traveler_companion | When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | 2023-08-11 | not yet calculated | CVE-2023-37512 MISC |
hcl_software — hcl_traveler_to_do | When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. | 2023-08-11 | not yet calculated | CVE-2023-37513 MISC |
cacti — cacti | Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723. | 2023-08-10 | not yet calculated | CVE-2023-37543 MISC MISC |
netbox — netbox | A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates. | 2023-08-10 | not yet calculated | CVE-2023-37625 MISC MISC MISC |
bitberry — file_opener | An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal. | 2023-08-08 | not yet calculated | CVE-2023-37646 MISC MISC |
ez_softmagic — mp3_audio_converter | EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow. | 2023-08-10 | not yet calculated | CVE-2023-37734 MISC MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Noël Jackson Art Direction plugin <= 0.2.4 versions. | 2023-08-10 | not yet calculated | CVE-2023-37983 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin <= 2.5.5 versions. | 2023-08-10 | not yet calculated | CVE-2023-37988 MISC |
ubiquiti_inc — unifi_access_points/switches | A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. | 2023-08-10 | not yet calculated | CVE-2023-38034 MISC |
php_group — php | In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules – such as ImageMagick – may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. | 2023-08-11 | not yet calculated | CVE-2023-3823 MISC MISC |
php_group — php | In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. | 2023-08-11 | not yet calculated | CVE-2023-3824 MISC MISC |
zoho — manageengine_applications_manager | Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | 2023-08-10 | not yet calculated | CVE-2023-38333 CONFIRM |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eggemplo Gestion-Pymes plugin <= 1.5.6 versions. | 2023-08-10 | not yet calculated | CVE-2023-38397 MISC |
snow_software — snow_license_manager | Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal. | 2023-08-11 | not yet calculated | CVE-2023-3864 MISC |
siemens — sicam_toolbox_ii | A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). The affected application’s database service is executed as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges. | 2023-08-08 | not yet calculated | CVE-2023-38641 MISC |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106) | 2023-08-08 | not yet calculated | CVE-2023-38679 MISC |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132) | 2023-08-08 | not yet calculated | CVE-2023-38680 MISC |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270) | 2023-08-08 | not yet calculated | CVE-2023-38681 MISC |
siemens — jt2go/teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | not yet calculated | CVE-2023-38682 MISC |
siemens — jt2go/teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | not yet calculated | CVE-2023-38683 MISC |
japan_computer_emergency_response_team_coordination_center — special_interest_group_network_for_analysis_and_liaison | Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as “non-disclosure” in the information provision operation. | 2023-08-09 | not yet calculated | CVE-2023-38751 MISC MISC |
japan_computer_emergency_response_team_coordination_center — special_interest_group_network_for_analysis_and_liaison | Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as”non-disclosure” in the system settings. | 2023-08-09 | not yet calculated | CVE-2023-38752 MISC MISC |
fasterxml — _jackson-dataformats-text | Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | 2023-08-08 | not yet calculated | CVE-2023-3894 MISC MISC MISC |
opnsense — opnsense | A directory traversal vulnerability in the Captive Portal templates of OPNsense before 23.7 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive. | 2023-08-09 | not yet calculated | CVE-2023-38997 MISC MISC |
opnsense — opnsense | An open redirect in the Login page of OPNsense before 23.7 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | 2023-08-09 | not yet calculated | CVE-2023-38998 MISC MISC |
opnsense — opnsense | A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 2023-08-09 | not yet calculated | CVE-2023-38999 MISC MISC |
opnsense — opnsense | A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path. | 2023-08-09 | not yet calculated | CVE-2023-39000 MISC MISC |
opnsense — opnsense | A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file. | 2023-08-09 | not yet calculated | CVE-2023-39001 MISC MISC |
opnsense — opnsense | A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-08-09 | not yet calculated | CVE-2023-39002 MISC MISC |
opnsense — opnsense | OPNsense before 23.7 was discovered to contain insecure permissions in the directory /tmp. | 2023-08-09 | not yet calculated | CVE-2023-39003 MISC MISC |
opnsense — opnsense | Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation. | 2023-08-09 | not yet calculated | CVE-2023-39004 MISC MISC |
opnsense — opnsense | Insecure permissions exist for configd.socket in OPNsense before 23.7. | 2023-08-09 | not yet calculated | CVE-2023-39005 MISC MISC |
opnsense — opnsense | The Crash Reporter (crash_reporter.php) component of OPNsense before 23.7 mishandles input sanitization. | 2023-08-09 | not yet calculated | CVE-2023-39006 MISC MISC |
opnsense — opnsense | A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands. | 2023-08-09 | not yet calculated | CVE-2023-39008 MISC MISC |
asus — rt-ac66u_b1 | ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext. | 2023-08-08 | not yet calculated | CVE-2023-39086 MISC MISC MISC |
zoom — zoom_for_windows | Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access. | 2023-08-08 | not yet calculated | CVE-2023-39209 MISC |
zoom — zoom_for_windows | Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access. | 2023-08-08 | not yet calculated | CVE-2023-39210 MISC |
zoom — zoom_for_windows | Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. | 2023-08-08 | not yet calculated | CVE-2023-39211 MISC |
zoom — zoom_for_windows | Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access. | 2023-08-08 | not yet calculated | CVE-2023-39212 MISC |
zoom — zoom_for_windows | Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access. | 2023-08-08 | not yet calculated | CVE-2023-39213 MISC |
zoom — zoom | Exposure of sensitive information in Zoom Client SDK’s before 5.15.5 may allow an authenticated user to enable a denial of service via network access. | 2023-08-08 | not yet calculated | CVE-2023-39214 MISC |
siemens — ruggedcom | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause total loss of availability of the web server, which might recover after the attack is over. | 2023-08-08 | not yet calculated | CVE-2023-39269 MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.2 versions. | 2023-08-10 | not yet calculated | CVE-2023-39314 MISC |
ffri_security_inc. — ffri_yarai | “FFRI yarai”, “FFRI yarai Home and Business Edition” and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0). | 2023-08-09 | not yet calculated | CVE-2023-39341 MISC MISC MISC MISC MISC MISC |
freedomofpress — dangerzone | Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI (`dangerzone-cli` command) logs output from the container where the file sanitization takes place, to the user’s terminal. Prior to version 0.4.2, if the container is compromised and can return attacker-controlled strings, then the attacker may be able to spoof messages in the user’s terminal or change the window title. Besides logging output from containers, it also logs the names of the files it sanitizes. If these files contain ANSI escape sequences, then the same issue applies. Dangerzone is predominantly a GUI application, so this issue should leave most of our users unaffected. Nevertheless, we always suggest updating to the newest version. This issue is fixed in Dangerzone 0.4.2. | 2023-08-08 | not yet calculated | CVE-2023-39342 MISC MISC MISC |
snow_software — snow_license_manager | Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser | 2023-08-11 | not yet calculated | CVE-2023-3937 MISC |
postgresql — postgresql | IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:…@ inside a quoting construct (dollar quoting, ”, or “”). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | 2023-08-11 | not yet calculated | CVE-2023-39417 MISC MISC MISC |
postgresql — postgresql | A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. | 2023-08-11 | not yet calculated | CVE-2023-39418 MISC MISC MISC MISC |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | 2023-08-08 | not yet calculated | CVE-2023-39419 MISC |
sap_se — sap_commerce_cloud | SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase. | 2023-08-08 | not yet calculated | CVE-2023-39439 MISC MISC |
schneider_electric — gp-pro_ex_wingp | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. | 2023-08-09 | not yet calculated | CVE-2023-3953 MISC |
getsentry — sentry | Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The client ID must be known and the API application must have already been authorized on the targeted user account. Sentry SaaS customers do not need to take any action. Self-hosted installations should upgrade to version 23.7.2 or higher. There are no direct workarounds, but users should review applications authorized on their account and remove any that are no longer needed. | 2023-08-09 | not yet calculated | CVE-2023-39531 MISC |
endojs — endo | SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host. Guest program running inside a Compartment with as few as no endowments can gain access to the surrounding host’s dynamic import by using dynamic import after the spread operator, like `{…import(arbitraryModuleSpecifier)}`. On the web or in web extensions, a Content-Security-Policy following ordinary best practices likely mitigates both the risk of exfiltration and execution of arbitrary code, at least limiting the modules that the attacker can import to those that are already part of the application. However, without a Content-Security-Policy, dynamic import can be used to issue HTTP requests for either communication through the URL or for the execution of code reachable from that origin. Within an XS worker, an attacker can use the host’s module system to the extent that the host has been configured. This typically only allows access to module code on the host’s file system and is of limited use to an attacker. Within Node.js, the attacker gains access to Node.js’s module system. Importing the powerful builtins is not useful except insofar as there are side-effects and tempered because dynamic import returns a promise. Spreading a promise into an object renders the promises useless. However, Node.js allows importing data URLs, so this is a clear path to arbitrary execution. Versions 0.18.7, 0.17.1, 0.16.1, 0.15.24, 0.14.5, and 0.13.5 contain a patch for this issue. Some workarounds are available. On the web, providing a suitably constrained Content-Security-Policy mitigates most of the threat. With XS, building a binary that lacks the ability to load modules at runtime mitigates the entirety of the threat. That will look like an implementation of `fxFindModule` in a file like `xsPlatform.c` that calls `fxRejectModuleFile`. | 2023-08-08 | not yet calculated | CVE-2023-39532 MISC MISC |
go-libp2p — go-libp2p | go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p versions 0.27.8, 0.28.2, and 0.29.1 restrict RSA keys to <= 8192 bits. To protect one’s application, it is necessary to update to these patch releases and to use the updated Go compiler in 1.20.7 or 1.19.12. There are no known workarounds for this issue. | 2023-08-08 | not yet calculated | CVE-2023-39533 MISC MISC MISC MISC MISC MISC MISC MISC |
eprosima — fast-dds | eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue. | 2023-08-11 | not yet calculated | CVE-2023-39534 MISC MISC MISC MISC |
siemens — solid_edge | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19562) | 2023-08-08 | not yet calculated | CVE-2023-39549 MISC |
apache — airflow | Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected. | 2023-08-11 | not yet calculated | CVE-2023-39553 MISC MISC MISC |
icms — icms | iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. | 2023-08-10 | not yet calculated | CVE-2023-39805 MISC MISC MISC |
icms — icms | iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. | 2023-08-10 | not yet calculated | CVE-2023-39806 MISC MISC MISC |
libbitcoin — libbitcoin_explorer | The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from “bx seed” entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor’s position is that there was sufficient documentation advising against “bx seed” but others disagree. NOTE: this was exploited in the wild in June and July 2023. | 2023-08-09 | not yet calculated | CVE-2023-39910 MISC MISC MISC MISC MISC |
eprosima — fast-dds | eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. | 2023-08-11 | not yet calculated | CVE-2023-39945 MISC MISC MISC |
eprosima — fast-dds | eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet’ized length and then to copy the data into `properties_.data`. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue. | 2023-08-11 | not yet calculated | CVE-2023-39946 MISC MISC |
eprosima — fast-dds | eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue. | 2023-08-11 | not yet calculated | CVE-2023-39947 MISC MISC |
eprosima — fast-dds | eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue. | 2023-08-11 | not yet calculated | CVE-2023-39948 MISC MISC MISC |
eprosima — fast-dds | eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue. | 2023-08-11 | not yet calculated | CVE-2023-39949 MISC MISC MISC |
opentelemetry — opentelemetry | OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SES’s v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later. | 2023-08-08 | not yet calculated | CVE-2023-39951 MISC MISC MISC |
nextcloud — server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud Server versions 25.0.8, 26.0.3, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1 contain a patch for this issue. No known workarounds are available. | 2023-08-10 | not yet calculated | CVE-2023-39952 MISC MISC MISC MISC |
nextcloud — oidc | user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No known workarounds are available. | 2023-08-10 | not yet calculated | CVE-2023-39953 MISC MISC MISC |
nextcloud — oidc | user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available. | 2023-08-10 | not yet calculated | CVE-2023-39954 MISC MISC MISC |
nextcloud — notes | Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available. | 2023-08-10 | not yet calculated | CVE-2023-39955 MISC MISC MISC |
nextcloud — talk_android | Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available. | 2023-08-10 | not yet calculated | CVE-2023-39957 MISC MISC MISC |
nextcloud — server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. | 2023-08-10 | not yet calculated | CVE-2023-39958 MISC MISC MISC |
nextcloud — server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for the victim. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. | 2023-08-10 | not yet calculated | CVE-2023-39959 MISC MISC MISC |
nextcloud — server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. | 2023-08-10 | not yet calculated | CVE-2023-39961 MISC MISC MISC |
nextcloud — server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. As a workaround, disable app files_external. This also makes the external storage inaccessible but retains the configurations until a patched version has been deployed. | 2023-08-10 | not yet calculated | CVE-2023-39962 MISC MISC MISC |
nextcloud — server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after successfully stealing a session from a logged in user, to create app passwords for the victim. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available. | 2023-08-10 | not yet calculated | CVE-2023-39963 MISC MISC MISC |
1panel-dev — 1panel | 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue. | 2023-08-10 | not yet calculated | CVE-2023-39964 MISC MISC |
1panel-dev — 1panel | 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue. | 2023-08-10 | not yet calculated | CVE-2023-39965 MISC MISC |
1panel-dev — 1panel | 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue. | 2023-08-10 | not yet calculated | CVE-2023-39966 MISC MISC |
trailofbits — uthenticode | uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker could modify code within a binary without changing its Authenticode hash, making it appear valid from uthenticode’s perspective. Versions of uthenticode prior to 1.0.9 are not vulnerable to this attack, nor are versions in the 2.x series. By design, uthenticode does not perform full-chain validation. However, the malleability of signature verification introduced in 1.0.9 was an unintended oversight. The 2.x series addresses the vulnerability. Versions prior to 1.0.9 are also not vulnerable, but users are encouraged to upgrade rather than downgrade. There are no workarounds to this vulnerability. | 2023-08-09 | not yet calculated | CVE-2023-39969 MISC MISC MISC |
trailofbits — uthenticode | uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could produce a “signed” PE file that uthenticode would verify and consider valid using an X.509 certificate that isn’t entitled to produce code signatures (e.g., a SSL certificate). By design, uthenticode does not perform full-chain validation. However, the absence of EKU validation was an unintended oversight. The 2.0.0 release series includes EKU checks. There are no workarounds to this vulnerability. | 2023-08-09 | not yet calculated | CVE-2023-40012 MISC MISC MISC |
openzeppelin — openzeppelin_contracts | OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3. | 2023-08-10 | not yet calculated | CVE-2023-40014 MISC MISC MISC MISC MISC MISC |
mongodb_inc. — mongodb_ops_manager | In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation. | 2023-08-08 | not yet calculated | CVE-2023-4009 MISC MISC |
ntpsec — ntpsec | ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). | 2023-08-07 | not yet calculated | CVE-2023-4012 MISC MISC MISC MISC |
openbsd — openbsd | OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences. | 2023-08-10 | not yet calculated | CVE-2023-40216 MISC MISC |
misp — misp | MISP 2.4174 allows XSS in app/View/Events/index.ctp. | 2023-08-10 | not yet calculated | CVE-2023-40224 MISC |
haproxy — haproxy | HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request. | 2023-08-10 | not yet calculated | CVE-2023-40225 MISC MISC MISC MISC MISC MISC |
archimate_archi — archimate_archi | An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share server that does not accept a guest account, the host will try to authenticate on the share by using the current user’s session. NOTE: this issue occurs because Archi uses an unsafe configuration of the Eclipse Modeling Framework. | 2023-08-10 | not yet calculated | CVE-2023-40235 MISC MISC MISC MISC |
genians — genian_nac_v4.0 | Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. | 2023-08-11 | not yet calculated | CVE-2023-40253 MISC |
genians — genian_nac_v4.0 | Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. | 2023-08-11 | not yet calculated | CVE-2023-40254 MISC |
veritas — netbackup_snapshot_manager | A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers. | 2023-08-11 | not yet calculated | CVE-2023-40256 MISC |
empowerid — empowerid | EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account’s email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about “some unknown processing of the component Multi-Factor Authentication Code Handler” and thus cannot be correlated with other vulnerability information. | 2023-08-11 | not yet calculated | CVE-2023-40260 MISC |
gitpython — gitpython | GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. | 2023-08-11 | not yet calculated | CVE-2023-40267 MISC MISC |
mattermost — mattermost | Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message | 2023-08-11 | not yet calculated | CVE-2023-4105 MISC |
mattermost — mattermost | Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. | 2023-08-11 | not yet calculated | CVE-2023-4106 MISC |
mattermost — mattermost | Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin’s details such as email, first name and last name. | 2023-08-11 | not yet calculated | CVE-2023-4107 MISC |
mattermost — mattermost | Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged | 2023-08-11 | not yet calculated | CVE-2023-4108 MISC |
linux — kernel | A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. | 2023-08-10 | not yet calculated | CVE-2023-4128 MISC MISC MISC MISC MISC |
linux — kernel | A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. | 2023-08-07 | not yet calculated | CVE-2023-4147 MISC MISC MISC MISC |
linux — kernel | A flaw was found in the Linux kernel’s TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits – a096ccca6e50 (“tun: tun_chr_open(): correctly initialize socket uid”), – 66b2c338adce (“tap: tap_open(): correctly initialize socket uid”), pass “inode->i_uid” to sock_init_data_uid() as the last parameter and that turns out to not be accurate. | 2023-08-07 | not yet calculated | CVE-2023-4194 MISC MISC MISC MISC MISC MISC MISC |
sourcecodester — doctors_appointment_system | A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability. | 2023-08-08 | not yet calculated | CVE-2023-4219 MISC MISC MISC |
zephyrproject-rtos — zephyr | Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis… https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 | 2023-08-12 | not yet calculated | CVE-2023-4265 MISC |
linux — kernel | A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. | 2023-08-09 | not yet calculated | CVE-2023-4273 MISC MISC MISC |
froxlor — froxlor | Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0. | 2023-08-11 | not yet calculated | CVE-2023-4304 MISC MISC |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.