US-CERT Vulnerability Summary for the Week of July 3, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
sem-cms — semcms | File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. | 2023-06-30 | 9.8 | CVE-2020-18432 MISC MISC |
flatnest_project — flatnest | All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in flatnest/nest.js file. | 2023-06-30 | 9.8 | CVE-2023-26135 MISC MISC MISC |
salesforce — tough-cookie | Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. | 2023-07-01 | 9.8 | CVE-2023-26136 MISC MISC MISC MISC |
wordpress — wordpress | The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | 2023-06-30 | 9.8 | CVE-2023-2834 MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the ‘hidden_form_data’ function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | 2023-06-30 | 9.8 | CVE-2023-3249 MISC MISC |
retro_cellphone_online_store_project — retro_cellphone_online_store | A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232752. | 2023-06-30 | 9.8 | CVE-2023-3473 MISC MISC MISC |
fossbilling — fossbilling | SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3. | 2023-06-30 | 9.8 | CVE-2023-3490 MISC MISC |
hp — laserjet_pro_mfp_m478-m479_w1a75a_firmware | Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model. | 2023-06-30 | 9.8 | CVE-2023-35175 MISC |
mediawiki — mediawiki | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message. | 2023-06-30 | 9.8 | CVE-2023-37303 MISC MISC |
wordpress — wordpress | The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 8.8 | CVE-2020-36740 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 8.8 | CVE-2020-36745 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2023-07-01 | 8.8 | CVE-2021-31982 MISC |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-07-01 | 8.8 | CVE-2021-34475 MISC |
wordpress — wordpress | The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 8.8 | CVE-2021-4387 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to update custom field meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 8.8 | CVE-2021-4394 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization(), connection_test_initiater(), admin_menus(), and subscribe_handler() function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 8.8 | CVE-2021-4399 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 8.8 | CVE-2021-4401 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
westerndigital — my_cloud_os | Post-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This issue affects My Cloud OS 5 devices: before 5.26.300. | 2023-06-30 | 8.8 | CVE-2023-22815 MISC |
westerndigital — my_cloud_os | A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300. | 2023-06-30 | 8.8 | CVE-2023-22816 MISC |
wordpress — wordpress | The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts. | 2023-06-30 | 8.8 | CVE-2023-3063 MISC MISC |
fossbilling — fossbilling | Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. | 2023-06-30 | 8.8 | CVE-2023-3491 MISC MISC |
hp — laserjet_pro_mfp_m478-m479_w1a75a_firmware | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. | 2023-06-30 | 8.8 | CVE-2023-35176 MISC |
hp — laserjet_pro_mfp_m478-m479_w1a75a_firmware | Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. | 2023-06-30 | 8.8 | CVE-2023-35177 MISC |
hp — laserjet_pro_mfp_m478-m479_w1a75a_firmware | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. | 2023-06-30 | 8.8 | CVE-2023-35178 MISC |
maxprintisp — maxlink_1200g_firmware | Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the “Diagnostic tool” functionality of the device. | 2023-06-30 | 8.8 | CVE-2023-36143 MISC MISC |
wavlink — wl-wn531ax2_firmware | Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in. | 2023-06-30 | 8.1 | CVE-2023-32613 MISC MISC |
fossbilling — fossbilling | Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3. | 2023-06-30 | 8 | CVE-2023-3493 MISC MISC |
google — android | In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07611449; Issue ID: ALPS07441735. | 2023-07-04 | 7.8 | CVE-2023-20773 MISC |
linux — kernel | A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system. | 2023-06-30 | 7.8 | CVE-2023-3117 MISC |
perimeter81 — xpc_helpertool | com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. | 2023-06-30 | 7.8 | CVE-2023-33298 MISC MISC |
linuxfoundation — yocto | In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014. | 2023-07-04 | 7.5 | CVE-2022-32666 MISC |
linuxfoundation — yocto | In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664741; Issue ID: ALPS07664741. | 2023-07-04 | 7.5 | CVE-2023-20689 MISC |
linuxfoundation — yocto | In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664735; Issue ID: ALPS07664735. | 2023-07-04 | 7.5 | CVE-2023-20690 MISC |
linuxfoundation — yocto | In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664731; Issue ID: ALPS07664731. | 2023-07-04 | 7.5 | CVE-2023-20691 MISC |
linuxfoundation — yocto | In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664720; Issue ID: ALPS07664720. | 2023-07-04 | 7.5 | CVE-2023-20692 MISC |
linuxfoundation — yocto | In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711. | 2023-07-04 | 7.5 | CVE-2023-20693 MISC |
frauscher_sensortechnik — gmbh_fds001_for_fadc/fadci | Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device. | 2023-07-05 | 7.5 | CVE-2023-2880 MISC |
linux — kernel | A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. | 2023-06-30 | 7.5 | CVE-2023-3338 MISC |
codekop — codekop | A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. | 2023-06-30 | 7.5 | CVE-2023-36347 MISC MISC |
misp-project — malware_information_sharing_platform | MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages. | 2023-06-30 | 7.5 | CVE-2023-37306 MISC MISC |
misp-project — malware_information_sharing_platform | In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. | 2023-06-30 | 7.5 | CVE-2023-37307 MISC MISC |
wavlink — wl-wn531ax2_firmware | Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege. | 2023-06-30 | 7.2 | CVE-2023-32612 MISC MISC |
wavlink — wl-wn531ax2_firmware | WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege. | 2023-06-30 | 7.2 | CVE-2023-32621 MISC MISC |
wavlink — wl-wn531ax2_firmware | Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege. | 2023-06-30 | 7.2 | CVE-2023-32622 MISC MISC |
ibos — ibos | A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-30 | 7.2 | CVE-2023-3478 MISC MISC MISC |
malwarebytes — anti-exploit | Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a ‘\0’ character. | 2023-06-30 | 7.1 | CVE-2023-27469 MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
google — android | In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07588667. | 2023-07-04 | 6.7 | CVE-2023-20753 MISC |
google — android | In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07588343. | 2023-07-04 | 6.7 | CVE-2023-20754 MISC |
google — android | In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07509605. | 2023-07-04 | 6.7 | CVE-2023-20755 MISC |
google — android | In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07549928. | 2023-07-04 | 6.7 | CVE-2023-20756 MISC |
google — android | In cmdq, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636133. | 2023-07-04 | 6.7 | CVE-2023-20757 MISC |
google — android | In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578. | 2023-07-04 | 6.7 | CVE-2023-20760 MISC |
google — android | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628582. | 2023-07-04 | 6.7 | CVE-2023-20761 MISC |
google — android | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573202. | 2023-07-04 | 6.7 | CVE-2023-20766 MISC |
google — android | In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584. | 2023-07-04 | 6.7 | CVE-2023-20767 MISC |
google — android | In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800. | 2023-07-04 | 6.7 | CVE-2023-20768 MISC |
google — android | In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441796; Issue ID: ALPS07441796. | 2023-07-04 | 6.7 | CVE-2023-20772 MISC |
google — android | In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292228; Issue ID: ALPS07292228. | 2023-07-04 | 6.7 | CVE-2023-20774 MISC |
google — android | In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07978760; Issue ID: ALPS07363410. | 2023-07-04 | 6.7 | CVE-2023-20775 MISC |
wordpress — wordpress | The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 6.5 | CVE-2021-4395 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
pleasanter — pleasanter | Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server. | 2023-06-30 | 6.5 | CVE-2023-32608 MISC MISC |
wavlink — wl-wn531ax2_firmware | Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. | 2023-06-30 | 6.5 | CVE-2023-32620 MISC MISC |
ovarro — tbox_ms-cpu32_firmware | ?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer. | 2023-07-03 | 6.5 | CVE-2023-3395 MISC |
ovarro — tbox_ms-cpu32_firmware | The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens. | 2023-07-03 | 6.5 | CVE-2023-36611 MISC |
hnswlib_project — hnswlib | Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer. | 2023-06-30 | 6.5 | CVE-2023-37365 MISC |
google — android | In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046. | 2023-07-04 | 6.4 | CVE-2023-20771 MISC |
gira — knx_ip_router_firmware | The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a “404 – Not Found” status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS). | 2023-06-30 | 6.1 | CVE-2023-33276 MISC MISC |
simplephpscripts — simple_blog | A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability. | 2023-06-30 | 6.1 | CVE-2023-3474 MISC MISC |
simplephpscripts — event_script | A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability. | 2023-06-30 | 6.1 | CVE-2023-3475 MISC MISC |
simplephpscripts — guestbook_script | A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755. | 2023-06-30 | 6.1 | CVE-2023-3476 MISC MISC |
rocketsoft — rocket_lms | A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756. | 2023-06-30 | 6.1 | CVE-2023-3477 MISC MISC |
hestiacp — control_panel | Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. | 2023-06-30 | 6.1 | CVE-2023-3479 MISC MISC |
angular-ui-notification_project — angular-ui-notification | angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability. | 2023-06-30 | 6.1 | CVE-2023-34840 MISC MISC MISC |
joplin_project — joplin | Joplin before 2.11.5 allows XSS via a USE element in an SVG document. | 2023-06-30 | 6.1 | CVE-2023-37298 MISC MISC MISC |
joplin_project — joplin | Joplin before 2.11.5 allows XSS via an AREA element of an image map. | 2023-06-30 | 6.1 | CVE-2023-37299 MISC MISC MISC |
mediawiki — mediawiki | An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute). | 2023-06-30 | 6.1 | CVE-2023-37302 MISC MISC MISC |
pacparser_project — pacparser | pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products). | 2023-06-30 | 6.1 | CVE-2023-37360 MISC |
ovarro — tbox_ms-cpu32_firmware | ?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves. | 2023-07-03 | 5.9 | CVE-2023-36610 MISC |
uzabase — newspicks | “NewsPicks” App for Android versions 10.4.5 and earlier and “NewsPicks” App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service. | 2023-06-30 | 5.5 | CVE-2023-28387 MISC MISC MISC |
gradle — gradle | Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency’s coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build’s configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit. | 2023-06-30 | 5.5 | CVE-2023-35946 MISC MISC MISC MISC |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2023-07-01 | 5.4 | CVE-2021-34506 MISC |
pleasanter — pleasanter | Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | 2023-06-30 | 5.4 | CVE-2023-32607 MISC MISC |
multilaser — re170_firmware | A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733. | 2023-06-30 | 5.4 | CVE-2023-36146 MISC MISC |
mediawiki — mediawiki | An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature. | 2023-06-30 | 5.4 | CVE-2023-37304 MISC MISC |
wordpress — wordpress | The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties. | 2023-07-01 | 5.3 | CVE-2021-4388 MISC MISC MISC |
mediawiki — mediawiki | An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users. | 2023-06-30 | 5.3 | CVE-2023-37300 MISC MISC |
mediawiki — mediawiki | An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn’t use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur. | 2023-06-30 | 5.3 | CVE-2023-37301 MISC MISC |
mediawiki — mediawiki | An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces. | 2023-06-30 | 5.3 | CVE-2023-37305 MISC MISC |
sophos — web_appliance | Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. | 2023-06-30 | 4.8 | CVE-2023-33336 MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2. | 2023-06-30 | 4.8 | CVE-2023-3469 MISC MISC |
google — android | In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07536951; Issue ID: ALPS07536951. | 2023-07-04 | 4.4 | CVE-2023-20748 MISC |
google — android | In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636130. | 2023-07-04 | 4.4 | CVE-2023-20758 MISC |
google — android | In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07634601. | 2023-07-04 | 4.4 | CVE-2023-20759 MISC |
wordpress — wordpress | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36735 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the export_json, import_json, and status_logs_file functions. This makes it possible for unauthenticated attackers to import/export settings and trigger logs showing via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36736 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to display an import status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36737 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36738 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the my_fts_fb_load_more() function. This makes it possible for unauthenticated attackers to load feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36739 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36741 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to edit meta field values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36742 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to update product meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36743 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36744 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswp_save_meta() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36746 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to save metbox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36747 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36748 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36749 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 2023-07-01 | 4.3 | CVE-2021-42307 MISC |
wordpress — wordpress | The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the load_images_thumbnail() and edit_gallery() functions. This makes it possible for unauthenticated attackers to edit galleries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4384 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_groups() function. This makes it possible for unauthenticated attackers to add new group members via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4385 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4386 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4389 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. This makes it possible for unauthenticated attackers to quick edit templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4390 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4391 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to save product meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4392 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save manual digital orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4393 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the save_rc_post_meta() function. This makes it possible for unauthenticated attackers to save post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4396 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4397 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4398 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process_settings_import() and bsearch_process_settings_export() functions. This makes it possible for unauthenticated attackers to import and export settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4400 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently() functions. This makes it possible for unauthenticated attackers to add additional roles to users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4402 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the validate() function. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4403 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. This makes it possible for unauthenticated attackers to op into notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4404 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed parameters for autosuggest to elasticpress[.]io via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4405 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
temporal — temporal | Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace. | 2023-06-30 | 3.6 | CVE-2023-3485 MISC |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
duxcms — duxcms | File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload. | 2023-07-06 | not yet calculated | CVE-2020-21861 MISC |
duxcms — duxcms | Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del. | 2023-07-06 | not yet calculated | CVE-2020-21862 MISC |
fuel-cms — fuel-cms | Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function. | 2023-07-03 | not yet calculated | CVE-2020-22151 MISC |
fuel-cms — fuel-cms | Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function. | 2023-07-03 | not yet calculated | CVE-2020-22152 MISC |
fuel-cms — fuel-cms | File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. | 2023-07-03 | not yet calculated | CVE-2020-22153 MISC |
pdfcrack — pdfcrack | An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function. | 2023-07-06 | not yet calculated | CVE-2020-22336 MISC |
jerryscript_ project — jerryscript | An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter. | 2023-07-03 | not yet calculated | CVE-2020-22597 MISC |
selenium — grid | A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page. | 2023-07-05 | not yet calculated | CVE-2020-23452 MISC |
gnuplot — gnuplot | gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest(). | 2023-07-05 | not yet calculated | CVE-2020-25969 MISC |
wordpress — wordpress | The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the admin_enqueue_scripts action which displays the connection key. This makes it possible for authenticated attackers with any level of access obtaining owner access to a site in the Google Search Console. We recommend upgrading to V1.8.1 or above. | 2023-07-07 | not yet calculated | CVE-2020-8934 MISC |
radare2 — radare2 | Radare2 has a division by zero vulnerability in Mach-O parser’s rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. | 2023-07-07 | not yet calculated | CVE-2021-32494 MISC MISC |
radare2 — radare2 | Radare2 has a use-after-free vulnerability in pyc parser’s get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service. | 2023-07-07 | not yet calculated | CVE-2021-32495 MISC MISC |
mujs — mujs | In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. | 2023-07-07 | not yet calculated | CVE-2021-33796 MISC |
libpano13 — libpano13 | A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file. | 2023-07-07 | not yet calculated | CVE-2021-33798 MISC MISC |
ibm — cloud_object_system | IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650. | 2023-07-07 | not yet calculated | CVE-2021-39014 MISC MISC |
huawei — harmonyos | Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | 2023-07-05 | not yet calculated | CVE-2021-46890 MISC MISC |
huawei — harmonyos | Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | 2023-07-05 | not yet calculated | CVE-2021-46891 MISC MISC |
huawei — harmonyos | Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-07-06 | not yet calculated | CVE-2021-46892 MISC MISC |
huawei — harmonyos | Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity. | 2023-07-05 | not yet calculated | CVE-2021-46893 MISC MISC |
huawei — harmonyos | Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation. | 2023-07-06 | not yet calculated | CVE-2021-46894 MISC MISC |
px4-autopilot — px4-autopilot | Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332. | 2023-07-06 | not yet calculated | CVE-2021-46896 MISC |
solus_labs — solusvm | Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization. | 2023-07-05 | not yet calculated | CVE-2022-42175 MISC MISC MISC |
keycloak– keycloak | Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. | 2023-07-07 | not yet calculated | CVE-2022-4361 MISC MISC |
nexxt_solutions — nebular_1200-ac | Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET. | 2023-07-06 | not yet calculated | CVE-2022-46080 MISC MISC |
wordpress — wordpress | The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-07-04 | not yet calculated | CVE-2022-4623 MISC |
huawei — harmonyos | Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-07-06 | not yet calculated | CVE-2022-48507 MISC MISC |
huawei — harmonyos | Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity. | 2023-07-06 | not yet calculated | CVE-2022-48508 MISC MISC |
huawei — harmonyos | Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally. | 2023-07-06 | not yet calculated | CVE-2022-48509 MISC MISC |
huawei — harmonyos | Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations. | 2023-07-06 | not yet calculated | CVE-2022-48510 MISC MISC |
huawei — harmonyos | Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally. | 2023-07-06 | not yet calculated | CVE-2022-48511 MISC MISC |
huawei — harmonyos | Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally. | 2023-07-06 | not yet calculated | CVE-2022-48512 MISC MISC |
huawei — harmonyos | Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access. | 2023-07-06 | not yet calculated | CVE-2022-48513 MISC MISC |
huawei — harmonyos | The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality. | 2023-07-06 | not yet calculated | CVE-2022-48514 MISC |
huawei — harmonyos | Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-07-06 | not yet calculated | CVE-2022-48515 MISC MISC |
huawei — harmonyos | Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality. | 2023-07-06 | not yet calculated | CVE-2022-48516 MISC MISC |
huawei — harmonyos | Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability. | 2023-07-06 | not yet calculated | CVE-2022-48517 MISC MISC |
huawei — harmonyos | Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance. | 2023-07-06 | not yet calculated | CVE-2022-48518 MISC MISC |
huawei — harmonyos | Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality. | 2023-07-06 | not yet calculated | CVE-2022-48519 MISC MISC |
huawei — harmonyos | Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality. | 2023-07-06 | not yet calculated | CVE-2022-48520 MISC MISC |
linux — kernel | A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. | 2023-06-30 | not yet calculated | CVE-2023-1206 MISC |
wordpress — wordpress | The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks | 2023-07-04 | not yet calculated | CVE-2023-1273 MISC |
servicenow — now_user_experience | ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts. | 2023-07-06 | not yet calculated | CVE-2023-1298 MISC MISC |
huawei — harmonyos | Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally. | 2023-07-06 | not yet calculated | CVE-2023-1691 MISC MISC |
huawei — harmonyos | Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally. | 2023-07-06 | not yet calculated | CVE-2023-1695 MISC MISC |
wordpress — wordpress | The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll. | 2023-07-04 | not yet calculated | CVE-2023-2010 MISC |
cisco — webex_meetings | A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2023-07-07 | not yet calculated | CVE-2023-20133 MISC |
cisco — webex_meetings | A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions. | 2023-07-07 | not yet calculated | CVE-2023-20180 MISC |
vmware — sd-wan_edge | VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. | 2023-07-06 | not yet calculated | CVE-2023-20899 MISC |
qualcomm_inc. — snapdragon | Information disclosure in DSP Services while loading dynamic module. | 2023-07-04 | not yet calculated | CVE-2023-21624 MISC |
qualcomm_inc. — snapdragon | Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. | 2023-07-04 | not yet calculated | CVE-2023-21629 MISC |
qualcomm_inc. — snapdragon | Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. | 2023-07-04 | not yet calculated | CVE-2023-21631 MISC |
qualcomm_inc. — snapdragon | Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. | 2023-07-04 | not yet calculated | CVE-2023-21633 MISC |
qualcomm_inc. — snapdragon | Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony. | 2023-07-04 | not yet calculated | CVE-2023-21635 MISC |
qualcomm_inc. — snapdragon | Memory corruption in Linux while calling system configuration APIs. | 2023-07-04 | not yet calculated | CVE-2023-21637 MISC |
qualcomm_inc. — snapdragon | Memory corruption in Video while calling APIs with different instance ID than the one received in initialization. | 2023-07-04 | not yet calculated | CVE-2023-21638 MISC |
qualcomm_inc. — snapdragon | Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client. | 2023-07-04 | not yet calculated | CVE-2023-21639 MISC |
qualcomm_inc. — snapdragon | Memory corruption in Linux when the file upload API is called with parameters having large buffer. | 2023-07-04 | not yet calculated | CVE-2023-21640 MISC |
qualcomm_inc. — snapdragon | An app with non-privileged access can change global system brightness and cause undesired system behavior. | 2023-07-04 | not yet calculated | CVE-2023-21641 MISC |
qualcomm_inc. — snapdragon | Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions. | 2023-07-04 | not yet calculated | CVE-2023-21672 MISC |
milesight — ur32l | An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-22299 MISC |
milesight — ur32l | An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-22306 MISC |
milesight — vpn | A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-22319 MISC |
milesight — ur32l | An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-22365 MISC |
milesight — vpn | An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-22371 MISC |
qualcomm_inc. — snapdragon | Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. | 2023-07-04 | not yet calculated | CVE-2023-22386 MISC |
qualcomm_inc. — snapdragon | Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. | 2023-07-04 | not yet calculated | CVE-2023-22387 MISC |
milesight — ur32l | An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An attacker can send an HTTP request to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-22653 MISC |
milesight — ur32l | An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-22659 MISC |
qualcomm_inc. — snapdragon | Memory Corruption in Audio while allocating the ion buffer during the music playback. | 2023-07-04 | not yet calculated | CVE-2023-22667 MISC |
western_digital — my_cloud_os_5 | An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202. | 2023-07-01 | not yet calculated | CVE-2023-22814 MISC |
milesight — vpn | An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-22844 MISC |
hero_electronix — qubo_hcd01_02_v1.38_20220125_devices | Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password. | 2023-07-04 | not yet calculated | CVE-2023-22906 MISC MISC |
wordpress — wordpress | The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-07-04 | not yet calculated | CVE-2023-2320 MISC |
wordpress — wordpress | The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-07-04 | not yet calculated | CVE-2023-2321 MISC |
wordpress — wordpress | The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-07-04 | not yet calculated | CVE-2023-2324 MISC |
wordpress — wordpress | The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-07-04 | not yet calculated | CVE-2023-2333 MISC |
milesight — ur32l | A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-23546 MISC |
milesight — ur32l | A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-23547 MISC |
milesight — ur32l | An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-23550 MISC |
milesight — ur32l | An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-23571 MISC |
milesight — ur32l | A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-23902 MISC |
milesight — vpn | A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-23907 MISC |
milesight — ur32l | A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send an HTTP request to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-24018 MISC |
milesight — ur32l | A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-24019 MISC |
nio — ec6_aspen | An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal. | 2023-07-06 | not yet calculated | CVE-2023-24256 MISC |
milesight — vpn | Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database. | 2023-07-06 | not yet calculated | CVE-2023-24496 MISC |
milesight — vpn | Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database | 2023-07-06 | not yet calculated | CVE-2023-24497 MISC |
milesight — ur32l | Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility. | 2023-07-06 | not yet calculated | CVE-2023-24519 MISC |
milesight — ur32l | Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility. | 2023-07-06 | not yet calculated | CVE-2023-24520 MISC |
milesight — ur32l | Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet. | 2023-07-06 | not yet calculated | CVE-2023-24582 MISC |
milesight — ur32l | Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a UDP packet. | 2023-07-06 | not yet calculated | CVE-2023-24583 MISC |
milesight — ur32l | An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 2023-07-06 | not yet calculated | CVE-2023-24595 MISC |
qualcomm_inc. — snapdragon | Memory Corruption in WLAN HOST while parsing QMI response message from firmware. | 2023-07-04 | not yet calculated | CVE-2023-24851 MISC |
qualcomm_inc. — snapdragon | Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. | 2023-07-04 | not yet calculated | CVE-2023-24854 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables. | 2023-07-06 | not yet calculated | CVE-2023-25081 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables. | 2023-07-06 | not yet calculated | CVE-2023-25082 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip and mac variables. | 2023-07-06 | not yet calculated | CVE-2023-25083 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip, mac and description variables. | 2023-07-06 | not yet calculated | CVE-2023-25084 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables. | 2023-07-06 | not yet calculated | CVE-2023-25085 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables. | 2023-07-06 | not yet calculated | CVE-2023-25086 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dport variables. | 2023-07-06 | not yet calculated | CVE-2023-25087 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables. | 2023-07-06 | not yet calculated | CVE-2023-25088 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1. | 2023-07-06 | not yet calculated | CVE-2023-25089 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables. | 2023-07-06 | not yet calculated | CVE-2023-25090 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1. | 2023-07-06 | not yet calculated | CVE-2023-25091 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and out_acl variables. | 2023-07-06 | not yet calculated | CVE-2023-25092 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable.. | 2023-07-06 | not yet calculated | CVE-2023-25093 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the into_class_node function with either the class_name or old_class_name variable. | 2023-07-06 | not yet calculated | CVE-2023-25094 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands. | 2023-07-06 | not yet calculated | CVE-2023-25095 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings. | 2023-07-06 | not yet calculated | CVE-2023-25096 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable. | 2023-07-06 | not yet calculated | CVE-2023-25097 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable. | 2023-07-06 | not yet calculated | CVE-2023-25098 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the dest variable. | 2023-07-06 | not yet calculated | CVE-2023-25099 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the default_class variable. | 2023-07-06 | not yet calculated | CVE-2023-25100 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_key variable. | 2023-07-06 | not yet calculated | CVE-2023-25101 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the hub_ip and the hub_gre_ip variables. | 2023-07-06 | not yet calculated | CVE-2023-25102 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables. | 2023-07-06 | not yet calculated | CVE-2023-25103 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables. | 2023-07-06 | not yet calculated | CVE-2023-25104 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable. | 2023-07-06 | not yet calculated | CVE-2023-25105 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables. | 2023-07-06 | not yet calculated | CVE-2023-25106 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_subnet and the remote_mask variables. | 2023-07-06 | not yet calculated | CVE-2023-25107 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_ip variable. | 2023-07-06 | not yet calculated | CVE-2023-25108 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable. | 2023-07-06 | not yet calculated | CVE-2023-25109 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_virtual_ip variable. | 2023-07-06 | not yet calculated | CVE-2023-25110 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable. | 2023-07-06 | not yet calculated | CVE-2023-25111 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables. | 2023-07-06 | not yet calculated | CVE-2023-25112 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the key variable. | 2023-07-06 | not yet calculated | CVE-2023-25113 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the expert_options variable. | 2023-07-06 | not yet calculated | CVE-2023-25114 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_ip and the port variables. | 2023-07-06 | not yet calculated | CVE-2023-25115 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the remote_virtual_ip variables. | 2023-07-06 | not yet calculated | CVE-2023-25116 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the local_virtual_mask variables. | 2023-07-06 | not yet calculated | CVE-2023-25117 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the username and the password variables. | 2023-07-06 | not yet calculated | CVE-2023-25118 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_pptp function with the remote_subnet and the remote_mask variables. | 2023-07-06 | not yet calculated | CVE-2023-25119 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the cisco_secret variable. | 2023-07-06 | not yet calculated | CVE-2023-25120 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable. | 2023-07-06 | not yet calculated | CVE-2023-25121 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables. | 2023-07-06 | not yet calculated | CVE-2023-25122 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables when action is 2. | 2023-07-06 | not yet calculated | CVE-2023-25123 MISC |
milesight — ur32l | Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables. | 2023-07-06 | not yet calculated | CVE-2023-25124 MISC |
multitech — conduit_ap | Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload. | 2023-07-07 | not yet calculated | CVE-2023-25201 MISC MISC |
tyan — s5552_bmc | A CWE-552 “Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS. | 2023-07-05 | not yet calculated | CVE-2023-2538 MISC |
scipy — scipy | A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. | 2023-07-05 | not yet calculated | CVE-2023-25399 MISC MISC MISC |
nvidia — gpu_display_driver_for_linux | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service. | 2023-07-04 | not yet calculated | CVE-2023-25516 MISC |
nvidia– virtual_gpu_manager | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. | 2023-07-04 | not yet calculated | CVE-2023-25517 MISC |
nvidia — dgx_a100/a800 | NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | 2023-07-04 | not yet calculated | CVE-2023-25521 MISC |
nvidia — dgx_a100/a800 | NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | 2023-07-04 | not yet calculated | CVE-2023-25522 MISC |
nvidia — cuda_toolkit_for_linux_and_windows | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service. | 2023-07-04 | not yet calculated | CVE-2023-25523 MISC |
milesight — ur32l | Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration. | 2023-07-06 | not yet calculated | CVE-2023-25582 MISC |
milesight — ur32l | Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration. | 2023-07-06 | not yet calculated | CVE-2023-25583 MISC |
drogon_framework — drogon_framework | All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content. | 2023-07-06 | not yet calculated | CVE-2023-26137 MISC MISC |
drogon_framework — drogon_framework | All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent. | 2023-07-06 | not yet calculated | CVE-2023-26138 MISC MISC |
ca_technologies — arcserve | Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator. | 2023-07-03 | not yet calculated | CVE-2023-26258 MISC MISC |
anydesk — anydesk | AnyDesk 7.0.8 allows remote Denial of Service. | 2023-07-03 | not yet calculated | CVE-2023-26509 MISC MISC MISC |
pax_technology — a930 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability. | 2023-07-05 | not yet calculated | CVE-2023-27197 MISC |
pax_technology — a930 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability. | 2023-07-05 | not yet calculated | CVE-2023-27198 MISC |
pax_technology — a930 | PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks. | 2023-07-05 | not yet calculated | CVE-2023-27199 MISC |
admin_panel_v3 — admin_panel_v3 | A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field. | 2023-07-06 | not yet calculated | CVE-2023-27225 MISC MISC |
kubernetes — kubernetes | Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | 2023-07-03 | not yet calculated | CVE-2023-2727 MISC MISC MISC |
kubernetes — kubernetes | Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. | 2023-07-03 | not yet calculated | CVE-2023-2728 MISC MISC MISC |
diagon — diagon | A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability. | 2023-07-05 | not yet calculated | CVE-2023-27390 MISC MISC |
prestashop — prestashop | SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components. | 2023-07-07 | not yet calculated | CVE-2023-27845 MISC CONFIRM |
ivanti — ivanti_endpoint_manager | A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines. | 2023-07-01 | not yet calculated | CVE-2023-28323 MISC |
ivanti — ivanti_endpoint_manager | A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. | 2023-07-01 | not yet calculated | CVE-2023-28324 MISC |
brave_software — brave_browser_for_android | An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. | 2023-07-01 | not yet calculated | CVE-2023-28364 MISC |
ubiquiti_inc. — unifi_network_application | A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. | 2023-07-01 | not yet calculated | CVE-2023-28365 MISC |
qualcomm_inc. — snapdragon | Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. | 2023-07-04 | not yet calculated | CVE-2023-28541 MISC |
qualcomm_inc. — snapdragon | Memory Corruption in WLAN HOST while fetching TX status information. | 2023-07-04 | not yet calculated | CVE-2023-28542 MISC |
libtiff — libtiff | A null pointer dereference issue was discovered in Libtiff’s tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service. | 2023-06-30 | not yet calculated | CVE-2023-2908 MISC MISC MISC MISC |
malwarebytes — edr_1.0.11_for_linux | The Malwarebytes EDR 1.0.11 for Linux driver doesn’t properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger. | 2023-06-30 | not yet calculated | CVE-2023-29145 MISC MISC |
malwarebytes — edr_1.0.11_for_linux | In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. | 2023-06-30 | not yet calculated | CVE-2023-29147 MISC MISC |
bosch_security_systems — building_integration_system | Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network | 2023-06-30 | not yet calculated | CVE-2023-29241 MISC |
synacor — zimbra_collaboration_zcs | An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. | 2023-07-06 | not yet calculated | CVE-2023-29381 MISC MISC |
synacor — zimbra_collaboration_zcs | An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. | 2023-07-06 | not yet calculated | CVE-2023-29382 MISC MISC |
darktrace — darktrace_for_android | An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control “antigena” actions(block/unblock traffic) from the mobile application. This vulnerability could create a “shutdown”, blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed. | 2023-07-06 | not yet calculated | CVE-2023-29656 MISC MISC |
red_hat — quarkus-core | A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol. | 2023-07-04 | not yet calculated | CVE-2023-2974 MISC MISC MISC |
scipy — scipy | A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. | 2023-07-06 | not yet calculated | CVE-2023-29824 MISC MISC MISC |
gis3w — g3w-suite | A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter. | 2023-07-07 | not yet calculated | CVE-2023-29998 MISC CONFIRM |
prestashop — prestashop | In the module “Detailed Order” (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json. | 2023-07-06 | not yet calculated | CVE-2023-30195 MISC |
kodi — home_theater_software | A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file. | 2023-07-05 | not yet calculated | CVE-2023-30207 MISC MISC MISC |
chatengine — wliang6_chatengine | Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30319 CONFIRM MISC |
chatengine — wliang6_chatengine | Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30320 MISC CONFIRM |
chatengine — wliang6_chatengine | Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30321 MISC CONFIRM |
chatengine — payatu_chatengine | Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30322 CONFIRM MISC |
chatengine — payatu_chatengine | SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information. | 2023-07-06 | not yet calculated | CVE-2023-30323 MISC CONFIRM |
chatengine — wliang6_chatengine | SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information. | 2023-07-06 | not yet calculated | CVE-2023-30325 MISC CONFIRM |
chatengine — wliang6_chatengine | Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30326 CONFIRM MISC |
node.js — node.js | A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process’s stack memory to locate the permission model Permission::enabled_ in the host process’s heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | 2023-07-01 | not yet calculated | CVE-2023-30586 MISC |
node.js — node.js | The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20 | 2023-07-01 | not yet calculated | CVE-2023-30589 MISC |
atlassian — jira | icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds. | 2023-07-05 | not yet calculated | CVE-2023-30607 MISC MISC MISC |
samsung_mobile — multiple_products | Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration. | 2023-07-06 | not yet calculated | CVE-2023-30640 MISC |
samsung_mobile — multiple_products | Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data. | 2023-07-06 | not yet calculated | CVE-2023-30641 MISC |
samsung_mobile — multiple_products | Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function. | 2023-07-06 | not yet calculated | CVE-2023-30642 MISC |
samsung_mobile — multiple_products | Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications. | 2023-07-06 | not yet calculated | CVE-2023-30643 MISC |
samsung_mobile — multiple_products | Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30644 MISC |
samsung_mobile — multiple_products | Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30645 MISC |
samsung_mobile — multiple_products | Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30646 MISC |
samsung_mobile — multiple_products | Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30647 MISC |
samsung_mobile — multiple_products | Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system. | 2023-07-06 | not yet calculated | CVE-2023-30648 MISC |
samsung_mobile — multiple_products | Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30649 MISC |
samsung_mobile — multiple_products | Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30650 MISC |
samsung_mobile — multiple_products | Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30651 MISC |
samsung_mobile — multiple_products | Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30652 MISC |
samsung_mobile — multiple_products | Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30653 MISC |
samsung_mobile — multiple_products | Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | 2023-07-06 | not yet calculated | CVE-2023-30655 MISC |
samsung_mobile — multiple_products | Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities. | 2023-07-06 | not yet calculated | CVE-2023-30656 MISC |
samsung_mobile — multiple_products | Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | 2023-07-06 | not yet calculated | CVE-2023-30657 MISC |
samsung_mobile — multiple_products | Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | 2023-07-06 | not yet calculated | CVE-2023-30658 MISC |
samsung_mobile — multiple_products | Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | 2023-07-06 | not yet calculated | CVE-2023-30659 MISC |
samsung_mobile — multiple_products | Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. | 2023-07-06 | not yet calculated | CVE-2023-30660 MISC |
samsung_mobile — multiple_products | Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. | 2023-07-06 | not yet calculated | CVE-2023-30661 MISC |
samsung_mobile — multiple_products | Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. | 2023-07-06 | not yet calculated | CVE-2023-30662 MISC |
samsung_mobile — multiple_products | Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. | 2023-07-06 | not yet calculated | CVE-2023-30663 MISC |
samsung_mobile — multiple_products | Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | 2023-07-06 | not yet calculated | CVE-2023-30664 MISC |
samsung_mobile — multiple_products | Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read. | 2023-07-06 | not yet calculated | CVE-2023-30665 MISC |
samsung_mobile — multiple_products | Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. | 2023-07-06 | not yet calculated | CVE-2023-30666 MISC |
samsung_mobile — multiple_products | Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege. | 2023-07-06 | not yet calculated | CVE-2023-30667 MISC |
samsung_mobile — multiple_products | Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30668 MISC |
samsung_mobile — multiple_products | Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30669 MISC |
samsung_mobile — multiple_products | Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-07-06 | not yet calculated | CVE-2023-30670 MISC |
samsung_mobile — multiple_products | Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application. | 2023-07-06 | not yet calculated | CVE-2023-30671 MISC |
samsung_mobile — smart_switch | Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction. | 2023-07-06 | not yet calculated | CVE-2023-30672 MISC |
samsung_mobile — smart_switch | Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction. | 2023-07-06 | not yet calculated | CVE-2023-30673 MISC |
samsung_mobile — samsung_internet | Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. | 2023-07-06 | not yet calculated | CVE-2023-30674 MISC |
samsung_mobile — samsung_pass | Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed. | 2023-07-06 | not yet calculated | CVE-2023-30675 MISC |
samsung_mobile — samsung_pass | Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass. | 2023-07-06 | not yet calculated | CVE-2023-30676 MISC |
samsung_mobile — samsung_pass | Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device. | 2023-07-06 | not yet calculated | CVE-2023-30677 MISC |
google — android | Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file. | 2023-07-06 | not yet calculated | CVE-2023-30678 MISC |
red_hat — multiple_products | A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. | 2023-07-05 | not yet calculated | CVE-2023-3089 MISC MISC |
ibm — i | IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036. | 2023-07-04 | not yet calculated | CVE-2023-30990 MISC MISC |
diagon — diagon | An access violation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability. | 2023-07-05 | not yet calculated | CVE-2023-31194 MISC MISC |
linux — kernel | Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace | 2023-07-05 | not yet calculated | CVE-2023-31248 MISC MISC MISC |
piigab — m-bus | PiiGAB M-Bus transmits credentials in plaintext format. | 2023-07-06 | not yet calculated | CVE-2023-31277 MISC |
wordpress — wordpress | The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available. | 2023-07-04 | not yet calculated | CVE-2023-3133 MISC MISC MISC |
wordpress — wordpress | The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered. | 2023-07-04 | not yet calculated | CVE-2023-3139 MISC MISC |
pipreqs — pipreqs | A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. | 2023-06-30 | not yet calculated | CVE-2023-31543 MISC MISC |
ubiquiti_inc. — unifi_os | UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. “Applicable Cloud Keys” include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus. | 2023-07-01 | not yet calculated | CVE-2023-31997 MISC |
npm — @fastify/oauth2 | All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user’s session in some way that will allow the server to validate it. v7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object. | 2023-07-04 | not yet calculated | CVE-2023-31999 MISC MISC MISC |
ubiquiti — unifi_network_application | A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. | 2023-07-08 | not yet calculated | CVE-2023-32000 MISC |
opensuse_tumbleweed — opensuse_tumbleweed | Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. | 2023-07-07 | not yet calculated | CVE-2023-32183 MISC |
piigab — m-bus | PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks. | 2023-07-07 | not yet calculated | CVE-2023-32652 MISC |
oracle — apache | Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. This issue affects Apache Johnzon: through 1.2.20. | 2023-07-07 | not yet calculated | CVE-2023-33008 MISC |
trellix — enterprise_security_manager_for_windows | An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands. | 2023-07-03 | not yet calculated | CVE-2023-3313 MISC |
trellix — enterprise_security_manager_for_windows | A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges. | 2023-07-03 | not yet calculated | CVE-2023-3314 MISC |
bouncy_castle_for_java — bouncy_castle_for_java | Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate’s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. | 2023-07-05 | not yet calculated | CVE-2023-33201 CONFIRM MISC MISC |
sophos — iview | Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. | 2023-07-05 | not yet calculated | CVE-2023-33335 MISC |
toughnet — tn-5900_series | TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users. | 2023-07-05 | not yet calculated | CVE-2023-3336 MISC |
ai-dev — aicombinationsonfly | ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. | 2023-07-07 | not yet calculated | CVE-2023-33664 MISC CONFIRM |
piigab — m-bus_softwarepack | The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication. | 2023-07-06 | not yet calculated | CVE-2023-33868 MISC |
glpi — glpi | GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch. | 2023-07-05 | not yet calculated | CVE-2023-34106 MISC MISC |
glpi — glpi | GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue. | 2023-07-05 | not yet calculated | CVE-2023-34107 MISC MISC |
huawei — harmonyos | Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability. | 2023-07-06 | not yet calculated | CVE-2023-34164 MISC MISC |
synacor — zimbra_collaboration_zcs | Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. | 2023-07-06 | not yet calculated | CVE-2023-34192 MISC MISC MISC |
synacor — zimbra_collaboration_zcs | File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. | 2023-07-06 | not yet calculated | CVE-2023-34193 MISC MISC MISC |
zoho_manageengine — servicedesk_plus | Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications. | 2023-07-07 | not yet calculated | CVE-2023-34197 MISC |
glpi — glpi | GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8 to receive a patch. | 2023-07-05 | not yet calculated | CVE-2023-34244 MISC MISC |
ami — megarac_spx | AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | 2023-07-05 | not yet calculated | CVE-2023-34337 MISC |
ami — megarac_spx | AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | 2023-07-05 | not yet calculated | CVE-2023-34338 MISC |
trellix — move | An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services. | 2023-07-03 | not yet calculated | CVE-2023-3438 MISC |
piigab — m-bus | PiiGAB M-Bus stores passwords using a weak hash algorithm. | 2023-07-07 | not yet calculated | CVE-2023-34433 MISC |
cometbft — cometbft | CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct `PeerState` is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places. The first is via logs, setting the `consensus` logging module to “debug” level (should not happen in production), and setting the log output format to JSON. The second is via RPC `dump_consensus_state`. Case 1, which should not be hit in production, will eventually hit the deadlock in most goroutines, effectively halting the node. In case 2, only the data structures related to the first peer will be deadlocked, together with the thread(s) dealing with the RPC request(s). This means that only one of the channels of communication to the node’s peers will be blocked. Eventually the peer will timeout and excluded from the list (typically after 2 minutes). The goroutines involved in the deadlock will not be garbage collected, but they will not interfere with the system after the peer is excluded. The theoretical worst case for case 2, is a network with only two validator nodes. In this case, each of the nodes only has one `PeerState` struct. If `dump_consensus_state` is called in either node (or both), the chain will halt until the peer connections time out, after which the nodes will reconnect (with different `PeerState` structs) and the chain will progress again. Then, the same process can be repeated. As the number of nodes in a network increases, and thus, the number of peer struct each node maintains, the possibility of reproducing the perturbation visible with two nodes decreases. Only the first `PeerState` struct will deadlock, and not the others (RPC `dump_consensus_state` accesses them in a for loop, so the deadlock at the first iteration causes the rest of the iterations of that “for” loop to never be reached). This regression was fixed in versions 0.34.29 and 0.37.2. Some workarounds are available. For case 1 (hitting the deadlock via logs), either don’t set the log output to “json”, leave at “plain”, or don’t set the consensus logging module to “debug”, leave it at “info” or higher. For case 2 (hitting the deadlock via RPC `dump_consensus_state`), do not expose `dump_consensus_state` RPC endpoint to the public internet (e.g., via rules in one’s nginx setup). | 2023-07-03 | not yet calculated | CVE-2023-34450 MISC MISC MISC MISC |
cometbft — cometbft | CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index (if any) of the transaction in the list. In `v0.37.0`, and `v0.37.1`, as well as in `v0.34.28`, and all previous releases of the CometBFT repo2, it is possible to have them out of sync. When this happens, the list may contain several copies of the same transaction. Because the map tracks a single index, it is then no longer possible to remove all the copies of the transaction from the list. This happens even if the duplicated transaction is later committed in a block. The only way to remove the transaction is by restarting the node. The above problem can be repeated on and on until a sizable number of transactions are stuck in the mempool, in order to try to bring down the target node. The problem is fixed in releases `v0.34.29` and `v0.37.2`. Some workarounds are available. Increasing the value of `cache_size` in `config.toml` makes it very difficult to effectively attack a full node. Not exposing the transaction submission RPC’s would mitigate the probability of a successful attack, as the attacker would then have to create a modified (byzantine) full node to be able to perform the attack via p2p. | 2023-07-03 | not yet calculated | CVE-2023-34451 MISC MISC MISC |
mechanicalsoup — mechanicalsoup | MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type=”file” …>` inside HTML form. All users of MechanicalSoup’s form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue. | 2023-07-05 | not yet calculated | CVE-2023-34457 MISC MISC MISC |
ami — megarac_spx | AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication. | 2023-07-05 | not yet calculated | CVE-2023-34471 MISC |
ami — megarac_spx | AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity. | 2023-07-05 | not yet calculated | CVE-2023-34472 MISC |
ami — megarac_spx | AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. | 2023-07-05 | not yet calculated | CVE-2023-34473 MISC |
huawei — harmonyos/emui | Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity. | 2023-07-05 | not yet calculated | CVE-2023-3455 MISC MISC |
huawei — harmonyos | Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-07-06 | not yet calculated | CVE-2023-3456 MISC MISC |
wordpress — wordpress | The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild. | 2023-07-04 | not yet calculated | CVE-2023-3460 MISC MISC |
taocms — taocms | taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). | 2023-07-05 | not yet calculated | CVE-2023-34654 MISC MISC |
mozilla — firefox | When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of ‘about:blank’. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115. | 2023-07-05 | not yet calculated | CVE-2023-3482 MISC MISC |
google — chrome | Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. (Chromium security severity: Medium) | 2023-07-03 | not yet calculated | CVE-2023-3497 MISC MISC |
piigab — m-bus | There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. | 2023-07-07 | not yet calculated | CVE-2023-34995 MISC |
linux — kernel | Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace | 2023-07-05 | not yet calculated | CVE-2023-35001 MISC MISC MISC |
sourcecodester — shopping_website | A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232950 is the identifier assigned to this vulnerability. | 2023-07-04 | not yet calculated | CVE-2023-3502 MISC MISC MISC |
sourcecodester — shopping_website | A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951. | 2023-07-04 | not yet calculated | CVE-2023-3503 MISC MISC MISC |
smartweb_infotech — job_board | A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-232952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-04 | not yet calculated | CVE-2023-3504 MISC MISC |
onest — crm | A vulnerability was found in Onest CRM 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-232953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-04 | not yet calculated | CVE-2023-3505 MISC MISC |
active_it_zone — active_ecommerce_cms | A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ecommerce/support_ticket of the component Create Ticket Page. The manipulation of the argument details with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-232954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-04 | not yet calculated | CVE-2023-3506 MISC MISC |
piigab — m-bus | PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then the device could execute the GET or POST link request. | 2023-07-07 | not yet calculated | CVE-2023-35120 MISC |
go-gitea — go-gitea | Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. | 2023-07-05 | not yet calculated | CVE-2023-3515 MISC MISC |
it-novum — openitcockpit | Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6. | 2023-07-06 | not yet calculated | CVE-2023-3520 MISC MISC |
fossbilling — fossbilling | Cross-site Scripting (XSS) – Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4. | 2023-07-06 | not yet calculated | CVE-2023-3521 MISC MISC |
gpac — gpac | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | 2023-07-06 | not yet calculated | CVE-2023-3523 MISC MISC |
thinutech — thinucms | A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument cat_id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-233252. | 2023-07-06 | not yet calculated | CVE-2023-3528 MISC MISC |
rotem_dynamics — rotem_crm | A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy. It is possible to initiate the attack remotely. The identifier VDB-233253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-06 | not yet calculated | CVE-2023-3529 MISC MISC |
nilsteampassnet — teampass | Cross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | 2023-07-06 | not yet calculated | CVE-2023-3531 MISC MISC |
outline — outline | Cross-site Scripting (XSS) – Stored in GitHub repository outline/outline prior to 0.70.1. | 2023-07-07 | not yet calculated | CVE-2023-3532 MISC MISC |
sourcecodester — shopping_website | A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233286 is the identifier assigned to this vulnerability. | 2023-07-07 | not yet calculated | CVE-2023-3534 MISC MISC MISC |
simplephpscripts — faq_script_php | A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233287. | 2023-07-07 | not yet calculated | CVE-2023-3535 MISC MISC |
simplephpscripts — funeral_script_php | A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233288. | 2023-07-07 | not yet calculated | CVE-2023-3536 MISC MISC |
simplephpscripts — news_script_php_pro | A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233289 was assigned to this vulnerability. | 2023-07-07 | not yet calculated | CVE-2023-3537 MISC MISC |
simplephpscripts — photo_gallery_php | A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability. | 2023-07-07 | not yet calculated | CVE-2023-3538 MISC MISC |
simplephpscripts — simple_forum_php | A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233291. | 2023-07-07 | not yet calculated | CVE-2023-3539 MISC MISC |
simplephpscripts — newsletter_script_php | A vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233292. | 2023-07-07 | not yet calculated | CVE-2023-3540 MISC MISC |
thinutech — thinucms | A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12<script>alert(1)</script>o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability. | 2023-07-07 | not yet calculated | CVE-2023-3541 MISC MISC |
thinutech — thinucms | A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability. | 2023-07-07 | not yet calculated | CVE-2023-3542 MISC MISC |
gz_scripts — availability_booking_calendar_php | A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-07 | not yet calculated | CVE-2023-3543 MISC MISC |
gz_scripts — time_slot_booking_calendar_php | A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-07 | not yet calculated | CVE-2023-3544 MISC MISC |
nilsteampassnet — teampass | Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | 2023-07-08 | not yet calculated | CVE-2023-3551 MISC MISC |
nilsteampassnet — teampass | Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | 2023-07-08 | not yet calculated | CVE-2023-3552 MISC MISC |
nilsteampassnet — teampass | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | 2023-07-08 | not yet calculated | CVE-2023-3553 MISC MISC |
piigab — m-bus | PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials. | 2023-07-07 | not yet calculated | CVE-2023-35765 MISC |
zoho_manageengine — admanager_plus | Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. | 2023-07-05 | not yet calculated | CVE-2023-35786 MISC |
oracle — apache_airflow | Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability. | 2023-07-03 | not yet calculated | CVE-2023-35797 MISC MISC |
madefornet_http_debugger — madefornet_http_debugger | In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access. | 2023-07-05 | not yet calculated | CVE-2023-35863 MISC MISC MISC |
ibm — websphere_application_server | IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. | 2023-07-07 | not yet calculated | CVE-2023-35890 MISC MISC |
glpi — glpi | GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory. | 2023-07-05 | not yet calculated | CVE-2023-35924 MISC MISC |
yt-dlp — yt-dlp | yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest’s host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later). At the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp’s info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped. yt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders’ built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scoping Some workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternatively, avoid using `–load-info-json`. Or, if authentication is a must: verify the integrity of download links from unknown sources in browser (including redirects) before passing them to yt-dlp; use `curl` as external downloader, since it is not impacted; and/or avoid fragmented formats such as HLS/m3u8, DASH/mpd and ISM. | 2023-07-06 | not yet calculated | CVE-2023-35934 MISC MISC MISC MISC MISC MISC |
pandoc — pandoc | Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `–extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `–extract-media` option. The fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension. Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. Note that the `–sandbox` option, which only affects IO done by readers and writers themselves, does not block this vulnerability. The vulnerability is patched in pandoc 3.1.4. As a workaround, audit the pandoc command and disallow PDF output and the `–extract-media` option. | 2023-07-05 | not yet calculated | CVE-2023-35936 MISC |
metersphere — metersphere | Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. Version 2.10.2 LTS has a patch for this issue. | 2023-07-06 | not yet calculated | CVE-2023-35937 MISC |
glpi — glpi | GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue. | 2023-07-05 | not yet calculated | CVE-2023-35939 MISC MISC |
glpi — glpi | GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue. | 2023-07-05 | not yet calculated | CVE-2023-35940 MISC MISC |
gradle– gradle | Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### Impact This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. * When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. * For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build. ### Patches A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. It is recommended that users upgrade to a patched version. ### Workarounds There is no workaround. * If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability. * If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured. ### References * [CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)](https://cwe.mitre.org/data/definitions/22.html) * [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html) * [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability) | 2023-06-30 | not yet calculated | CVE-2023-35947 MISC MISC MISC |
novu — novu | Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the “Sign In with GitHub” functionality of Novu’s open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim’s account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch. | 2023-07-06 | not yet calculated | CVE-2023-35948 MISC MISC |
aruba_networks — arubaos | A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. | 2023-07-05 | not yet calculated | CVE-2023-35971 MISC |
aruba_networks — arubaos | An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | 2023-07-05 | not yet calculated | CVE-2023-35972 MISC |
aruba_networks — arubaos | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2023-07-05 | not yet calculated | CVE-2023-35973 MISC |
aruba_networks — arubaos | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2023-07-05 | not yet calculated | CVE-2023-35974 MISC |
aruba_networks — arubaos | An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. | 2023-07-05 | not yet calculated | CVE-2023-35975 MISC |
aruba_networks — arubaos | Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. | 2023-07-05 | not yet calculated | CVE-2023-35976 MISC |
aruba_networks — arubaos | Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. | 2023-07-05 | not yet calculated | CVE-2023-35977 MISC |
aruba_networks — arubaos | A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. | 2023-07-05 | not yet calculated | CVE-2023-35978 MISC |
aruba_networks — arubaos | There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller. | 2023-07-05 | not yet calculated | CVE-2023-35979 MISC |
piigab — m-bus | PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. | 2023-07-06 | not yet calculated | CVE-2023-35987 MISC |
django — django | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. | 2023-07-03 | not yet calculated | CVE-2023-36053 CONFIRM MISC MISC |
intelbras — switch_sg_2404_mr | An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. | 2023-06-30 | not yet calculated | CVE-2023-36144 MISC MISC |
zzcms — zzcms | Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remote attacker to gain privileges via the add function in adminlist.php. | 2023-07-03 | not yet calculated | CVE-2023-36162 MISC MISC |
openimageio — openimageio | Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. | 2023-07-03 | not yet calculated | CVE-2023-36183 MISC |
langchain — langchain | An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. | 2023-07-06 | not yet calculated | CVE-2023-36188 MISC MISC |
langchain — langchain | SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. | 2023-07-06 | not yet calculated | CVE-2023-36189 MISC MISC |
jerryscript_project — jerryscript | An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays. | 2023-07-07 | not yet calculated | CVE-2023-36201 MISC |
mlogclub_bbs-go — mlogclub_bbs-go | Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function. | 2023-07-03 | not yet calculated | CVE-2023-36222 MISC MISC MISC |
mlogclub_bbs-go — mlogclub_bbs-go | Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function. | 2023-07-03 | not yet calculated | CVE-2023-36223 MISC MISC MISC |
online_examination_system_project — online_examination_system_project | The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin’s consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data. | 2023-07-07 | not yet calculated | CVE-2023-36256 MISC MISC |
langchain — langchain | An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method. | 2023-07-03 | not yet calculated | CVE-2023-36258 MISC |
maxsite_cms — maxsite_cms | Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file. | 2023-07-03 | not yet calculated | CVE-2023-36291 MISC |
osslsigncode — osslsigncode | Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files. | 2023-07-03 | not yet calculated | CVE-2023-36377 MISC MISC |
authentik — authentik | authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy are susceptible to this. Possible spoofing of IP addresses in logs, downstream applications proxied by (built in) outpost, IP bypassing in custom flows if used. This poses a possible security risk when someone has flows or policies that check the user’s IP address, e.g. when they want to ignore the user’s 2 factor authentication when the user is connected to the company network. A second security risk is that the IP addresses in the logfiles and user sessions are not reliable anymore. Anybody can spoof this address and one cannot verify that the user has logged in from the IP address that is in their account’s log. A third risk is that this header is passed on to the proxied application behind an outpost. The application may do any kind of verification, logging, blocking or rate limiting based on the IP address, and this IP address can be overridden by anybody that want to. Versions 2023.4.3 and 2023.5.5 contain a patch for this issue. | 2023-07-06 | not yet calculated | CVE-2023-36456 MISC MISC MISC MISC MISC |
1panel — 1panel | 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6. | 2023-07-05 | not yet calculated | CVE-2023-36457 MISC MISC |
1panel — 1panel | 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6. | 2023-07-05 | not yet calculated | CVE-2023-36458 MISC MISC |
mastodon — mastodon | Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview cards. This introduces a vector for cross-site scripting (XSS) payloads that can be rendered in the user’s browser when a preview card for a malicious link is clicked through. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue. | 2023-07-06 | not yet calculated | CVE-2023-36459 MISC MISC MISC MISC MISC MISC |
mastodon — mastodon | Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon’s media processing code to create arbitrary files at any location. This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue. | 2023-07-06 | not yet calculated | CVE-2023-36460 MISC MISC MISC MISC MISC MISC |
mastodon — mastodon | Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue. | 2023-07-06 | not yet calculated | CVE-2023-36461 MISC MISC MISC MISC MISC MISC |
mastodon — mastodon | Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. The link is visually misleading, but clicking on it will reveal the actual link. This can still be used for phishing, though, similar to IDN homograph attacks. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue. | 2023-07-06 | not yet calculated | CVE-2023-36462 MISC MISC MISC MISC MISC |
xwiki– xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor’ space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details. | 2023-06-30 | not yet calculated | CVE-2023-36477 MISC MISC MISC MISC |
ovarro — multiple_products | The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm. | 2023-07-03 | not yet calculated | CVE-2023-36608 MISC |
ovarro — multiple_products | The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges. | 2023-07-03 | not yet calculated | CVE-2023-36609 MISC |
loxone_electronics — miniserver_go_gen.2 | The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter. | 2023-07-05 | not yet calculated | CVE-2023-36622 MISC MISC |
loxone_electronics — miniserver_go_gen.2 | The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges. | 2023-07-05 | not yet calculated | CVE-2023-36623 MISC MISC |
loxone_electronics — miniserver_go_gen.2 | Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement. | 2023-07-05 | not yet calculated | CVE-2023-36624 MISC MISC |
protobufjs — protobufjs | protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty. NOTE: this CVE Record is about “Object.constructor.prototype.<new-property> = …;” whereas CVE-2022-25878 was about “Object.__proto__.<new-property> = …;” instead. | 2023-07-05 | not yet calculated | CVE-2023-36665 MISC MISC CONFIRM MISC CONFIRM |
pypdf — pypdf | pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details. | 2023-06-30 | not yet calculated | CVE-2023-36807 MISC MISC MISC |
glpi-project — glpi | GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory. | 2023-07-05 | not yet calculated | CVE-2023-36808 MISC MISC |
kiwitcms– kiwitcms | Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed directly. The previous Nginx configuration was incorrect allowing certain browsers like Firefox to ignore the `Content-Type: text/plain` header on some occasions thus allowing potentially dangerous scripts to be executed. Additionally, file upload validators and parts of the HTML rendering code had been found to require additional sanitation and improvements. Version 12.5 fixes this vulnerability with updated Nginx content type configuration, improved file upload validation code to prevent more potentially dangerous uploads, and Sanitization of test plan names used in the `tree_view_html()` function. | 2023-07-05 | not yet calculated | CVE-2023-36809 MISC MISC MISC MISC MISC MISC |
pypdf — pypdf | pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-30 | not yet calculated | CVE-2023-36810 MISC MISC MISC |
opentsdb — opentsdb | OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`. | 2023-06-30 | not yet calculated | CVE-2023-36812 MISC MISC MISC |
kanboard — kanboard | Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue. | 2023-07-05 | not yet calculated | CVE-2023-36813 MISC MISC MISC |
zopefoundation — products.cmfcore | Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python’s marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2. | 2023-07-03 | not yet calculated | CVE-2023-36814 MISC MISC |
labring — sealos | Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user’s control and may have permission to correct it. It is not clear whether a fix exists. | 2023-07-03 | not yet calculated | CVE-2023-36815 MISC |
bubka — 2fa | 2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3. | 2023-07-03 | not yet calculated | CVE-2023-36816 MISC MISC |
tktchurch — website | `tktchurch/website` contains the codebase for The King’s Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church’s project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase. | 2023-07-03 | not yet calculated | CVE-2023-36817 MISC |
knowage — knowage | Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint `_/knowage/restful-services/dossier/importTemplateFile_` allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch and prior to version 8.1.8, the application does not sanitize the `_templateName_ `parameter allowing an attacker to use `*../*` in it, and escaping the directory the template are normally placed and download any file from the system. This vulnerability allows a low privileged attacker to exfiltrate sensitive configuration file. This issue has been patched in Knowage version 8.1.8. | 2023-07-03 | not yet calculated | CVE-2023-36819 MISC |
louislam — uptime-kuma | Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. After downloading a plugin, it’s installed by calling `npm install` in the installation directory of the plugin. Because the plugin is not validated against the official list of plugins or installed with `npm install –ignore-scripts`, a maliciously crafted plugin taking advantage of npm scripts can gain remote code execution. Version 1.22.1 contains a patch for this issue. | 2023-07-05 | not yet calculated | CVE-2023-36821 MISC MISC MISC MISC |
louislam — uptime-kuma | Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. Before a plugin is downloaded, the plugin installation directory is checked for existence. If it exists, it’s removed before the plugin installation. Because the plugin is not validated against the official list of plugins or sanitized, the check for existence and the removal of the plugin installation directory are prone to path traversal. This vulnerability allows an authenticated attacker to delete files from the server Uptime Kuma is running on. Depending on which files are deleted, Uptime Kuma or the whole system may become unavailable due to data loss. | 2023-07-05 | not yet calculated | CVE-2023-36822 MISC MISC MISC MISC |
rgrove — sanitize | Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in “relaxed” config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn’t allow `style` elements, using a Sanitize config that doesn’t allow CSS at-rules, or by manually escaping the character sequence `</` as `<\/` in `style` element content. | 2023-07-06 | not yet calculated | CVE-2023-36823 MISC MISC MISC |
ethyca — fides | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability affects fides versions lower than version `2.15.1`, allowing remote attackers to access arbitrary files on the fides webserver container’s filesystem. The vulnerability is patched in fides `2.15.1`. If the Fides webserver API is not directly accessible to attackers and is instead deployed behind a reverse proxy as recommended in Ethyca’s security best practice documentation, and the reverse proxy is an AWS application load balancer, the vulnerability can’t be exploited by these attackers. An AWS application load balancer will reject this attack with a 400 error. Additionally, any secrets supplied to the container using environment variables rather than a `fides.toml` configuration file are not affected by this vulnerability. | 2023-07-05 | not yet calculated | CVE-2023-36827 MISC MISC MISC |
statamic — statamic_cms | Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitize` function. Version 4.10.0 contains a patch for this issue. | 2023-07-05 | not yet calculated | CVE-2023-36828 MISC MISC MISC MISC MISC MISC |
sentry — sentry | Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2. | 2023-07-06 | not yet calculated | CVE-2023-36829 MISC MISC MISC MISC |
sqlfluff — sqlfluff | SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via macros. For many users who use SQLFluff in the context of an environment where all users already have fairly escalated privileges, this may not be an issue – however in larger user bases, or where SQLFluff is bundled into another tool where developers still wish to give users access to supply their on rule configuration, this may be an issue. The 2.1.2 release offers the ability for the `library_path` argument to be overwritten on the command line by using the `–library-path` option. This overrides any values provided in the config files and effectively prevents this route of attack for users which have access to the config file, but not to the scripts which call the SQLFluff CLI directly. A similar option is provided for the Python API, where users also have a greater ability to further customise or override configuration as necessary. Unless `library_path` is explicitly required, SQLFluff maintainers recommend using the option `–library-path none` when invoking SQLFluff which will disable the `library-path` option entirely regardless of the options set in the configuration file or via inline config directives. As a workaround, limiting access to – or otherwise validating configuration files before they are ingested by SQLFluff will provides a similar effect and does not require upgrade. | 2023-07-06 | not yet calculated | CVE-2023-36830 MISC MISC |
piigab — m-bus | PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands. | 2023-07-06 | not yet calculated | CVE-2023-36859 MISC |
progress — moveit_transfer | In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. | 2023-07-05 | not yet calculated | CVE-2023-36932 CONFIRM MISC |
progress — moveit_transfer | In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly. | 2023-07-05 | not yet calculated | CVE-2023-36933 CONFIRM MISC |
progress — moveit_transfer | In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. | 2023-07-05 | not yet calculated | CVE-2023-36934 CONFIRM MISC |
food_ordering_system — food_ordering_system | A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter. | 2023-07-06 | not yet calculated | CVE-2023-36968 MISC MISC |
cms_made_simple — cms_made_simple | CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. | 2023-07-06 | not yet calculated | CVE-2023-36969 MISC |
cms_made_simple — cms_made_simple | A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. | 2023-07-06 | not yet calculated | CVE-2023-36970 MISC |
travianz — travianz | PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. | 2023-07-07 | not yet calculated | CVE-2023-36992 MISC |
travianz — travianz | The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts. | 2023-07-07 | not yet calculated | CVE-2023-36993 MISC |
travianz — travianz | In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. | 2023-07-07 | not yet calculated | CVE-2023-36994 MISC |
travianz — travianz | TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie. | 2023-07-06 | not yet calculated | CVE-2023-36995 MISC |
chamilo — chamilo | Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section. | 2023-07-07 | not yet calculated | CVE-2023-37061 MISC MISC |
chamilo — chamilo | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories’ definition. | 2023-07-07 | not yet calculated | CVE-2023-37062 MISC MISC |
chamilo — chamilo | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section. | 2023-07-07 | not yet calculated | CVE-2023-37063 MISC MISC |
chamilo — chamilo | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section. | 2023-07-07 | not yet calculated | CVE-2023-37064 MISC MISC |
chamilo — chamilo | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section. | 2023-07-07 | not yet calculated | CVE-2023-37065 MISC MISC |
chamilo — chamilo | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel. | 2023-07-07 | not yet calculated | CVE-2023-37066 MISC MISC |
chamilo — chamilo | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section. | 2023-07-07 | not yet calculated | CVE-2023-37067 MISC MISC |
bagecms — bagecms | A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module. | 2023-07-06 | not yet calculated | CVE-2023-37122 MISC |
seacms — seacms | A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-07-06 | not yet calculated | CVE-2023-37124 MISC |
seacms — seacms | A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-07-06 | not yet calculated | CVE-2023-37125 MISC |
yzncms — yzncms | A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request. | 2023-07-06 | not yet calculated | CVE-2023-37131 MISC |
eyoucms — eyoucms | A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-07-06 | not yet calculated | CVE-2023-37132 MISC |
eyoucms — eyoucms | A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-07-06 | not yet calculated | CVE-2023-37133 MISC |
eyoucms — eyoucms | A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-07-06 | not yet calculated | CVE-2023-37134 MISC |
eyoucms — eyoucms | A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-07-06 | not yet calculated | CVE-2023-37135 MISC |
eyoucms — eyoucms | A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-07-06 | not yet calculated | CVE-2023-37136 MISC |
tenda — ac10 | Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. | 2023-07-07 | not yet calculated | CVE-2023-37144 MISC |
totolink — lr350 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | 2023-07-07 | not yet calculated | CVE-2023-37145 MISC |
totolink — lr350 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | 2023-07-07 | not yet calculated | CVE-2023-37146 MISC |
totolink — lr350 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. | 2023-07-07 | not yet calculated | CVE-2023-37148 MISC |
totolink — lr350 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. | 2023-07-07 | not yet calculated | CVE-2023-37149 MISC |
totolink– a3300r | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | 2023-07-07 | not yet calculated | CVE-2023-37170 MISC |
totolink — a3300r | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | 2023-07-07 | not yet calculated | CVE-2023-37171 MISC |
totolink — a3300r | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | 2023-07-07 | not yet calculated | CVE-2023-37172 MISC |
totolink — a3300r | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | 2023-07-07 | not yet calculated | CVE-2023-37173 MISC |
bitcoin_core — bitcoin_core | Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app’s memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing. | 2023-07-07 | not yet calculated | CVE-2023-37192 MISC MISC MISC |
mozilla — multiple_products | An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | 2023-07-05 | not yet calculated | CVE-2023-37201 MISC MISC MISC MISC MISC MISC |
mozilla — multiple_products | Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | 2023-07-05 | not yet calculated | CVE-2023-37202 MISC MISC MISC MISC MISC MISC |
mozilla — firefox | Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115. | 2023-07-05 | not yet calculated | CVE-2023-37203 MISC MISC |
mozilla — firefox | A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. | 2023-07-05 | not yet calculated | CVE-2023-37204 MISC MISC |
mozilla — firefox | The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115. | 2023-07-05 | not yet calculated | CVE-2023-37205 MISC MISC |
mozilla — firefox | Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115. | 2023-07-05 | not yet calculated | CVE-2023-37206 MISC MISC |
mozilla — multiple_products | A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | 2023-07-05 | not yet calculated | CVE-2023-37207 MISC MISC MISC MISC MISC MISC |
mozilla — multiple_products | When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | 2023-07-05 | not yet calculated | CVE-2023-37208 MISC MISC MISC MISC MISC MISC |
mozilla — firefox | A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115. | 2023-07-05 | not yet calculated | CVE-2023-37209 MISC MISC |
mozilla — firefox | A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. | 2023-07-05 | not yet calculated | CVE-2023-37210 MISC MISC |
mozilla — multiple_products | Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | 2023-07-05 | not yet calculated | CVE-2023-37211 MISC MISC MISC MISC MISC MISC |
mozilla — firefox | Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115. | 2023-07-05 | not yet calculated | CVE-2023-37212 MISC MISC |
huawei — harmonyos | Vulnerability of apps’ permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features. | 2023-07-06 | not yet calculated | CVE-2023-37238 MISC MISC |
huawei — harmonyos | Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program. | 2023-07-06 | not yet calculated | CVE-2023-37239 MISC MISC |
huawei — harmonyos | Vulnerability of missing input length verification in the distributed file system. Successful exploitation of this vulnerability may cause out-of-bounds read. | 2023-07-06 | not yet calculated | CVE-2023-37240 MISC MISC |
huawei — harmonyos | Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart. | 2023-07-06 | not yet calculated | CVE-2023-37241 MISC MISC |
huawei — harmonyos | Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities. | 2023-07-06 | not yet calculated | CVE-2023-37242 MISC MISC |
huawei — harmonyos | Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem. | 2023-07-06 | not yet calculated | CVE-2023-37245 MISC MISC |
thephpleague — oauth2-server | league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. This issue has been patched so that the provided key is no longer exposed in the exception message in the scenario outlined above. Users should upgrade to version 8.5.3 to receive the patch. As a workaround, pass the key as a file instead of a string. | 2023-07-06 | not yet calculated | CVE-2023-37260 MISC MISC MISC |
mightypirates — opencomputers | OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. This issue affects every version of OpenComputers with the Internet Card feature enabled; that is, OpenComputers 1.2.0 until 1.8.3 in their most common, default configurations. If the OpenComputers mod is installed as part of a Minecraft server hosted on a popular cloud hosting provider, such as AWS, GCP and Azure, those metadata services’ API endpoints are not forbidden (aka “blacklisted”) by default. As such, any player can gain access to sensitive information exposed via those metadata servers, potentially allowing them to pivot or privilege escalate into the hosting provider. In addition, IPv6 addresses are not correctly filtered at all, allowing broader access into the local IPv6 network. This can allow a player on a server using an OpenComputers computer to access parts of the private IPv4 address space, as well as the whole IPv6 address space, in order to retrieve sensitive information. OpenComputers v1.8.3 for Minecraft 1.7.10 and 1.12.2 contains a patch for this issue. Some workarounds are also available. One may disable the Internet Card feature completely. If using OpenComputers 1.3.0 or above, using the allow list (`opencomputers.internet.whitelist` option) will prohibit connections to any IP addresses and/or domains not listed; or one may add entries to the block list (`opencomputers.internet.blacklist` option). More information about mitigations is available in the GitHub Security Advisory. | 2023-07-07 | not yet calculated | CVE-2023-37261 MISC MISC MISC MISC MISC MISC MISC |
cc-tweaked — cc-tweaked | CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting providers, like AWS, GCP, and Azure, those metadata services API endpoints are not forbidden (aka “blacklisted”) by default. As such, any player can gain access to sensitive information exposed via those metadata servers, potentially allowing them to pivot or privilege escalate into the hosting provider. Versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3 contain a fix for this issue. | 2023-07-07 | not yet calculated | CVE-2023-37262 MISC MISC MISC MISC MISC |
tektoncd — pipeline | Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. While the software stores and validates the PipelineRun’s (api version, kind, name, uid) in the child Run’s OwnerReference, it only store (api version, kind, name) in the ChildStatusReference. This means that if a client had access to create TaskRuns on a cluster, they could create a child TaskRun for a pipeline with the same name + owner reference, and the Pipeline controller picks it up as if it was the original TaskRun. This is problematic since it can let users modify the config of Pipelines at runtime, which violates SLSA L2 Service Generated / Non-falsifiable requirements. This issue can be used to trick the Pipeline controller into associating unrelated Runs to the Pipeline, feeding its data through the rest of the Pipeline. This requires access to create TaskRuns, so impact may vary depending on one Tekton setup. If users already have unrestricted access to create any Task/PipelineRun, this does not grant any additional capabilities. As of time of publication, there are no known patches for this issue. | 2023-07-07 | not yet calculated | CVE-2023-37264 MISC MISC MISC |
winter — winter | Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting (XSS) attack. To exploit the vulnerability, an attacker would already need to have developer or super user level permissions in Winter CMS. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would have to be using local storage where uploaded files are served under the same domain as the application itself instead of a CDN. This is because all SVGs in Winter CMS are rendered through an `img` tag, which prevents any payloads from being executed directly. These two factors significantly limit the potential harm of this vulnerability. This issue has been patched in v1.2.3 through the inclusion of full support for SVG uploads and automatic sanitization of uploaded SVG files. As a workaround, one may apply the patches manually. | 2023-07-07 | not yet calculated | CVE-2023-37269 MISC MISC MISC MISC |
piwigo — piwigo | Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately. | 2023-07-07 | not yet calculated | CVE-2023-37270 MISC MISC MISC MISC MISC |
zoho_manageengine — adaudit_plus | Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field. | 2023-07-07 | not yet calculated | CVE-2023-37308 MISC |
nullsoft — nullsoft_scriptable_install_system | Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. | 2023-07-03 | not yet calculated | CVE-2023-37378 MISC MISC MISC MISC MISC MISC MLIST |
linux — kernel | An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. | 2023-07-06 | not yet calculated | CVE-2023-37453 MISC MISC MISC |
linux — kernel | An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. | 2023-07-06 | not yet calculated | CVE-2023-37454 MISC MISC MISC MISC |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.