US-CERT Vulnerability Summary for the Week of July 3, 2023

July 12, 2023

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

 

High Vulnerabilities

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
sem-cms — semcmsFile Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges.2023-06-309.8CVE-2020-18432
MISC
MISC
flatnest_project — flatnestAll versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in flatnest/nest.js file.2023-06-309.8CVE-2023-26135
MISC
MISC
MISC
salesforce — tough-cookieVersions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.2023-07-019.8CVE-2023-26136
MISC
MISC
MISC
MISC
wordpress — wordpressThe BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.2023-06-309.8CVE-2023-2834
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the ‘hidden_form_data’ function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.2023-06-309.8CVE-2023-3249
MISC
MISC
retro_cellphone_online_store_project — retro_cellphone_online_storeA vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232752.2023-06-309.8CVE-2023-3473
MISC
MISC
MISC
fossbilling — fossbillingSQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.2023-06-309.8CVE-2023-3490
MISC
MISC
hp — laserjet_pro_mfp_m478-m479_w1a75a_firmwareCertain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.2023-06-309.8CVE-2023-35175
MISC
mediawiki — mediawikiAn issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.2023-06-309.8CVE-2023-37303
MISC
MISC
wordpress — wordpressThe Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-018.8CVE-2020-36740
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-018.8CVE-2020-36745
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-07-018.8CVE-2021-31982
MISC
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-07-018.8CVE-2021-34475
MISC
wordpress — wordpressThe Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-018.8CVE-2021-4387
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to update custom field meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-018.8CVE-2021-4394
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization(), connection_test_initiater(), admin_menus(), and subscribe_handler() function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-018.8CVE-2021-4399
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-018.8CVE-2021-4401
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
westerndigital — my_cloud_osPost-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This issue affects My Cloud OS 5 devices: before 5.26.300.2023-06-308.8CVE-2023-22815
MISC
westerndigital — my_cloud_osA post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300.2023-06-308.8CVE-2023-22816
MISC
wordpress — wordpressThe SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.2023-06-308.8CVE-2023-3063
MISC
MISC
fossbilling — fossbillingUnrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.2023-06-308.8CVE-2023-3491
MISC
MISC
hp — laserjet_pro_mfp_m478-m479_w1a75a_firmwareCertain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.2023-06-308.8CVE-2023-35176
MISC
hp — laserjet_pro_mfp_m478-m479_w1a75a_firmwareCertain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser.2023-06-308.8CVE-2023-35177
MISC
hp — laserjet_pro_mfp_m478-m479_w1a75a_firmwareCertain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs.2023-06-308.8CVE-2023-35178
MISC
maxprintisp — maxlink_1200g_firmwareMaxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the “Diagnostic tool” functionality of the device.2023-06-308.8CVE-2023-36143
MISC
MISC
wavlink — wl-wn531ax2_firmwareExposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.2023-06-308.1CVE-2023-32613
MISC
MISC
fossbilling — fossbillingImproper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.2023-06-308CVE-2023-3493
MISC
MISC
google — androidIn vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07611449; Issue ID: ALPS07441735.2023-07-047.8CVE-2023-20773
MISC
linux — kernelA use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system.2023-06-307.8CVE-2023-3117
MISC
perimeter81 — xpc_helpertoolcom.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath.2023-06-307.8CVE-2023-33298
MISC
MISC
linuxfoundation — yoctoIn Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014.2023-07-047.5CVE-2022-32666
MISC
linuxfoundation — yoctoIn wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664741; Issue ID: ALPS07664741.2023-07-047.5CVE-2023-20689
MISC
linuxfoundation — yoctoIn wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664735; Issue ID: ALPS07664735.2023-07-047.5CVE-2023-20690
MISC
linuxfoundation — yoctoIn wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664731; Issue ID: ALPS07664731.2023-07-047.5CVE-2023-20691
MISC
linuxfoundation — yoctoIn wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664720; Issue ID: ALPS07664720.2023-07-047.5CVE-2023-20692
MISC
linuxfoundation — yoctoIn wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711.2023-07-047.5CVE-2023-20693
MISC
frauscher_sensortechnik — gmbh_fds001_for_fadc/fadciFrauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.2023-07-057.5CVE-2023-2880
MISC
linux — kernelA flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system.2023-06-307.5CVE-2023-3338
MISC
codekop — codekopA broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.2023-06-307.5CVE-2023-36347
MISC
MISC
misp-project — malware_information_sharing_platformMISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.2023-06-307.5CVE-2023-37306
MISC
MISC
misp-project — malware_information_sharing_platformIn MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.2023-06-307.5CVE-2023-37307
MISC
MISC
wavlink — wl-wn531ax2_firmwareClient-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.2023-06-307.2CVE-2023-32612
MISC
MISC
wavlink — wl-wn531ax2_firmwareWL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege.2023-06-307.2CVE-2023-32621
MISC
MISC
wavlink — wl-wn531ax2_firmwareImproper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.2023-06-307.2CVE-2023-32622
MISC
MISC
ibos — ibosA vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-307.2CVE-2023-3478
MISC
MISC
MISC
malwarebytes — anti-exploitMalwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a ‘\0’ character.2023-06-307.1CVE-2023-27469
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
google — androidIn rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07588667.2023-07-046.7CVE-2023-20753
MISC
google — androidIn keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07588343.2023-07-046.7CVE-2023-20754
MISC
google — androidIn keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07509605.2023-07-046.7CVE-2023-20755
MISC
google — androidIn keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07549928.2023-07-046.7CVE-2023-20756
MISC
google — androidIn cmdq, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636133.2023-07-046.7CVE-2023-20757
MISC
google — androidIn apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578.2023-07-046.7CVE-2023-20760
MISC
google — androidIn ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628582.2023-07-046.7CVE-2023-20761
MISC
google — androidIn gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573202.2023-07-046.7CVE-2023-20766
MISC
google — androidIn pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584.2023-07-046.7CVE-2023-20767
MISC
google — androidIn ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800.2023-07-046.7CVE-2023-20768
MISC
google — androidIn vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441796; Issue ID: ALPS07441796.2023-07-046.7CVE-2023-20772
MISC
google — androidIn display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292228; Issue ID: ALPS07292228.2023-07-046.7CVE-2023-20774
MISC
google — androidIn display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07978760; Issue ID: ALPS07363410.2023-07-046.7CVE-2023-20775
MISC
wordpress — wordpressThe Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-016.5CVE-2021-4395
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
pleasanter — pleasanterDirectory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server.2023-06-306.5CVE-2023-32608
MISC
MISC
wavlink — wl-wn531ax2_firmwareImproper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.2023-06-306.5CVE-2023-32620
MISC
MISC
ovarro — tbox_ms-cpu32_firmware?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.2023-07-036.5CVE-2023-3395
MISC
ovarro — tbox_ms-cpu32_firmwareThe affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.2023-07-036.5CVE-2023-36611
MISC
hnswlib_project — hnswlibHnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.2023-06-306.5CVE-2023-37365
MISC
google — androidIn display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046.2023-07-046.4CVE-2023-20771
MISC
gira — knx_ip_router_firmwareThe web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a “404 – Not Found” status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS).2023-06-306.1CVE-2023-33276
MISC
MISC
simplephpscripts — simple_blogA vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability.2023-06-306.1CVE-2023-3474
MISC
MISC
simplephpscripts — event_scriptA vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability.2023-06-306.1CVE-2023-3475
MISC
MISC
simplephpscripts — guestbook_scriptA vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755.2023-06-306.1CVE-2023-3476
MISC
MISC
rocketsoft — rocket_lmsA vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.2023-06-306.1CVE-2023-3477
MISC
MISC
hestiacp — control_panelCross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.2023-06-306.1CVE-2023-3479
MISC
MISC
angular-ui-notification_project — angular-ui-notificationangular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability.2023-06-306.1CVE-2023-34840
MISC
MISC
MISC
joplin_project — joplinJoplin before 2.11.5 allows XSS via a USE element in an SVG document.2023-06-306.1CVE-2023-37298
MISC
MISC
MISC
joplin_project — joplinJoplin before 2.11.5 allows XSS via an AREA element of an image map.2023-06-306.1CVE-2023-37299
MISC
MISC
MISC
mediawiki — mediawikiAn issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).2023-06-306.1CVE-2023-37302
MISC
MISC
MISC
pacparser_project — pacparserpacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).2023-06-306.1CVE-2023-37360
MISC
ovarro — tbox_ms-cpu32_firmware?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.2023-07-035.9CVE-2023-36610
MISC
uzabase — newspicks“NewsPicks” App for Android versions 10.4.5 and earlier and “NewsPicks” App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.2023-06-305.5CVE-2023-28387
MISC
MISC
MISC
gradle — gradleGradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency’s coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build’s configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.2023-06-305.5CVE-2023-35946
MISC
MISC
MISC
MISC
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-07-015.4CVE-2021-34506
MISC
pleasanter — pleasanterStored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.2023-06-305.4CVE-2023-32607
MISC
MISC
multilaser — re170_firmwareA Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.2023-06-305.4CVE-2023-36146
MISC
MISC
mediawiki — mediawikiAn issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.2023-06-305.4CVE-2023-37304
MISC
MISC
wordpress — wordpressThe Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.2023-07-015.3CVE-2021-4388
MISC
MISC
MISC
mediawiki — mediawikiAn issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.2023-06-305.3CVE-2023-37300
MISC
MISC
mediawiki — mediawikiAn issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn’t use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.2023-06-305.3CVE-2023-37301
MISC
MISC
mediawiki — mediawikiAn issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.2023-06-305.3CVE-2023-37305
MISC
MISC
sophos — web_applianceReflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.2023-06-304.8CVE-2023-33336
MISC
phpmyfaq — phpmyfaqCross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.2023-06-304.8CVE-2023-3469
MISC
MISC
google — androidIn display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07536951; Issue ID: ALPS07536951.2023-07-044.4CVE-2023-20748
MISC
google — androidIn cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636130.2023-07-044.4CVE-2023-20758
MISC
google — androidIn cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07634601.2023-07-044.4CVE-2023-20759
MISC
wordpress — wordpressThe WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36735
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the export_json, import_json, and status_logs_file functions. This makes it possible for unauthenticated attackers to import/export settings and trigger logs showing via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36736
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to display an import status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36737
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36738
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the my_fts_fb_load_more() function. This makes it possible for unauthenticated attackers to load feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36739
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36741
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to edit meta field values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36742
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to update product meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36743
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36744
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswp_save_meta() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36746
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to save metbox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36747
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36748
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36749
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Information Disclosure Vulnerability2023-07-014.3CVE-2021-42307
MISC
wordpress — wordpressThe WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the load_images_thumbnail() and edit_gallery() functions. This makes it possible for unauthenticated attackers to edit galleries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4384
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_groups() function. This makes it possible for unauthenticated attackers to add new group members via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4385
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4386
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4389
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. This makes it possible for unauthenticated attackers to quick edit templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4390
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4391
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to save product meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4392
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save manual digital orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4393
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the save_rc_post_meta() function. This makes it possible for unauthenticated attackers to save post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4396
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4397
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4398
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process_settings_import() and bsearch_process_settings_export() functions. This makes it possible for unauthenticated attackers to import and export settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4400
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently() functions. This makes it possible for unauthenticated attackers to add additional roles to users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4402
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the validate() function. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4403
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. This makes it possible for unauthenticated attackers to op into notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4404
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed parameters for autosuggest to elasticpress[.]io via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4405
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
temporal — temporalInsecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace.2023-06-303.6CVE-2023-3485
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product		DescriptionPublishedCVSS ScoreSource & Patch Info
duxcms — duxcmsFile upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.2023-07-06not yet calculatedCVE-2020-21861
MISC
duxcms — duxcmsDirectory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del.2023-07-06not yet calculatedCVE-2020-21862
MISC
fuel-cms — fuel-cmsPermissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.2023-07-03not yet calculatedCVE-2020-22151
MISC
fuel-cms — fuel-cmsCross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.2023-07-03not yet calculatedCVE-2020-22152
MISC
fuel-cms — fuel-cmsFile Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.2023-07-03not yet calculatedCVE-2020-22153
MISC
pdfcrack — pdfcrackAn issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function.2023-07-06not yet calculatedCVE-2020-22336
MISC
jerryscript_ project — jerryscriptAn issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.2023-07-03not yet calculatedCVE-2020-22597
MISC
selenium — gridA cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page.2023-07-05not yet calculatedCVE-2020-23452
MISC
gnuplot — gnuplotgnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().2023-07-05not yet calculatedCVE-2020-25969
MISC
wordpress — wordpressThe Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the admin_enqueue_scripts action which displays the connection key. This makes it possible for authenticated attackers with any level of access obtaining owner access to a site in the Google Search Console. We recommend upgrading to V1.8.1 or above.2023-07-07not yet calculatedCVE-2020-8934
MISC
radare2 — radare2Radare2 has a division by zero vulnerability in Mach-O parser’s rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service.2023-07-07not yet calculatedCVE-2021-32494
MISC
MISC
radare2 — radare2Radare2 has a use-after-free vulnerability in pyc parser’s get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.2023-07-07not yet calculatedCVE-2021-32495
MISC
MISC
mujs — mujsIn MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.2023-07-07not yet calculatedCVE-2021-33796
MISC
libpano13 — libpano13A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file.2023-07-07not yet calculatedCVE-2021-33798
MISC
MISC
ibm — cloud_object_systemIBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650.2023-07-07not yet calculatedCVE-2021-39014
MISC
MISC
huawei — harmonyosVulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.2023-07-05not yet calculatedCVE-2021-46890
MISC
MISC
huawei — harmonyosVulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.2023-07-05not yet calculatedCVE-2021-46891
MISC
MISC
huawei — harmonyosEncryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.2023-07-06not yet calculatedCVE-2021-46892
MISC
MISC
huawei — harmonyosVulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.2023-07-05not yet calculatedCVE-2021-46893
MISC
MISC
huawei — harmonyosUse After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.2023-07-06not yet calculatedCVE-2021-46894
MISC
MISC
px4-autopilot — px4-autopilotBuffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332.2023-07-06not yet calculatedCVE-2021-46896
MISC
solus_labs — solusvmInsecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.2023-07-05not yet calculatedCVE-2022-42175
MISC
MISC
MISC
keycloak– keycloakKeycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.2023-07-07not yet calculatedCVE-2022-4361
MISC
MISC
nexxt_solutions — nebular_1200-acNexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.2023-07-06not yet calculatedCVE-2022-46080
MISC
MISC
wordpress — wordpressThe ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-07-04not yet calculatedCVE-2022-4623
MISC
huawei — harmonyosVulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.2023-07-06not yet calculatedCVE-2022-48507
MISC
MISC
huawei — harmonyosInappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.2023-07-06not yet calculatedCVE-2022-48508
MISC
MISC
huawei — harmonyosRace condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.2023-07-06not yet calculatedCVE-2022-48509
MISC
MISC
huawei — harmonyosInput verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.2023-07-06not yet calculatedCVE-2022-48510
MISC
MISC
huawei — harmonyosUse After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally.2023-07-06not yet calculatedCVE-2022-48511
MISC
MISC
huawei — harmonyosUse After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.2023-07-06not yet calculatedCVE-2022-48512
MISC
MISC
huawei — harmonyosVulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.2023-07-06not yet calculatedCVE-2022-48513
MISC
MISC
huawei — harmonyosThe Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality.2023-07-06not yet calculatedCVE-2022-48514
MISC
huawei — harmonyosVulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.2023-07-06not yet calculatedCVE-2022-48515
MISC
MISC
huawei — harmonyosVulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.2023-07-06not yet calculatedCVE-2022-48516
MISC
MISC
huawei — harmonyosUnauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability.2023-07-06not yet calculatedCVE-2022-48517
MISC
MISC
huawei — harmonyosVulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.2023-07-06not yet calculatedCVE-2022-48518
MISC
MISC
huawei — harmonyosUnauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.2023-07-06not yet calculatedCVE-2022-48519
MISC
MISC
huawei — harmonyosUnauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.2023-07-06not yet calculatedCVE-2022-48520
MISC
MISC
linux — kernelA hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.2023-06-30not yet calculatedCVE-2023-1206
MISC
wordpress — wordpressThe ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks2023-07-04not yet calculatedCVE-2023-1273
MISC
servicenow — now_user_experienceServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.2023-07-06not yet calculatedCVE-2023-1298
MISC
MISC
huawei — harmonyosVulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.2023-07-06not yet calculatedCVE-2023-1691
MISC
MISC
huawei — harmonyosVulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.2023-07-06not yet calculatedCVE-2023-1695
MISC
MISC
wordpress — wordpressThe Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.2023-07-04not yet calculatedCVE-2023-2010
MISC
cisco — webex_meetingsA vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2023-07-07not yet calculatedCVE-2023-20133
MISC
cisco — webex_meetingsA vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions.2023-07-07not yet calculatedCVE-2023-20180
MISC
vmware — sd-wan_edgeVMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management.2023-07-06not yet calculatedCVE-2023-20899
MISC
qualcomm_inc. — snapdragonInformation disclosure in DSP Services while loading dynamic module.2023-07-04not yet calculatedCVE-2023-21624
MISC
qualcomm_inc. — snapdragonMemory Corruption in Modem due to double free while parsing the PKCS15 sim files.2023-07-04not yet calculatedCVE-2023-21629
MISC
qualcomm_inc. — snapdragonWeak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.2023-07-04not yet calculatedCVE-2023-21631
MISC
qualcomm_inc. — snapdragonMemory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.2023-07-04not yet calculatedCVE-2023-21633
MISC
qualcomm_inc. — snapdragonMemory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.2023-07-04not yet calculatedCVE-2023-21635
MISC
qualcomm_inc. — snapdragonMemory corruption in Linux while calling system configuration APIs.2023-07-04not yet calculatedCVE-2023-21637
MISC
qualcomm_inc. — snapdragonMemory corruption in Video while calling APIs with different instance ID than the one received in initialization.2023-07-04not yet calculatedCVE-2023-21638
MISC
qualcomm_inc. — snapdragonMemory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.2023-07-04not yet calculatedCVE-2023-21639
MISC
qualcomm_inc. — snapdragonMemory corruption in Linux when the file upload API is called with parameters having large buffer.2023-07-04not yet calculatedCVE-2023-21640
MISC
qualcomm_inc. — snapdragonAn app with non-privileged access can change global system brightness and cause undesired system behavior.2023-07-04not yet calculatedCVE-2023-21641
MISC
qualcomm_inc. — snapdragonMemory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.2023-07-04not yet calculatedCVE-2023-21672
MISC
milesight — ur32lAn OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-22299
MISC
milesight — ur32lAn OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-22306
MISC
milesight — vpnA sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-22319
MISC
milesight — ur32lAn OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-22365
MISC
milesight — vpnAn os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-22371
MISC
qualcomm_inc. — snapdragonMemory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.2023-07-04not yet calculatedCVE-2023-22386
MISC
qualcomm_inc. — snapdragonArbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.2023-07-04not yet calculatedCVE-2023-22387
MISC
milesight — ur32lAn OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An attacker can send an HTTP request to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-22653
MISC
milesight — ur32lAn os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-22659
MISC
qualcomm_inc. — snapdragonMemory Corruption in Audio while allocating the ion buffer during the music playback.2023-07-04not yet calculatedCVE-2023-22667
MISC
western_digital — my_cloud_os_5An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.2023-07-01not yet calculatedCVE-2023-22814
MISC
milesight — vpnAn authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-22844
MISC
hero_electronix — qubo_hcd01_02_v1.38_20220125_devicesHero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password.2023-07-04not yet calculatedCVE-2023-22906
MISC
MISC
wordpress — wordpressThe CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-07-04not yet calculatedCVE-2023-2320
MISC
wordpress — wordpressThe WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-07-04not yet calculatedCVE-2023-2321
MISC
wordpress — wordpressThe Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-07-04not yet calculatedCVE-2023-2324
MISC
wordpress — wordpressThe Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-07-04not yet calculatedCVE-2023-2333
MISC
milesight — ur32lA misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-23546
MISC
milesight — ur32lA directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-23547
MISC
milesight — ur32lAn OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-23550
MISC
milesight — ur32lAn access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-23571
MISC
milesight — ur32lA buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-23902
MISC
milesight — vpnA directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-23907
MISC
milesight — ur32lA stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send an HTTP request to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-24018
MISC
milesight — ur32lA stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-24019
MISC
nio — ec6_aspenAn issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal.2023-07-06not yet calculatedCVE-2023-24256
MISC
milesight — vpnCross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.2023-07-06not yet calculatedCVE-2023-24496
MISC
milesight — vpnCross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database2023-07-06not yet calculatedCVE-2023-24497
MISC
milesight — ur32lTwo OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility.2023-07-06not yet calculatedCVE-2023-24519
MISC
milesight — ur32lTwo OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility.2023-07-06not yet calculatedCVE-2023-24520
MISC
milesight — ur32lTwo OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet.2023-07-06not yet calculatedCVE-2023-24582
MISC
milesight — ur32lTwo OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a UDP packet.2023-07-06not yet calculatedCVE-2023-24583
MISC
milesight — ur32lAn OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.2023-07-06not yet calculatedCVE-2023-24595
MISC
qualcomm_inc. — snapdragonMemory Corruption in WLAN HOST while parsing QMI response message from firmware.2023-07-04not yet calculatedCVE-2023-24851
MISC
qualcomm_inc. — snapdragonMemory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message.2023-07-04not yet calculatedCVE-2023-24854
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables.2023-07-06not yet calculatedCVE-2023-25081
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables.2023-07-06not yet calculatedCVE-2023-25082
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip and mac variables.2023-07-06not yet calculatedCVE-2023-25083
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip, mac and description variables.2023-07-06not yet calculatedCVE-2023-25084
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables.2023-07-06not yet calculatedCVE-2023-25085
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables.2023-07-06not yet calculatedCVE-2023-25086
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dport variables.2023-07-06not yet calculatedCVE-2023-25087
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables.2023-07-06not yet calculatedCVE-2023-25088
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1.2023-07-06not yet calculatedCVE-2023-25089
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables.2023-07-06not yet calculatedCVE-2023-25090
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1.2023-07-06not yet calculatedCVE-2023-25091
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and out_acl variables.2023-07-06not yet calculatedCVE-2023-25092
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable..2023-07-06not yet calculatedCVE-2023-25093
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the into_class_node function with either the class_name or old_class_name variable.2023-07-06not yet calculatedCVE-2023-25094
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands.2023-07-06not yet calculatedCVE-2023-25095
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings.2023-07-06not yet calculatedCVE-2023-25096
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable.2023-07-06not yet calculatedCVE-2023-25097
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable.2023-07-06not yet calculatedCVE-2023-25098
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the dest variable.2023-07-06not yet calculatedCVE-2023-25099
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the default_class variable.2023-07-06not yet calculatedCVE-2023-25100
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_key variable.2023-07-06not yet calculatedCVE-2023-25101
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the hub_ip and the hub_gre_ip variables.2023-07-06not yet calculatedCVE-2023-25102
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables.2023-07-06not yet calculatedCVE-2023-25103
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables.2023-07-06not yet calculatedCVE-2023-25104
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable.2023-07-06not yet calculatedCVE-2023-25105
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables.2023-07-06not yet calculatedCVE-2023-25106
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_subnet and the remote_mask variables.2023-07-06not yet calculatedCVE-2023-25107
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_ip variable.2023-07-06not yet calculatedCVE-2023-25108
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable.2023-07-06not yet calculatedCVE-2023-25109
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_virtual_ip variable.2023-07-06not yet calculatedCVE-2023-25110
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable.2023-07-06not yet calculatedCVE-2023-25111
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables.2023-07-06not yet calculatedCVE-2023-25112
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the key variable.2023-07-06not yet calculatedCVE-2023-25113
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the expert_options variable.2023-07-06not yet calculatedCVE-2023-25114
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_ip and the port variables.2023-07-06not yet calculatedCVE-2023-25115
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the remote_virtual_ip variables.2023-07-06not yet calculatedCVE-2023-25116
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the local_virtual_mask variables.2023-07-06not yet calculatedCVE-2023-25117
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the username and the password variables.2023-07-06not yet calculatedCVE-2023-25118
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_pptp function with the remote_subnet and the remote_mask variables.2023-07-06not yet calculatedCVE-2023-25119
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the cisco_secret variable.2023-07-06not yet calculatedCVE-2023-25120
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable.2023-07-06not yet calculatedCVE-2023-25121
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables.2023-07-06not yet calculatedCVE-2023-25122
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables when action is 2.2023-07-06not yet calculatedCVE-2023-25123
MISC
milesight — ur32lMultiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables.2023-07-06not yet calculatedCVE-2023-25124
MISC
multitech — conduit_apCross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.2023-07-07not yet calculatedCVE-2023-25201
MISC
MISC
tyan — s5552_bmcA CWE-552 “Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.2023-07-05not yet calculatedCVE-2023-2538
MISC
scipy — scipyA refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.2023-07-05not yet calculatedCVE-2023-25399
MISC
MISC
MISC
nvidia — gpu_display_driver_for_linuxNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.2023-07-04not yet calculatedCVE-2023-25516
MISC
nvidia– virtual_gpu_managerNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.2023-07-04not yet calculatedCVE-2023-25517
MISC
nvidia — dgx_a100/a800NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.2023-07-04not yet calculatedCVE-2023-25521
MISC
nvidia — dgx_a100/a800NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.2023-07-04not yet calculatedCVE-2023-25522
MISC
nvidia — cuda_toolkit_for_linux_and_windowsNVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.2023-07-04not yet calculatedCVE-2023-25523
MISC
milesight — ur32lTwo OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration.2023-07-06not yet calculatedCVE-2023-25582
MISC
milesight — ur32lTwo OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration.2023-07-06not yet calculatedCVE-2023-25583
MISC
drogon_framework — drogon_frameworkAll versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.2023-07-06not yet calculatedCVE-2023-26137
MISC
MISC
drogon_framework — drogon_frameworkAll versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.2023-07-06not yet calculatedCVE-2023-26138
MISC
MISC
ca_technologies — arcserveArcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.2023-07-03not yet calculatedCVE-2023-26258
MISC
MISC
anydesk — anydeskAnyDesk 7.0.8 allows remote Denial of Service.2023-07-03not yet calculatedCVE-2023-26509
MISC
MISC
MISC
pax_technology — a930PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability.2023-07-05not yet calculatedCVE-2023-27197
MISC
pax_technology — a930PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability.2023-07-05not yet calculatedCVE-2023-27198
MISC
pax_technology — a930PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.2023-07-05not yet calculatedCVE-2023-27199
MISC
admin_panel_v3 — admin_panel_v3A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field.2023-07-06not yet calculatedCVE-2023-27225
MISC
MISC
kubernetes — kubernetesUsers may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.2023-07-03not yet calculatedCVE-2023-2727
MISC
MISC
MISC
kubernetes — kubernetesUsers may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.2023-07-03not yet calculatedCVE-2023-2728
MISC
MISC
MISC
diagon — diagonA heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability.2023-07-05not yet calculatedCVE-2023-27390
MISC
MISC
prestashop — prestashopSQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components.2023-07-07not yet calculatedCVE-2023-27845
MISC
CONFIRM
ivanti — ivanti_endpoint_managerA deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.2023-07-01not yet calculatedCVE-2023-28323
MISC
ivanti — ivanti_endpoint_managerA improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.2023-07-01not yet calculatedCVE-2023-28324
MISC
brave_software — brave_browser_for_androidAn Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.2023-07-01not yet calculatedCVE-2023-28364
MISC
ubiquiti_inc. — unifi_network_applicationA backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.2023-07-01not yet calculatedCVE-2023-28365
MISC
qualcomm_inc. — snapdragonMemory Corruption in Data Modem while processing DMA buffer release event about CFR data.2023-07-04not yet calculatedCVE-2023-28541
MISC
qualcomm_inc. — snapdragonMemory Corruption in WLAN HOST while fetching TX status information.2023-07-04not yet calculatedCVE-2023-28542
MISC
libtiff — libtiffA null pointer dereference issue was discovered in Libtiff’s tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.2023-06-30not yet calculatedCVE-2023-2908
MISC
MISC
MISC
MISC
malwarebytes — edr_1.0.11_for_linuxThe Malwarebytes EDR 1.0.11 for Linux driver doesn’t properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.2023-06-30not yet calculatedCVE-2023-29145
MISC
MISC
malwarebytes — edr_1.0.11_for_linuxIn Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.2023-06-30not yet calculatedCVE-2023-29147
MISC
MISC
bosch_security_systems — building_integration_systemImproper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network2023-06-30not yet calculatedCVE-2023-29241
MISC
synacor — zimbra_collaboration_zcsAn issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.2023-07-06not yet calculatedCVE-2023-29381
MISC
MISC
synacor — zimbra_collaboration_zcsAn issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.2023-07-06not yet calculatedCVE-2023-29382
MISC
MISC
darktrace — darktrace_for_androidAn improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control “antigena” actions(block/unblock traffic) from the mobile application. This vulnerability could create a “shutdown”, blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed.2023-07-06not yet calculatedCVE-2023-29656
MISC
MISC
red_hat — quarkus-coreA vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.2023-07-04not yet calculatedCVE-2023-2974
MISC
MISC
MISC
scipy — scipyA use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0.2023-07-06not yet calculatedCVE-2023-29824
MISC
MISC
MISC
gis3w — g3w-suiteA Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter.2023-07-07not yet calculatedCVE-2023-29998
MISC
CONFIRM
prestashop — prestashopIn the module “Detailed Order” (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json.2023-07-06not yet calculatedCVE-2023-30195
MISC
kodi — home_theater_softwareA divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file.2023-07-05not yet calculatedCVE-2023-30207
MISC
MISC
MISC
chatengine — wliang6_chatengineCross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30319
CONFIRM
MISC
chatengine — wliang6_chatengineCross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30320
MISC
CONFIRM
chatengine — wliang6_chatengineCross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30321
MISC
CONFIRM
chatengine — payatu_chatengineCross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30322
CONFIRM
MISC
chatengine — payatu_chatengineSQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information.2023-07-06not yet calculatedCVE-2023-30323
MISC
CONFIRM
chatengine — wliang6_chatengineSQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information.2023-07-06not yet calculatedCVE-2023-30325
MISC
CONFIRM
chatengine — wliang6_chatengineCross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30326
CONFIRM
MISC
node.js — node.jsA privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process’s stack memory to locate the permission model Permission::enabled_ in the host process’s heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.2023-07-01not yet calculatedCVE-2023-30586
MISC
node.js — node.jsThe llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v202023-07-01not yet calculatedCVE-2023-30589
MISC
atlassian — jiraicingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds.2023-07-05not yet calculatedCVE-2023-30607
MISC
MISC
MISC
samsung_mobile — multiple_productsImproper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.2023-07-06not yet calculatedCVE-2023-30640
MISC
samsung_mobile — multiple_productsImproper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data.2023-07-06not yet calculatedCVE-2023-30641
MISC
samsung_mobile — multiple_productsImproper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.2023-07-06not yet calculatedCVE-2023-30642
MISC
samsung_mobile — multiple_productsMissing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications.2023-07-06not yet calculatedCVE-2023-30643
MISC
samsung_mobile — multiple_productsStack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30644
MISC
samsung_mobile — multiple_productsHeap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30645
MISC
samsung_mobile — multiple_productsHeap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30646
MISC
samsung_mobile — multiple_productsHeap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30647
MISC
samsung_mobile — multiple_productsStack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.2023-07-06not yet calculatedCVE-2023-30648
MISC
samsung_mobile — multiple_productsHeap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30649
MISC
samsung_mobile — multiple_productsOut of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30650
MISC
samsung_mobile — multiple_productsOut of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30651
MISC
samsung_mobile — multiple_productsOut of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30652
MISC
samsung_mobile — multiple_productsOut of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30653
MISC
samsung_mobile — multiple_productsImproper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.2023-07-06not yet calculatedCVE-2023-30655
MISC
samsung_mobile — multiple_productsImproper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.2023-07-06not yet calculatedCVE-2023-30656
MISC
samsung_mobile — multiple_productsImproper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.2023-07-06not yet calculatedCVE-2023-30657
MISC
samsung_mobile — multiple_productsImproper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.2023-07-06not yet calculatedCVE-2023-30658
MISC
samsung_mobile — multiple_productsImproper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.2023-07-06not yet calculatedCVE-2023-30659
MISC
samsung_mobile — multiple_productsExposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.2023-07-06not yet calculatedCVE-2023-30660
MISC
samsung_mobile — multiple_productsExposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.2023-07-06not yet calculatedCVE-2023-30661
MISC
samsung_mobile — multiple_productsExposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.2023-07-06not yet calculatedCVE-2023-30662
MISC
samsung_mobile — multiple_productsImproper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.2023-07-06not yet calculatedCVE-2023-30663
MISC
samsung_mobile — multiple_productsImproper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.2023-07-06not yet calculatedCVE-2023-30664
MISC
samsung_mobile — multiple_productsImproper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.2023-07-06not yet calculatedCVE-2023-30665
MISC
samsung_mobile — multiple_productsImproper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.2023-07-06not yet calculatedCVE-2023-30666
MISC
samsung_mobile — multiple_productsImproper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.2023-07-06not yet calculatedCVE-2023-30667
MISC
samsung_mobile — multiple_productsOut-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30668
MISC
samsung_mobile — multiple_productsOut-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30669
MISC
samsung_mobile — multiple_productsOut-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.2023-07-06not yet calculatedCVE-2023-30670
MISC
samsung_mobile — multiple_productsLogic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.2023-07-06not yet calculatedCVE-2023-30671
MISC
samsung_mobile — smart_switchImproper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction.2023-07-06not yet calculatedCVE-2023-30672
MISC
samsung_mobile — smart_switchImproper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction.2023-07-06not yet calculatedCVE-2023-30673
MISC
samsung_mobile — samsung_internetImproper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.2023-07-06not yet calculatedCVE-2023-30674
MISC
samsung_mobile — samsung_passImproper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.2023-07-06not yet calculatedCVE-2023-30675
MISC
samsung_mobile — samsung_passImproper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.2023-07-06not yet calculatedCVE-2023-30676
MISC
samsung_mobile — samsung_passImproper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.2023-07-06not yet calculatedCVE-2023-30677
MISC
google — androidPotential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file.2023-07-06not yet calculatedCVE-2023-30678
MISC
red_hat — multiple_productsA compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.2023-07-05not yet calculatedCVE-2023-3089
MISC
MISC
ibm — iIBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036.2023-07-04not yet calculatedCVE-2023-30990
MISC
MISC
diagon — diagonAn access violation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability.2023-07-05not yet calculatedCVE-2023-31194
MISC
MISC
linux — kernelLinux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace2023-07-05not yet calculatedCVE-2023-31248
MISC
MISC
MISC
piigab — m-busPiiGAB M-Bus transmits credentials in plaintext format.2023-07-06not yet calculatedCVE-2023-31277
MISC
wordpress — wordpressThe Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.2023-07-04not yet calculatedCVE-2023-3133
MISC
MISC
MISC
wordpress — wordpressThe Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.2023-07-04not yet calculatedCVE-2023-3139
MISC
MISC
pipreqs — pipreqsA dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.2023-06-30not yet calculatedCVE-2023-31543
MISC
MISC
ubiquiti_inc. — unifi_osUniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. “Applicable Cloud Keys” include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.2023-07-01not yet calculatedCVE-2023-31997
MISC
npm — @fastify/oauth2All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user’s session in some way that will allow the server to validate it. v7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object.2023-07-04not yet calculatedCVE-2023-31999
MISC
MISC
MISC
ubiquiti — unifi_network_applicationA Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.2023-07-08not yet calculatedCVE-2023-32000
MISC
opensuse_tumbleweed — opensuse_tumbleweedIncorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed.2023-07-07not yet calculatedCVE-2023-32183
MISC
piigab — m-busPiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks.2023-07-07not yet calculatedCVE-2023-32652
MISC
oracle — apacheDeserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. This issue affects Apache Johnzon: through 1.2.20.2023-07-07not yet calculatedCVE-2023-33008
MISC
trellix — enterprise_security_manager_for_windowsAn OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.2023-07-03not yet calculatedCVE-2023-3313
MISC
trellix — enterprise_security_manager_for_windowsA vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges.2023-07-03not yet calculatedCVE-2023-3314
MISC
bouncy_castle_for_java — bouncy_castle_for_javaBouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate’s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.2023-07-05not yet calculatedCVE-2023-33201
CONFIRM
MISC
MISC
sophos — iviewCross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed.2023-07-05not yet calculatedCVE-2023-33335
MISC
toughnet — tn-5900_seriesTN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.2023-07-05not yet calculatedCVE-2023-3336
MISC
ai-dev — aicombinationsonflyai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.2023-07-07not yet calculatedCVE-2023-33664
MISC
CONFIRM
piigab — m-bus_softwarepackThe number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication.2023-07-06not yet calculatedCVE-2023-33868
MISC
glpi — glpiGLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch.2023-07-05not yet calculatedCVE-2023-34106
MISC
MISC
glpi — glpiGLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue.2023-07-05not yet calculatedCVE-2023-34107
MISC
MISC
huawei — harmonyosVulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.2023-07-06not yet calculatedCVE-2023-34164
MISC
MISC
synacor — zimbra_collaboration_zcsCross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.2023-07-06not yet calculatedCVE-2023-34192
MISC
MISC
MISC
synacor — zimbra_collaboration_zcsFile Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.2023-07-06not yet calculatedCVE-2023-34193
MISC
MISC
MISC
zoho_manageengine — servicedesk_plusZoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.2023-07-07not yet calculatedCVE-2023-34197
MISC
glpi — glpiGLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8 to receive a patch.2023-07-05not yet calculatedCVE-2023-34244
MISC
MISC
ami — megarac_spxAMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.2023-07-05not yet calculatedCVE-2023-34337
MISC
ami — megarac_spxAMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 2023-07-05not yet calculatedCVE-2023-34338
MISC
trellix — moveAn unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.2023-07-03not yet calculatedCVE-2023-3438
MISC
piigab — m-busPiiGAB M-Bus stores passwords using a weak hash algorithm.2023-07-07not yet calculatedCVE-2023-34433
MISC
cometbft — cometbftCometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct `PeerState` is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places. The first is via logs, setting the `consensus` logging module to “debug” level (should not happen in production), and setting the log output format to JSON. The second is via RPC `dump_consensus_state`. Case 1, which should not be hit in production, will eventually hit the deadlock in most goroutines, effectively halting the node. In case 2, only the data structures related to the first peer will be deadlocked, together with the thread(s) dealing with the RPC request(s). This means that only one of the channels of communication to the node’s peers will be blocked. Eventually the peer will timeout and excluded from the list (typically after 2 minutes). The goroutines involved in the deadlock will not be garbage collected, but they will not interfere with the system after the peer is excluded. The theoretical worst case for case 2, is a network with only two validator nodes. In this case, each of the nodes only has one `PeerState` struct. If `dump_consensus_state` is called in either node (or both), the chain will halt until the peer connections time out, after which the nodes will reconnect (with different `PeerState` structs) and the chain will progress again. Then, the same process can be repeated. As the number of nodes in a network increases, and thus, the number of peer struct each node maintains, the possibility of reproducing the perturbation visible with two nodes decreases. Only the first `PeerState` struct will deadlock, and not the others (RPC `dump_consensus_state` accesses them in a for loop, so the deadlock at the first iteration causes the rest of the iterations of that “for” loop to never be reached). This regression was fixed in versions 0.34.29 and 0.37.2. Some workarounds are available. For case 1 (hitting the deadlock via logs), either don’t set the log output to “json”, leave at “plain”, or don’t set the consensus logging module to “debug”, leave it at “info” or higher. For case 2 (hitting the deadlock via RPC `dump_consensus_state`), do not expose `dump_consensus_state` RPC endpoint to the public internet (e.g., via rules in one’s nginx setup).2023-07-03not yet calculatedCVE-2023-34450
MISC
MISC
MISC
MISC
cometbft — cometbftCometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index (if any) of the transaction in the list. In `v0.37.0`, and `v0.37.1`, as well as in `v0.34.28`, and all previous releases of the CometBFT repo2, it is possible to have them out of sync. When this happens, the list may contain several copies of the same transaction. Because the map tracks a single index, it is then no longer possible to remove all the copies of the transaction from the list. This happens even if the duplicated transaction is later committed in a block. The only way to remove the transaction is by restarting the node. The above problem can be repeated on and on until a sizable number of transactions are stuck in the mempool, in order to try to bring down the target node. The problem is fixed in releases `v0.34.29` and `v0.37.2`. Some workarounds are available. Increasing the value of `cache_size` in `config.toml` makes it very difficult to effectively attack a full node. Not exposing the transaction submission RPC’s would mitigate the probability of a successful attack, as the attacker would then have to create a modified (byzantine) full node to be able to perform the attack via p2p.2023-07-03not yet calculatedCVE-2023-34451
MISC
MISC
MISC
mechanicalsoup — mechanicalsoupMechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type=”file” …>` inside HTML form. All users of MechanicalSoup’s form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.2023-07-05not yet calculatedCVE-2023-34457
MISC
MISC
MISC
ami — megarac_spxAMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.2023-07-05not yet calculatedCVE-2023-34471
MISC
ami — megarac_spxAMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.2023-07-05not yet calculatedCVE-2023-34472
MISC
ami — megarac_spxAMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.2023-07-05not yet calculatedCVE-2023-34473
MISC
huawei — harmonyos/emuiKey management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity.2023-07-05not yet calculatedCVE-2023-3455
MISC
MISC
huawei — harmonyosVulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.2023-07-06not yet calculatedCVE-2023-3456
MISC
MISC
wordpress — wordpressThe Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.2023-07-04not yet calculatedCVE-2023-3460
MISC
MISC
taocms — taocmstaocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).2023-07-05not yet calculatedCVE-2023-34654
MISC
MISC
mozilla — firefoxWhen Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of ‘about:blank’. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.2023-07-05not yet calculatedCVE-2023-3482
MISC
MISC
google — chromeOut of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. (Chromium security severity: Medium)2023-07-03not yet calculatedCVE-2023-3497
MISC
MISC
piigab — m-busThere are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines.2023-07-07not yet calculatedCVE-2023-34995
MISC
linux — kernelLinux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace2023-07-05not yet calculatedCVE-2023-35001
MISC
MISC
MISC
sourcecodester — shopping_websiteA vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232950 is the identifier assigned to this vulnerability.2023-07-04not yet calculatedCVE-2023-3502
MISC
MISC
MISC
sourcecodester — shopping_websiteA vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951.2023-07-04not yet calculatedCVE-2023-3503
MISC
MISC
MISC
smartweb_infotech — job_boardA vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-232952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-07-04not yet calculatedCVE-2023-3504
MISC
MISC
onest — crmA vulnerability was found in Onest CRM 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-232953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-07-04not yet calculatedCVE-2023-3505
MISC
MISC
active_it_zone — active_ecommerce_cmsA vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ecommerce/support_ticket of the component Create Ticket Page. The manipulation of the argument details with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-232954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-07-04not yet calculatedCVE-2023-3506
MISC
MISC
piigab — m-busPiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then the device could execute the GET or POST link request.2023-07-07not yet calculatedCVE-2023-35120
MISC
go-gitea — go-giteaOpen Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.2023-07-05not yet calculatedCVE-2023-3515
MISC
MISC
it-novum — openitcockpitSensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.2023-07-06not yet calculatedCVE-2023-3520
MISC
MISC
fossbilling — fossbillingCross-site Scripting (XSS) – Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.2023-07-06not yet calculatedCVE-2023-3521
MISC
MISC
gpac — gpacOut-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.2023-07-06not yet calculatedCVE-2023-3523
MISC
MISC
thinutech — thinucmsA vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument cat_id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-233252.2023-07-06not yet calculatedCVE-2023-3528
MISC
MISC
rotem_dynamics — rotem_crmA vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy. It is possible to initiate the attack remotely. The identifier VDB-233253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-07-06not yet calculatedCVE-2023-3529
MISC
MISC
nilsteampassnet — teampassCross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10.2023-07-06not yet calculatedCVE-2023-3531
MISC
MISC
outline — outlineCross-site Scripting (XSS) – Stored in GitHub repository outline/outline prior to 0.70.1.2023-07-07not yet calculatedCVE-2023-3532
MISC
MISC
sourcecodester — shopping_websiteA vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233286 is the identifier assigned to this vulnerability.2023-07-07not yet calculatedCVE-2023-3534
MISC
MISC
MISC
simplephpscripts — faq_script_phpA vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233287.2023-07-07not yet calculatedCVE-2023-3535
MISC
MISC
simplephpscripts — funeral_script_phpA vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233288.2023-07-07not yet calculatedCVE-2023-3536
MISC
MISC
simplephpscripts — news_script_php_proA vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233289 was assigned to this vulnerability.2023-07-07not yet calculatedCVE-2023-3537
MISC
MISC
simplephpscripts — photo_gallery_phpA vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability.2023-07-07not yet calculatedCVE-2023-3538
MISC
MISC
simplephpscripts — simple_forum_phpA vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233291.2023-07-07not yet calculatedCVE-2023-3539
MISC
MISC
simplephpscripts — newsletter_script_phpA vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233292.2023-07-07not yet calculatedCVE-2023-3540
MISC
MISC
thinutech — thinucmsA vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12<script>alert(1)</script>o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability.2023-07-07not yet calculatedCVE-2023-3541
MISC
MISC
thinutech — thinucmsA vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability.2023-07-07not yet calculatedCVE-2023-3542
MISC
MISC
gz_scripts — availability_booking_calendar_phpA vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-07-07not yet calculatedCVE-2023-3543
MISC
MISC
gz_scripts — time_slot_booking_calendar_phpA vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-07-07not yet calculatedCVE-2023-3544
MISC
MISC
nilsteampassnet — teampassCode Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10.2023-07-08not yet calculatedCVE-2023-3551
MISC
MISC
nilsteampassnet — teampassImproper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.2023-07-08not yet calculatedCVE-2023-3552
MISC
MISC
nilsteampassnet — teampassExposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10.2023-07-08not yet calculatedCVE-2023-3553
MISC
MISC
piigab — m-busPiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials.2023-07-07not yet calculatedCVE-2023-35765
MISC
zoho_manageengine — admanager_plusZoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.2023-07-05not yet calculatedCVE-2023-35786
MISC
oracle — apache_airflowImproper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.2023-07-03not yet calculatedCVE-2023-35797
MISC
MISC
madefornet_http_debugger — madefornet_http_debuggerIn MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.2023-07-05not yet calculatedCVE-2023-35863
MISC
MISC
MISC
ibm — websphere_application_serverIBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.2023-07-07not yet calculatedCVE-2023-35890
MISC
MISC
glpi — glpiGLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.2023-07-05not yet calculatedCVE-2023-35924
MISC
MISC
yt-dlp — yt-dlpyt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest’s host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later). At the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp’s info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped. yt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders’ built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scoping Some workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternatively, avoid using `–load-info-json`. Or, if authentication is a must: verify the integrity of download links from unknown sources in browser (including redirects) before passing them to yt-dlp; use `curl` as external downloader, since it is not impacted; and/or avoid fragmented formats such as HLS/m3u8, DASH/mpd and ISM.2023-07-06not yet calculatedCVE-2023-35934
MISC
MISC
MISC
MISC
MISC
MISC
pandoc — pandocPandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `–extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `–extract-media` option. The fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension. Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. Note that the `–sandbox` option, which only affects IO done by readers and writers themselves, does not block this vulnerability. The vulnerability is patched in pandoc 3.1.4. As a workaround, audit the pandoc command and disallow PDF output and the `–extract-media` option.2023-07-05not yet calculatedCVE-2023-35936
MISC
metersphere — metersphereMetersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. Version 2.10.2 LTS has a patch for this issue.2023-07-06not yet calculatedCVE-2023-35937
MISC
glpi — glpiGLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue.2023-07-05not yet calculatedCVE-2023-35939
MISC
MISC
glpi — glpiGLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue.2023-07-05not yet calculatedCVE-2023-35940
MISC
MISC
gradle– gradleGradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### Impact This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. * When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. * For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build. ### Patches A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. It is recommended that users upgrade to a patched version. ### Workarounds There is no workaround. * If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability. * If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured. ### References * [CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)](https://cwe.mitre.org/data/definitions/22.html) * [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html) * [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)2023-06-30not yet calculatedCVE-2023-35947
MISC
MISC
MISC
novu — novuNovu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the “Sign In with GitHub” functionality of Novu’s open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim’s account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch.2023-07-06not yet calculatedCVE-2023-35948
MISC
MISC
aruba_networks — arubaosA vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.2023-07-05not yet calculatedCVE-2023-35971
MISC
aruba_networks — arubaosAn authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.2023-07-05not yet calculatedCVE-2023-35972
MISC
aruba_networks — arubaosAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.2023-07-05not yet calculatedCVE-2023-35973
MISC
aruba_networks — arubaosAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.2023-07-05not yet calculatedCVE-2023-35974
MISC
aruba_networks — arubaosAn authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.2023-07-05not yet calculatedCVE-2023-35975
MISC
aruba_networks — arubaosVulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.2023-07-05not yet calculatedCVE-2023-35976
MISC
aruba_networks — arubaosVulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.2023-07-05not yet calculatedCVE-2023-35977
MISC
aruba_networks — arubaosA vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.2023-07-05not yet calculatedCVE-2023-35978
MISC
aruba_networks — arubaosThere is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.2023-07-05not yet calculatedCVE-2023-35979
MISC
piigab — m-busPiiGAB M-Bus contains hard-coded credentials which it uses for authentication.2023-07-06not yet calculatedCVE-2023-35987
MISC
django — djangoIn Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.2023-07-03not yet calculatedCVE-2023-36053
CONFIRM
MISC
MISC
intelbras — switch_sg_2404_mrAn authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.2023-06-30not yet calculatedCVE-2023-36144
MISC
MISC
zzcms — zzcmsCross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remote attacker to gain privileges via the add function in adminlist.php.2023-07-03not yet calculatedCVE-2023-36162
MISC
MISC
openimageio — openimageioBuffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function.2023-07-03not yet calculatedCVE-2023-36183
MISC
langchain — langchainAn issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.2023-07-06not yet calculatedCVE-2023-36188
MISC
MISC
langchain — langchainSQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.2023-07-06not yet calculatedCVE-2023-36189
MISC
MISC
jerryscript_project  — jerryscriptAn issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays.2023-07-07not yet calculatedCVE-2023-36201
MISC
mlogclub_bbs-go — mlogclub_bbs-goCross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function.2023-07-03not yet calculatedCVE-2023-36222
MISC
MISC
MISC
mlogclub_bbs-go — mlogclub_bbs-goCross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function.2023-07-03not yet calculatedCVE-2023-36223
MISC
MISC
MISC
online_examination_system_project — online_examination_system_projectThe Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin’s consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data.2023-07-07not yet calculatedCVE-2023-36256
MISC
MISC
langchain — langchainAn issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method.2023-07-03not yet calculatedCVE-2023-36258
MISC
maxsite_cms — maxsite_cmsCross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file.2023-07-03not yet calculatedCVE-2023-36291
MISC
osslsigncode — osslsigncodeBuffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.2023-07-03not yet calculatedCVE-2023-36377
MISC
MISC
authentik — authentikauthentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy are susceptible to this. Possible spoofing of IP addresses in logs, downstream applications proxied by (built in) outpost, IP bypassing in custom flows if used. This poses a possible security risk when someone has flows or policies that check the user’s IP address, e.g. when they want to ignore the user’s 2 factor authentication when the user is connected to the company network. A second security risk is that the IP addresses in the logfiles and user sessions are not reliable anymore. Anybody can spoof this address and one cannot verify that the user has logged in from the IP address that is in their account’s log. A third risk is that this header is passed on to the proxied application behind an outpost. The application may do any kind of verification, logging, blocking or rate limiting based on the IP address, and this IP address can be overridden by anybody that want to. Versions 2023.4.3 and 2023.5.5 contain a patch for this issue.2023-07-06not yet calculatedCVE-2023-36456
MISC
MISC
MISC
MISC
MISC
1panel — 1panel1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6.2023-07-05not yet calculatedCVE-2023-36457
MISC
MISC
1panel — 1panel1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6.2023-07-05not yet calculatedCVE-2023-36458
MISC
MISC
mastodon — mastodonMastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview cards. This introduces a vector for cross-site scripting (XSS) payloads that can be rendered in the user’s browser when a preview card for a malicious link is clicked through. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.2023-07-06not yet calculatedCVE-2023-36459
MISC
MISC
MISC
MISC
MISC
MISC
mastodon — mastodonMastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon’s media processing code to create arbitrary files at any location. This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.2023-07-06not yet calculatedCVE-2023-36460
MISC
MISC
MISC
MISC
MISC
MISC
mastodon — mastodonMastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.2023-07-06not yet calculatedCVE-2023-36461
MISC
MISC
MISC
MISC
MISC
MISC
mastodon — mastodonMastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. The link is visually misleading, but clicking on it will reveal the actual link. This can still be used for phishing, though, similar to IDN homograph attacks. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.2023-07-06not yet calculatedCVE-2023-36462
MISC
MISC
MISC
MISC
MISC
xwiki– xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor’ space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details.2023-06-30not yet calculatedCVE-2023-36477
MISC
MISC
MISC
MISC
ovarro — multiple_productsThe affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.2023-07-03not yet calculatedCVE-2023-36608
MISC
ovarro — multiple_productsThe affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.2023-07-03not yet calculatedCVE-2023-36609
MISC
loxone_electronics — miniserver_go_gen.2The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter.2023-07-05not yet calculatedCVE-2023-36622
MISC
MISC
loxone_electronics — miniserver_go_gen.2The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges.2023-07-05not yet calculatedCVE-2023-36623
MISC
MISC
loxone_electronics — miniserver_go_gen.2Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement.2023-07-05not yet calculatedCVE-2023-36624
MISC
MISC
protobufjs — protobufjsprotobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty. NOTE: this CVE Record is about “Object.constructor.prototype.<new-property> = …;” whereas CVE-2022-25878 was about “Object.__proto__.<new-property> = …;” instead.2023-07-05not yet calculatedCVE-2023-36665
MISC
MISC
CONFIRM
MISC
CONFIRM
pypdf — pypdfpypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details.2023-06-30not yet calculatedCVE-2023-36807
MISC
MISC
MISC
glpi-project — glpiGLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.2023-07-05not yet calculatedCVE-2023-36808
MISC
MISC
kiwitcms– kiwitcmsKiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed directly. The previous Nginx configuration was incorrect allowing certain browsers like Firefox to ignore the `Content-Type: text/plain` header on some occasions thus allowing potentially dangerous scripts to be executed. Additionally, file upload validators and parts of the HTML rendering code had been found to require additional sanitation and improvements. Version 12.5 fixes this vulnerability with updated Nginx content type configuration, improved file upload validation code to prevent more potentially dangerous uploads, and Sanitization of test plan names used in the `tree_view_html()` function.2023-07-05not yet calculatedCVE-2023-36809
MISC
MISC
MISC
MISC
MISC
MISC
pypdf — pypdfpypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-30not yet calculatedCVE-2023-36810
MISC
MISC
MISC
opentsdb — opentsdbOpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.2023-06-30not yet calculatedCVE-2023-36812
MISC
MISC
MISC
kanboard — kanboardKanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.2023-07-05not yet calculatedCVE-2023-36813
MISC
MISC
MISC
zopefoundation — products.cmfcoreProducts.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python’s marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2.2023-07-03not yet calculatedCVE-2023-36814
MISC
MISC
labring — sealosSealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user’s control and may have permission to correct it. It is not clear whether a fix exists.2023-07-03not yet calculatedCVE-2023-36815
MISC
bubka — 2fa2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3.2023-07-03not yet calculatedCVE-2023-36816
MISC
MISC
tktchurch — website`tktchurch/website` contains the codebase for The King’s Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church’s project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase.2023-07-03not yet calculatedCVE-2023-36817
MISC
knowage — knowageKnowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint `_/knowage/restful-services/dossier/importTemplateFile_` allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch and prior to version 8.1.8, the application does not sanitize the `_templateName_ `parameter allowing an attacker to use `*../*` in it, and escaping the directory the template are normally placed and download any file from the system. This vulnerability allows a low privileged attacker to exfiltrate sensitive configuration file. This issue has been patched in Knowage version 8.1.8.2023-07-03not yet calculatedCVE-2023-36819
MISC
louislam — uptime-kumaUptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. After downloading a plugin, it’s installed by calling `npm install` in the installation directory of the plugin. Because the plugin is not validated against the official list of plugins or installed with `npm install –ignore-scripts`, a maliciously crafted plugin taking advantage of npm scripts can gain remote code execution. Version 1.22.1 contains a patch for this issue.2023-07-05not yet calculatedCVE-2023-36821
MISC
MISC
MISC
MISC
louislam — uptime-kumaUptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. Before a plugin is downloaded, the plugin installation directory is checked for existence. If it exists, it’s removed before the plugin installation. Because the plugin is not validated against the official list of plugins or sanitized, the check for existence and the removal of the plugin installation directory are prone to path traversal. This vulnerability allows an authenticated attacker to delete files from the server Uptime Kuma is running on. Depending on which files are deleted, Uptime Kuma or the whole system may become unavailable due to data loss.2023-07-05not yet calculatedCVE-2023-36822
MISC
MISC
MISC
MISC
rgrove — sanitizeSanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in “relaxed” config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn’t allow `style` elements, using a Sanitize config that doesn’t allow CSS at-rules, or by manually escaping the character sequence `</` as `<\/` in `style` element content.2023-07-06not yet calculatedCVE-2023-36823
MISC
MISC
MISC
ethyca — fidesFides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability affects fides versions lower than version `2.15.1`, allowing remote attackers to access arbitrary files on the fides webserver container’s filesystem. The vulnerability is patched in fides `2.15.1`. If the Fides webserver API is not directly accessible to attackers and is instead deployed behind a reverse proxy as recommended in Ethyca’s security best practice documentation, and the reverse proxy is an AWS application load balancer, the vulnerability can’t be exploited by these attackers. An AWS application load balancer will reject this attack with a 400 error. Additionally, any secrets supplied to the container using environment variables rather than a `fides.toml` configuration file are not affected by this vulnerability.2023-07-05not yet calculatedCVE-2023-36827
MISC
MISC
MISC
statamic — statamic_cmsStatamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitize` function. Version 4.10.0 contains a patch for this issue.2023-07-05not yet calculatedCVE-2023-36828
MISC
MISC
MISC
MISC
MISC
MISC
sentry — sentrySentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2.2023-07-06not yet calculatedCVE-2023-36829
MISC
MISC
MISC
MISC
sqlfluff — sqlfluffSQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via macros. For many users who use SQLFluff in the context of an environment where all users already have fairly escalated privileges, this may not be an issue – however in larger user bases, or where SQLFluff is bundled into another tool where developers still wish to give users access to supply their on rule configuration, this may be an issue. The 2.1.2 release offers the ability for the `library_path` argument to be overwritten on the command line by using the `–library-path` option. This overrides any values provided in the config files and effectively prevents this route of attack for users which have access to the config file, but not to the scripts which call the SQLFluff CLI directly. A similar option is provided for the Python API, where users also have a greater ability to further customise or override configuration as necessary. Unless `library_path` is explicitly required, SQLFluff maintainers recommend using the option `–library-path none` when invoking SQLFluff which will disable the `library-path` option entirely regardless of the options set in the configuration file or via inline config directives. As a workaround, limiting access to – or otherwise validating configuration files before they are ingested by SQLFluff will provides a similar effect and does not require upgrade.2023-07-06not yet calculatedCVE-2023-36830
MISC
MISC
piigab — m-busPiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands.2023-07-06not yet calculatedCVE-2023-36859
MISC
progress — moveit_transferIn Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.2023-07-05not yet calculatedCVE-2023-36932
CONFIRM
MISC
progress — moveit_transferIn Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly.2023-07-05not yet calculatedCVE-2023-36933
CONFIRM
MISC
progress — moveit_transferIn Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.2023-07-05not yet calculatedCVE-2023-36934
CONFIRM
MISC
food_ordering_system — food_ordering_systemA SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter.2023-07-06not yet calculatedCVE-2023-36968
MISC
MISC
cms_made_simple — cms_made_simpleCMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.2023-07-06not yet calculatedCVE-2023-36969
MISC
cms_made_simple — cms_made_simpleA Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function.2023-07-06not yet calculatedCVE-2023-36970
MISC
travianz — travianzPHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code.2023-07-07not yet calculatedCVE-2023-36992
MISC
travianz — travianzThe cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.2023-07-07not yet calculatedCVE-2023-36993
MISC
travianz — travianzIn TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code.2023-07-07not yet calculatedCVE-2023-36994
MISC
travianz — travianzTravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie.2023-07-06not yet calculatedCVE-2023-36995
MISC
chamilo — chamiloChamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.2023-07-07not yet calculatedCVE-2023-37061
MISC
MISC
chamilo — chamiloChamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories’ definition.2023-07-07not yet calculatedCVE-2023-37062
MISC
MISC
chamilo — chamiloChamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.2023-07-07not yet calculatedCVE-2023-37063
MISC
MISC
chamilo — chamiloChamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.2023-07-07not yet calculatedCVE-2023-37064
MISC
MISC
chamilo — chamiloChamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.2023-07-07not yet calculatedCVE-2023-37065
MISC
MISC
chamilo — chamiloChamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.2023-07-07not yet calculatedCVE-2023-37066
MISC
MISC
chamilo — chamiloChamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.2023-07-07not yet calculatedCVE-2023-37067
MISC
MISC
bagecms — bagecmsA stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module.2023-07-06not yet calculatedCVE-2023-37122
MISC
seacms — seacmsA stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2023-07-06not yet calculatedCVE-2023-37124
MISC
seacms — seacmsA stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2023-07-06not yet calculatedCVE-2023-37125
MISC
yzncms — yzncmsA Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request.2023-07-06not yet calculatedCVE-2023-37131
MISC
eyoucms — eyoucmsA stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2023-07-06not yet calculatedCVE-2023-37132
MISC
eyoucms — eyoucmsA stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2023-07-06not yet calculatedCVE-2023-37133
MISC
eyoucms — eyoucmsA stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2023-07-06not yet calculatedCVE-2023-37134
MISC
eyoucms — eyoucmsA stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2023-07-06not yet calculatedCVE-2023-37135
MISC
eyoucms — eyoucmsA stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2023-07-06not yet calculatedCVE-2023-37136
MISC
tenda — ac10Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.2023-07-07not yet calculatedCVE-2023-37144
MISC
totolink — lr350
 		TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.2023-07-07not yet calculatedCVE-2023-37145
MISC
totolink — lr350TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.2023-07-07not yet calculatedCVE-2023-37146
MISC
totolink — lr350TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.2023-07-07not yet calculatedCVE-2023-37148
MISC
totolink — lr350TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.2023-07-07not yet calculatedCVE-2023-37149
MISC
totolink– a3300rTOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.2023-07-07not yet calculatedCVE-2023-37170
MISC
totolink — a3300rTOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.2023-07-07not yet calculatedCVE-2023-37171
MISC
totolink — a3300rTOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.2023-07-07not yet calculatedCVE-2023-37172
MISC
totolink — a3300rTOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.2023-07-07not yet calculatedCVE-2023-37173
MISC
bitcoin_core — bitcoin_coreMemory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app’s memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.2023-07-07not yet calculatedCVE-2023-37192
MISC
MISC
MISC
mozilla — multiple_productsAn attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.2023-07-05not yet calculatedCVE-2023-37201
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — multiple_productsCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.2023-07-05not yet calculatedCVE-2023-37202
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — firefoxInsufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.2023-07-05not yet calculatedCVE-2023-37203
MISC
MISC
mozilla — firefoxA website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.2023-07-05not yet calculatedCVE-2023-37204
MISC
MISC
mozilla — firefoxThe use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.2023-07-05not yet calculatedCVE-2023-37205
MISC
MISC
mozilla — firefoxUploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.2023-07-05not yet calculatedCVE-2023-37206
MISC
MISC
mozilla — multiple_productsA website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.2023-07-05not yet calculatedCVE-2023-37207
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — multiple_productsWhen opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.2023-07-05not yet calculatedCVE-2023-37208
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — firefoxA use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.2023-07-05not yet calculatedCVE-2023-37209
MISC
MISC
mozilla — firefoxA website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.2023-07-05not yet calculatedCVE-2023-37210
MISC
MISC
mozilla — multiple_productsMemory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.2023-07-05not yet calculatedCVE-2023-37211
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — firefoxMemory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115.2023-07-05not yet calculatedCVE-2023-37212
MISC
MISC
huawei — harmonyosVulnerability of apps’ permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features.2023-07-06not yet calculatedCVE-2023-37238
MISC
MISC
huawei — harmonyosFormat string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.2023-07-06not yet calculatedCVE-2023-37239
MISC
MISC
huawei — harmonyosVulnerability of missing input length verification in the distributed file system. Successful exploitation of this vulnerability may cause out-of-bounds read.2023-07-06not yet calculatedCVE-2023-37240
MISC
MISC
huawei — harmonyosInput verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart.2023-07-06not yet calculatedCVE-2023-37241
MISC
MISC
huawei — harmonyosVulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.2023-07-06not yet calculatedCVE-2023-37242
MISC
MISC
huawei — harmonyosBuffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem.2023-07-06not yet calculatedCVE-2023-37245
MISC
MISC
thephpleague — oauth2-serverleague/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. This issue has been patched so that the provided key is no longer exposed in the exception message in the scenario outlined above. Users should upgrade to version 8.5.3 to receive the patch. As a workaround, pass the key as a file instead of a string.2023-07-06not yet calculatedCVE-2023-37260
MISC
MISC
MISC
mightypirates — opencomputersOpenComputers is a Minecraft mod that adds programmable computers and robots to the game. This issue affects every version of OpenComputers with the Internet Card feature enabled; that is, OpenComputers 1.2.0 until 1.8.3 in their most common, default configurations. If the OpenComputers mod is installed as part of a Minecraft server hosted on a popular cloud hosting provider, such as AWS, GCP and Azure, those metadata services’ API endpoints are not forbidden (aka “blacklisted”) by default. As such, any player can gain access to sensitive information exposed via those metadata servers, potentially allowing them to pivot or privilege escalate into the hosting provider. In addition, IPv6 addresses are not correctly filtered at all, allowing broader access into the local IPv6 network. This can allow a player on a server using an OpenComputers computer to access parts of the private IPv4 address space, as well as the whole IPv6 address space, in order to retrieve sensitive information. OpenComputers v1.8.3 for Minecraft 1.7.10 and 1.12.2 contains a patch for this issue. Some workarounds are also available. One may disable the Internet Card feature completely. If using OpenComputers 1.3.0 or above, using the allow list (`opencomputers.internet.whitelist` option) will prohibit connections to any IP addresses and/or domains not listed; or one may add entries to the block list (`opencomputers.internet.blacklist` option). More information about mitigations is available in the GitHub Security Advisory.2023-07-07not yet calculatedCVE-2023-37261
MISC
MISC
MISC
MISC
MISC
MISC
MISC
cc-tweaked — cc-tweakedCC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting providers, like AWS, GCP, and Azure, those metadata services API endpoints are not forbidden (aka “blacklisted”) by default. As such, any player can gain access to sensitive information exposed via those metadata servers, potentially allowing them to pivot or privilege escalate into the hosting provider. Versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3 contain a fix for this issue.2023-07-07not yet calculatedCVE-2023-37262
MISC
MISC
MISC
MISC
MISC
tektoncd — pipelineTekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. While the software stores and validates the PipelineRun’s (api version, kind, name, uid) in the child Run’s OwnerReference, it only store (api version, kind, name) in the ChildStatusReference. This means that if a client had access to create TaskRuns on a cluster, they could create a child TaskRun for a pipeline with the same name + owner reference, and the Pipeline controller picks it up as if it was the original TaskRun. This is problematic since it can let users modify the config of Pipelines at runtime, which violates SLSA L2 Service Generated / Non-falsifiable requirements. This issue can be used to trick the Pipeline controller into associating unrelated Runs to the Pipeline, feeding its data through the rest of the Pipeline. This requires access to create TaskRuns, so impact may vary depending on one Tekton setup. If users already have unrestricted access to create any Task/PipelineRun, this does not grant any additional capabilities. As of time of publication, there are no known patches for this issue.2023-07-07not yet calculatedCVE-2023-37264
MISC
MISC
MISC
winter — winterWinter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting (XSS) attack. To exploit the vulnerability, an attacker would already need to have developer or super user level permissions in Winter CMS. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would have to be using local storage where uploaded files are served under the same domain as the application itself instead of a CDN. This is because all SVGs in Winter CMS are rendered through an `img` tag, which prevents any payloads from being executed directly. These two factors significantly limit the potential harm of this vulnerability. This issue has been patched in v1.2.3 through the inclusion of full support for SVG uploads and automatic sanitization of uploaded SVG files. As a workaround, one may apply the patches manually.2023-07-07not yet calculatedCVE-2023-37269
MISC
MISC
MISC
MISC
piwigo — piwigoPiwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.2023-07-07not yet calculatedCVE-2023-37270
MISC
MISC
MISC
MISC
MISC
zoho_manageengine — adaudit_plusZoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.2023-07-07not yet calculatedCVE-2023-37308
MISC
nullsoft — nullsoft_scriptable_install_systemNullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.2023-07-03not yet calculatedCVE-2023-37378
MISC
MISC
MISC
MISC
MISC
MISC
MLIST
linux — kernelAn issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.2023-07-06not yet calculatedCVE-2023-37453
MISC
MISC
MISC
linux — kernelAn issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c.2023-07-06not yet calculatedCVE-2023-37454
MISC
MISC
MISC
MISC

Back to top

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

You may have missed

CISA Logo

CISA: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

November 24, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

November 24, 2024
CISA Logo

CISA: JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

November 24, 2024
CISA Logo

CISA: CISA Releases Three Industrial Control Systems Advisories

November 24, 2024
CISA Logo

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

November 24, 2024