US-CERT Vulnerability Summary for the Week of June 12, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
tmt — lockcell | Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15. | 2023-06-13 | 10 | CVE-2023-3049 MISC MISC |
danfoss — ak-em100_firmware | The Danfoss AK-EM100 web forms allow for SQL injection in the login forms. | 2023-06-11 | 9.8 | CVE-2023-22583 MISC MISC |
wpdirectorykit — wp_directory_kit | The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the ‘wdk_public_action’ function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2023-06-13 | 9.8 | CVE-2023-2278 MISC MISC MISC |
danfoss — ak-em100_firmware | The Danfoss AK-EM100 web applications allow for OS command injection through the web application parameters. | 2023-06-11 | 9.8 | CVE-2023-25911 MISC MISC |
progressbar.js_project — progressbar.js | All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js. | 2023-06-12 | 9.8 | CVE-2023-26133 MISC MISC MISC |
fortinet — fortisiem | A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. | 2023-06-13 | 9.8 | CVE-2023-26204 MISC |
microsoft — microsoft_sharepoint_server | Microsoft SharePoint Server Elevation of Privilege Vulnerability | 2023-06-14 | 9.8 | CVE-2023-29357 MISC |
microsoft — windows_10 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 2023-06-14 | 9.8 | CVE-2023-29363 MISC |
tmt — lockcell | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15. | 2023-06-13 | 9.8 | CVE-2023-3047 MISC MISC |
tmt — lockcell | Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15. | 2023-06-13 | 9.8 | CVE-2023-3050 MISC MISC |
froxlor — froxlor | Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20. | 2023-06-09 | 9.8 | CVE-2023-3173 MISC CONFIRM |
microsoft — windows_10 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 2023-06-14 | 9.8 | CVE-2023-32014 MISC |
microsoft — windows_10 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 2023-06-14 | 9.8 | CVE-2023-32015 MISC |
l7_networks — instantscan | L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | 2023-06-16 | 9.8 | CVE-2023-32752 CONFIRM |
itpison — contact itpison | OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | 2023-06-16 | 9.8 | CVE-2023-32753 CONFIRM |
thinking_software — efence | Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. | 2023-06-16 | 9.8 | CVE-2023-32754 CONFIRM |
dlink — dir-600_firmware | D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. | 2023-06-12 | 9.8 | CVE-2023-33625 MISC MISC MISC MISC |
dlink — dir-600_firmware | D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. | 2023-06-12 | 9.8 | CVE-2023-33626 MISC MISC MISC |
service_provider_management_system_project — service_provider_management_system | Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 | 2023-06-12 | 9.8 | CVE-2023-34581 MISC MISC MISC MISC |
bloofox — bloofoxcms | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. | 2023-06-14 | 9.8 | CVE-2023-34750 MISC |
bloofox — bloofoxcms | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. | 2023-06-14 | 9.8 | CVE-2023-34751 MISC |
bloofox — bloofoxcms | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. | 2023-06-14 | 9.8 | CVE-2023-34752 MISC MISC MISC |
bloofox — bloofoxcms | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. | 2023-06-14 | 9.8 | CVE-2023-34753 MISC |
bloofox — bloofoxcms | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. | 2023-06-14 | 9.8 | CVE-2023-34754 MISC |
bloofox — bloofoxcms | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. | 2023-06-14 | 9.8 | CVE-2023-34755 MISC |
bloofox — bloofoxcms | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. | 2023-06-14 | 9.8 | CVE-2023-34756 MISC |
atos — unify_openscape_4000_manager | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033. | 2023-06-12 | 9.8 | CVE-2023-35034 MISC MISC |
satos — satos_mobile | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607. | 2023-06-13 | 9.8 | CVE-2023-35064 MISC |
motopress — getwid_-_gutenberg_blocks | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2023-06-09 | 9.6 | CVE-2023-1895 MISC MISC |
expresstech — quiz_and_survey_master | The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files. | 2023-06-09 | 9.1 | CVE-2023-0291 MISC MISC MISC MISC |
adobe — magento_commerce | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. | 2023-06-15 | 9.1 | CVE-2023-29297 MISC |
progress — moveit_transfer | In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. | 2023-06-12 | 9.1 | CVE-2023-35036 MISC CONFIRM |
fortinet — fortisiem | An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints. | 2023-06-13 | 8.8 | CVE-2022-42478 MISC |
wpwax — directorist | The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges. | 2023-06-09 | 8.8 | CVE-2023-1888 MISC MISC |
yudiz — wp_replicate_post | The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for contributor-level attackers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-09 | 8.8 | CVE-2023-2237 MISC MISC MISC |
gvectors — wpforo_forum | The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services. | 2023-06-09 | 8.8 | CVE-2023-2249 MISC MISC MISC |
tp-link — ec70_firmware | TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow. | 2023-06-12 | 8.8 | CVE-2023-28478 MISC |
microsoft — windows_10 | Remote Desktop Client Remote Code Execution Vulnerability | 2023-06-14 | 8.8 | CVE-2023-29362 MISC |
microsoft — windows_10 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2023-06-14 | 8.8 | CVE-2023-29372 MISC |
microsoft — windows_10 | Microsoft ODBC Driver Remote Code Execution Vulnerability | 2023-06-14 | 8.8 | CVE-2023-29373 MISC |
mimsoftware — mim_local_concurrent_license_server | An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service. | 2023-06-09 | 8.8 | CVE-2023-30262 MISC MISC MISC |
tmt — lockcell | Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15. | 2023-06-13 | 8.8 | CVE-2023-3048 MISC MISC |
lost_and_found_information_system_project — lost_and_found_information_system | A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability. | 2023-06-09 | 8.8 | CVE-2023-3176 MISC MISC MISC |
lost_and_found_information_system_project — lost_and_found_information_system | A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151. | 2023-06-09 | 8.8 | CVE-2023-3177 MISC MISC MISC |
microsoft — windows_10 | Windows Collaborative Translation Framework Elevation of Privilege Vulnerability | 2023-06-14 | 8.8 | CVE-2023-32009 MISC |
microsoft — mcirosoft_exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability | 2023-06-14 | 8.8 | CVE-2023-32031 MISC |
unitecms — unlimited_elements_for_elementor | The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers, with contributor-level permissions and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. The issue was partially patched in version 1.5.66 and fully patched in 1.5.67 | 2023-06-17 | 8.8 | CVE-2023-3295 MISC MISC |
microsoft — microsoft_office | Microsoft Outlook Remote Code Execution Vulnerability | 2023-06-14 | 8.8 | CVE-2023-33131 MISC |
thedaylightstudio — fuel_cms | Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. | 2023-06-09 | 8.8 | CVE-2023-33557 MISC MISC |
digitaldruid — hoteldruid | hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. | 2023-06-13 | 8.8 | CVE-2023-33817 MISC |
bytedeco — javacpp_presets | JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-presets` use the `github.event.head_commit.message?` parameter in an insecure way. For example, the commit message is used in a run statement – resulting in a command injection vulnerability due to string interpolation. No exploitation has been reported. This issue has been addressed in version 1.5.9. Users of JavaCPP Presets are advised to upgrade as a precaution. | 2023-06-09 | 8.8 | CVE-2023-34112 MISC MISC |
expresstech — quiz_and_survey_master | The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 8.1 | CVE-2023-0292 MISC MISC MISC MISC |
microsoft — microsoft_visual_studio | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | 2023-06-14 | 8.1 | CVE-2023-24936 MISC |
microsoft — windows_10 | Windows Group Policy Elevation of Privilege Vulnerability | 2023-06-14 | 8.1 | CVE-2023-29351 MISC |
microsoft — mcirosoft_exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability | 2023-06-14 | 8 | CVE-2023-28310 MISC |
hp — softpaq_installer | A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. | 2023-06-09 | 7.8 | CVE-2019-16283 MISC |
fortinet — fortiproxy | A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands. | 2023-06-13 | 7.8 | CVE-2022-43953 MISC |
wpmet — metform_elementor_contact_form_builder | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | 2023-06-09 | 7.8 | CVE-2023-0721 MISC MISC MISC |
adobe — substance3d_designer | Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-06-15 | 7.8 | CVE-2023-21618 MISC |
fortinet — fortiproxy | A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands. | 2023-06-13 | 7.8 | CVE-2023-22639 MISC |
microsoft — .net/visual_studio | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-24895 MISC |
microsoft — .net/visual_studio | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-24897 MISC |
fortinet — fortiadc | Multiple improper neutralization of special elements used in an os command (‘OS Command Injection’) vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests. | 2023-06-13 | 7.8 | CVE-2023-26210 MISC |
hp — hp_device_manager | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | 2023-06-12 | 7.8 | CVE-2023-26294 MISC |
microsoft — publisher | Microsoft Publisher Remote Code Execution Vulnerability | 2023-06-17 | 7.8 | CVE-2023-28287 MISC |
microsoft — publisher | Microsoft Publisher Remote Code Execution Vulnerability | 2023-06-17 | 7.8 | CVE-2023-28295 MISC |
adobe — animate | Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-06-15 | 7.8 | CVE-2023-29321 MISC |
microsoft — .net | .NET Framework Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-29326 MISC |
microsoft — windows_10 | NTFS Elevation of Privilege Vulnerability | 2023-06-14 | 7.8 | CVE-2023-29346 MISC |
microsoft — windows_10 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | 2023-06-16 | 7.8 | CVE-2023-29349 MISC |
microsoft — windows_10 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2023-06-16 | 7.8 | CVE-2023-29356 MISC |
microsoft — windows_10 | Windows GDI Elevation of Privilege Vulnerability | 2023-06-14 | 7.8 | CVE-2023-29358 MISC |
microsoft — windows_10 | GDI Elevation of Privilege Vulnerability | 2023-06-14 | 7.8 | CVE-2023-29359 MISC |
microsoft — windows_10 | Windows TPM Device Driver Elevation of Privilege Vulnerability | 2023-06-14 | 7.8 | CVE-2023-29360 MISC |
microsoft — windows_10 | Windows Media Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-29365 MISC |
microsoft — windows_server | Windows Geolocation Service Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-29366 MISC |
microsoft — windows_server | iSCSI Target WMI Provider Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-29367 MISC |
microsoft — windows_10 | Windows Media Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-29370 MISC |
microsoft — windows_10 | Windows GDI Elevation of Privilege Vulnerability | 2023-06-14 | 7.8 | CVE-2023-29371 MISC |
yandex — navigator | An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | 2023-06-09 | 7.8 | CVE-2023-29749 MISC |
ekatox — facemoji_emoji_keyboard | An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. | 2023-06-09 | 7.8 | CVE-2023-29752 MISC |
urbanandroid — twilight | An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | 2023-06-09 | 7.8 | CVE-2023-29755 MISC |
leap — blue_light_filter | An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | 2023-06-09 | 7.8 | CVE-2023-29757 MISC |
appcrossx — crossx | An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files. | 2023-06-09 | 7.8 | CVE-2023-29766 MISC |
microsoft — windows_10 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-32008 MISC |
microsoft — windows_10 | Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-32017 MISC |
microsoft — windows_11 | Windows Hello Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-32018 MISC |
microsoft — microsoft_sql_server | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2023-06-16 | 7.8 | CVE-2023-32025 MISC |
microsoft — microsoft_sql_server | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2023-06-16 | 7.8 | CVE-2023-32026 MISC |
microsoft — microsoft_sql_server | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2023-06-16 | 7.8 | CVE-2023-32027 MISC |
microsoft — microsoft_ole_db_driver | Microsoft OLE DB Remote Code Execution Vulnerability | 2023-06-16 | 7.8 | CVE-2023-32028 MISC |
microsoft — microsoft_office | Microsoft Excel Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-32029 MISC |
microsoft — microsoft_office | Microsoft Excel Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-33133 MISC |
microsoft — microsoft_office | Microsoft Excel Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-33137 MISC |
microsoft — microsoft_office | Microsoft Office Remote Code Execution Vulnerability | 2023-06-14 | 7.8 | CVE-2023-33146 MISC |
emqx — nanomq | NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handler function of mqtt_parser.c when it processes malformed messages. | 2023-06-12 | 7.8 | CVE-2023-34488 MISC |
microsoft — windows_server_2019 | <div data-wrapper=”true” style=”font-family:’Segoe UI’,’Helvetica Neue’,sans-serif; font-size:9pt”> <div>Windows Server Service Security Feature Bypass Vulnerability</div> </div> | 2023-06-14 | 7.6 | CVE-2023-32022 MISC |
fortinet — fortisiem | A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods. | 2023-06-13 | 7.5 | CVE-2022-43949 MISC |
grpc — grpc | There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC’s C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above. | 2023-06-09 | 7.5 | CVE-2023-1428 MISC |
adobe — magento_commerce | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user’s data. Exploitation of this issue does not require user interaction. | 2023-06-15 | 7.5 | CVE-2023-22248 MISC |
danfoss — ak-em100_firmware | The Danfoss AK-EM100 stores login credentials in cleartext. | 2023-06-11 | 7.5 | CVE-2023-22584 MISC MISC |
danfoss — ak-em100_firmware | The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter. | 2023-06-11 | 7.5 | CVE-2023-22586 MISC MISC |
fortinet — fortinac | An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation. | 2023-06-13 | 7.5 | CVE-2023-22633 MISC |
dottie_project — dottie | Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file. | 2023-06-10 | 7.5 | CVE-2023-26132 MISC MISC MISC |
microsoft — .net/visual_studio | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 2023-06-14 | 7.5 | CVE-2023-29331 MISC |
webbax — winbizpayment | Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php. | 2023-06-12 | 7.5 | CVE-2023-30198 MISC MISC |
microsoft — windows_10 | Windows iSCSI Discovery Service Denial of Service Vulnerability | 2023-06-14 | 7.5 | CVE-2023-32011 MISC |
microsoft — .net/visual_studio | .NET and Visual Studio Denial of Service Vulnerability | 2023-06-14 | 7.5 | CVE-2023-32030 MISC |
fossbilling — fossbilling | Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0. | 2023-06-14 | 7.5 | CVE-2023-3230 CONFIRM MISC |
grpc — grpc | When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients – leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 | 2023-06-09 | 7.5 | CVE-2023-32731 MISC MISC |
emqx — nanomq | NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c. | 2023-06-12 | 7.5 | CVE-2023-34494 MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms | 2023-06-12 | 7.5 | CVE-2023-35053 MISC |
microsoft — .net/visual_studio | .NET and Visual Studio Remote Code Execution Vulnerability | 2023-06-14 | 7.3 | CVE-2023-33126 MISC |
microsoft — .net/visual_studio | .NET and Visual Studio Remote Code Execution Vulnerability | 2023-06-14 | 7.3 | CVE-2023-33128 MISC |
microsoft — sharepoint | Microsoft SharePoint Server Spoofing Vulnerability | 2023-06-14 | 7.3 | CVE-2023-33130 MISC |
microsoft — .net/visual_studio | .NET and Visual Studio Elevation of Privilege Vulnerability | 2023-06-14 | 7.3 | CVE-2023-33135 MISC |
fortinet — fortinac | An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests. | 2023-06-13 | 7.2 | CVE-2022-39946 MISC |
hijiriworld — intuitive_custom_post_order | The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied ‘objects’ and ‘tags’ parameters and lack of sufficient preparation in the ‘update_options’ function as well as the ‘refresh’ function which runs queries on the same values. This allows authenticated attackers, with administrator permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that this attack may only be practical on configurations where it is possible to bypass addslashes due to the database using a nonstandard character set such as GBK. | 2023-06-09 | 7.2 | CVE-2023-1016 MISC MISC |
postgresql — postgresql | schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | 2023-06-09 | 7.2 | CVE-2023-2454 MISC MISC |
themeisle — multiple_page_generator | The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-09 | 7.2 | CVE-2023-2607 MISC MISC MISC |
froxlor — froxlor | Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20. | 2023-06-09 | 7.2 | CVE-2023-3172 CONFIRM MISC |
microsoft — azure_devops_server_2022 | Azure DevOps Server Spoofing Vulnerability | 2023-06-14 | 7.1 | CVE-2023-21565 MISC |
bitwarden — bitwarden | Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault. | 2023-06-09 | 7.1 | CVE-2023-27706 MISC MISC MISC MISC |
microsoft — nuget | NuGet Client Remote Code Execution Vulnerability | 2023-06-14 | 7.1 | CVE-2023-29337 MISC |
linux — linux_kernel | A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. | 2023-06-09 | 7.1 | CVE-2023-3141 MISC MISC MISC |
microsoft — windows_server_2019 | Windows SMB Witness Service Security Feature Bypass Vulnerability | 2023-06-14 | 7.1 | CVE-2023-32021 MISC |
microsoft — windows_server_2022 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 2023-06-14 | 7 | CVE-2023-29361 MISC |
microsoft — windows_10 | Windows Authentication Elevation of Privilege Vulnerability | 2023-06-14 | 7 | CVE-2023-29364 MISC |
microsoft — windows_10 | Windows Filtering Platform Elevation of Privilege Vulnerability | 2023-06-14 | 7 | CVE-2023-29368 MISC |
microsoft — windows_11 | Windows Bus Filter Driver Elevation of Privilege Vulnerability | 2023-06-14 | 7 | CVE-2023-32010 MISC |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wpmet — metform_elementor_contact_form_builder | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_thankyou’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about form submissions, including payment status, and transaction ID. | 2023-06-09 | 6.5 | CVE-2023-0688 MISC MISC MISC |
themefic — ultimate_addons_for_contact_form_7 | The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in versions up to, and including, 3.1.23. This makes it possible for authenticated attackers of any authorization level to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-09 | 6.5 | CVE-2023-1615 MISC MISC MISC MISC |
wpwax — directorist | The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts. | 2023-06-09 | 6.5 | CVE-2023-1889 MISC MISC |
microsoft — windows_10_version_1809 | Windows CryptoAPI Denial of Service Vulnerability | 2023-06-14 | 6.5 | CVE-2023-24937 MISC |
microsoft — windows_10_version_1809 | Windows CryptoAPI Denial of Service Vulnerability | 2023-06-14 | 6.5 | CVE-2023-24938 MISC |
fortinet — fortimanager | A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests. | 2023-06-13 | 6.5 | CVE-2023-25609 MISC |
miniorange — active_directory_integration_\/_ldap_integration | The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to cause resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link. | 2023-06-09 | 6.5 | CVE-2023-2599 MISC MISC MISC |
fortinet — fortiproxy | An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text. | 2023-06-13 | 6.5 | CVE-2023-26207 MISC |
adobe — magento_commerce | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction. | 2023-06-15 | 6.5 | CVE-2023-29289 MISC |
microsoft — windows_10_version_1809 | Windows Remote Desktop Security Feature Bypass Vulnerability | 2023-06-14 | 6.5 | CVE-2023-29352 MISC |
microsoft — windows_server_2019 | Remote Procedure Call Runtime Denial of Service Vulnerability | 2023-06-14 | 6.5 | CVE-2023-29369 MISC |
owncast_project — owncast | Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0. | 2023-06-10 | 6.5 | CVE-2023-3188 CONFIRM MISC |
microsoft — windows_10_version_1809 | Windows Hyper-V Denial of Service Vulnerability | 2023-06-14 | 6.5 | CVE-2023-32013 MISC |
microsoft — .net | .NET and Visual Studio Elevation of Privilege Vulnerability | 2023-06-14 | 6.5 | CVE-2023-32032 MISC |
fossbilling — fossbilling | Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. | 2023-06-14 | 6.5 | CVE-2023-3229 CONFIRM MISC |
microsoft — sharepoint_enterprise_server | Microsoft SharePoint Denial of Service Vulnerability | 2023-06-14 | 6.5 | CVE-2023-33129 MISC |
microsoft — onenote | Microsoft OneNote Spoofing Vulnerability | 2023-06-14 | 6.5 | CVE-2023-33140 MISC |
microsoft — sharepoint_server | Microsoft SharePoint Server Elevation of Privilege Vulnerability | 2023-06-14 | 6.5 | CVE-2023-33142 MISC |
microsoft –edge | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 2023-06-14 | 6.5 | CVE-2023-33145 MISC |
microsoft — windows_11_version_21h2 | Windows Container Manager Service Elevation of Privilege Vulnerability | 2023-06-14 | 6.3 | CVE-2023-32012 MISC |
microsoft — sharepoint_server | Microsoft SharePoint Server Spoofing Vulnerability | 2023-06-14 | 6.3 | CVE-2023-33132 MISC |
reputeinfosystems — armember | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.1 versions. | 2023-06-12 | 6.1 | CVE-2022-47140 MISC |
getshieldsecurity — shield_security | The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the ‘User-Agent’ header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | 6.1 | CVE-2023-0992 MISC MISC MISC |
plainware — shiftcontroller | The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | 6.1 | CVE-2023-1978 MISC MISC |
i13websolution — wp_responsive_tabs | The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | 6.1 | CVE-2023-2184 MISC MISC |
danfoss — ak-em100_firmware | The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting. | 2023-06-11 | 6.1 | CVE-2023-22582 MISC MISC |
danfoss — ak-em100_firmware | The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter. | 2023-06-11 | 6.1 | CVE-2023-22585 MISC MISC |
i13websolution — wordpress_vertical_image_slider | The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | 6.1 | CVE-2023-2289 MISC MISC |
wow-company — button_generator | The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-12 | 6.1 | CVE-2023-2362 MISC |
icegram — icegram_engage | The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-12 | 6.1 | CVE-2023-2398 MISC |
i13websolution — photo_gallery_slideshow_\&_masonry_tiled_gallery | The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | 6.1 | CVE-2023-2402 MISC MISC |
ays-pro — photo_gallery | The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-12 | 6.1 | CVE-2023-2568 MISC |
i13websolution — team_circle_image_slider_with_lightbox | The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-06-09 | 6.1 | CVE-2023-2604 MISC MISC |
pega — pega_platform | Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. | 2023-06-09 | 6.1 | CVE-2023-26465 MISC |
wp_abstracts_project — wp_abstracts | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions. | 2023-06-12 | 6.1 | CVE-2023-29385 MISC |
vadesecure — secure_gateway | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter. | 2023-06-09 | 6.1 | CVE-2023-29712 MISC MISC MISC |
vadesecure — secure_gateway | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory. | 2023-06-09 | 6.1 | CVE-2023-29713 MISC MISC MISC |
vadesecure — secure_gateway | Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter. | 2023-06-09 | 6.1 | CVE-2023-29714 MISC MISC MISC |
ip_metaboxes_project — ip_metaboxes | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1. | 2023-06-12 | 6.1 | CVE-2023-30753 MISC |
online_school_fees_system_project — online_school_fees_system | A vulnerability, which was classified as problematic, was found in SourceCodester Online School Fees System 1.0. This affects an unknown part of the file /paysystem/branch.php of the component POST Parameter Handler. The manipulation of the argument branch leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231501 was assigned to this vulnerability. | 2023-06-14 | 6.1 | CVE-2023-3189 MISC MISC MISC |
wpoperation — salert_-_fake_sales_notification_woocommerce | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperation SALERT – Fake Sales Notification WooCommerce plugin <= 1.2.1 versions. | 2023-06-12 | 6.1 | CVE-2023-32118 MISC |
zotpress_project — zotpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.3 versions. | 2023-06-12 | 6.1 | CVE-2023-32961 MISC |
this_day_in_history_project — this_day_in_history | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCrust This Day In History plugin <= 3.10.1 versions. | 2023-06-12 | 6.1 | CVE-2023-34026 MISC |
phoenix_contact — fl_mguard_2102 | Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks. | 2023-06-13 | 5.8 | CVE-2023-2673 MISC |
fossbilling — fossbilling | Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0. | 2023-06-14 | 5.7 | CVE-2023-3227 CONFIRM MISC |
fossbilling — fossbilling | Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. | 2023-06-14 | 5.7 | CVE-2023-3228 CONFIRM MISC |
fortinet — forticonverter | An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder. | 2023-06-13 | 5.5 | CVE-2022-33877 MISC |
microsoft — azure_devops_server_2020 | Azure DevOps Server Spoofing Vulnerability | 2023-06-14 | 5.5 | CVE-2023-21569 MISC |
iptanus — wordpress_file_upload_pro | The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-09 | 5.5 | CVE-2023-2767 MISC MISC |
microsoft — windows_sysinternals_process_monitor | Sysinternals Process Monitor for Windows Denial of Service Vulnerability | 2023-06-14 | 5.5 | CVE-2023-29353 MISC |
yandex — navigator | An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 2023-06-09 | 5.5 | CVE-2023-29751 MISC |
ekatox — facemoji\ | An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files. | 2023-06-09 | 5.5 | CVE-2023-29753 MISC |
urbanandroid — twilight | An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 2023-06-09 | 5.5 | CVE-2023-29756 MISC |
leap — blue_light_filter | An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 2023-06-09 | 5.5 | CVE-2023-29758 MISC |
flightaware — flightaware | An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files. | 2023-06-09 | 5.5 | CVE-2023-29759 MISC |
urbanandroid — sleep | An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | 2023-06-09 | 5.5 | CVE-2023-29761 MISC |
appcrossx — crossx | An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files. | 2023-06-09 | 5.5 | CVE-2023-29767 MISC |
microsoft — windows_10_version_1809 | Windows Installer Information Disclosure Vulnerability | 2023-06-14 | 5.5 | CVE-2023-32016 MISC |
microsoft — microsoft_visual_studio | Visual Studio Information Disclosure Vulnerability | 2023-06-14 | 5.5 | CVE-2023-33139 MISC |
file_away_project — file_away | The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 2023-06-12 | 5.4 | CVE-2023-0431 MISC |
wpmet — metform_elementor_contact_form_builder | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the ‘mf’ shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a specific link. Note that getting the JavaScript to execute still requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. | 2023-06-09 | 5.4 | CVE-2023-0695 MISC MISC |
wpmet — metform_elementor_contact_form_builder | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the ‘mf_first_name’ shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. | 2023-06-09 | 5.4 | CVE-2023-0708 MISC MISC MISC |
wpmet — metform_elementor_contact_form_builder | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the ‘mf_last_name’ shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. | 2023-06-09 | 5.4 | CVE-2023-0709 MISC MISC MISC |
wpmet — metform_elementor_contact_form_builder | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the ‘fname’ attribute of the ‘mf_thankyou’ shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. Additionally this requires successful payment, increasing the complexity. | 2023-06-09 | 5.4 | CVE-2023-0710 MISC MISC |
weavertheme — weaver_xtreme_theme | The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | 5.4 | CVE-2023-1403 MISC MISC |
weavertheme — weaver_show_posts | The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | 5.4 | CVE-2023-1404 MISC MISC |
blubrry — powerpress | The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround. | 2023-06-09 | 5.4 | CVE-2023-1917 MISC MISC MISC MISC |
plainware — locatoraid | The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | 5.4 | CVE-2023-2031 MISC MISC MISC |
bulletin — announcement_\&_notification_banner_-_bulletin | The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the ‘bulletinwp_update_bulletin_status’, ‘bulletinwp_update_bulletin’, ‘bulletinwp_update_settings’, ‘bulletinwp_update_status’, ‘bulletinwp_export_bulletins’, and ‘bulletinwp_import_bulletins’ functions in versions up to, and including, 3.7.0. This makes it possible for unauthenticated attackers to modify the plugin’s settings, modify bulletins, create new bulletins, and more, via a forged request granted they can trick a site’s user into performing an action such as clicking on a link. | 2023-06-09 | 5.4 | CVE-2023-2067 MISC MISC MISC |
hashicorp — vault | Vault and Vault Enterprise’s (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11. | 2023-06-09 | 5.4 | CVE-2023-2121 MISC |
wclovers — woocommerce_multivendor_marketplace | The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the ‘get_item’, ‘get_order_notes’ and ‘add_order_note’ functions in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers with subscriber privileges or above, to view the order details and order notes, and add order notes. | 2023-06-09 | 5.4 | CVE-2023-2275 MISC MISC MISC MISC MISC |
wpdownloadmanager — wordpress_download_manager | The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpdm_members’, ‘wpdm_login_form’, ‘wpdm_reg_form’ shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | 5.4 | CVE-2023-2305 MISC MISC MISC MISC MISC |
postgresql — postgresql | Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. | 2023-06-09 | 5.4 | CVE-2023-2455 MISC MISC |
supsystic — easy_google_maps | The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 5.4 | CVE-2023-2526 MISC MISC MISC MISC |
pluginus — wordpress_currency_switcher_professional | The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-09 | 5.4 | CVE-2023-2558 MISC MISC |
codepeople — contact_form_email | The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. | 2023-06-12 | 5.4 | CVE-2023-2718 MISC |
adobe — experience_manager | Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2023-06-15 | 5.4 | CVE-2023-29302 MISC |
adobe — experience_manager | Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2023-06-15 | 5.4 | CVE-2023-29304 MISC |
adobe — experience_manager | Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2023-06-15 | 5.4 | CVE-2023-29307 MISC |
adobe — experience_manager | Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2023-06-15 | 5.4 | CVE-2023-29322 MISC |
performance_indicator_system_project — performance_indicator_system | A vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163. | 2023-06-09 | 5.4 | CVE-2023-3183 MISC MISC MISC |
teachers_record_management_system_project — teachers_record_management_system | A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176. | 2023-06-09 | 5.4 | CVE-2023-3187 MISC MISC MISC MISC |
teampass — teampass | Cross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-10 | 5.4 | CVE-2023-3191 MISC CONFIRM |
froxlor — froxlor | Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0. | 2023-06-11 | 5.4 | CVE-2023-3192 CONFIRM MISC |
eyoucms — eyoucms | EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS). | 2023-06-12 | 5.4 | CVE-2023-33492 MISC |
dlink — di-7500g-ci_firmware | A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi. | 2023-06-09 | 5.4 | CVE-2023-34856 MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible | 2023-06-12 | 5.4 | CVE-2023-35054 MISC |
crypto-js_project — crypto-js | The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string “0.” with an integer, which makes the output more predictable than necessary. | 2023-06-12 | 5.3 | CVE-2020-36732 MISC MISC MISC MISC MISC |
wpmet — metform_elementor_contact_form_builder | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the permalink structure. | 2023-06-09 | 5.3 | CVE-2023-1843 MISC MISC MISC |
niteothemes — cmp | The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin’s provided feature. | 2023-06-09 | 5.3 | CVE-2023-2159 MISC MISC MISC |
wpdirectorykit — wp_directory_kit | The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘ajax_public’ function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0 and an additional partial patch was introduced in version 1.2.2, but the issue was not fully patched until 1.2.3. | 2023-06-09 | 5.3 | CVE-2023-2280 MISC MISC MISC |
danfoss — ak-em100_firmware | The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values. | 2023-06-11 | 5.3 | CVE-2023-25912 MISC MISC |
brizy — brizy | The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an ‘X-Forwarded-For’ HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mode whitelist. Supplying a whitelisted IP address within the ‘X-Forwarded-For’ header allows maintenance mode to be bypassed and may result in the disclosure of potentially sensitive information or allow access to restricted functionality. | 2023-06-09 | 5.3 | CVE-2023-2897 MISC MISC |
adobe — magento_commerce | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction.. | 2023-06-15 | 5.3 | CVE-2023-29287 MISC |
adobe — magento_commerce | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. | 2023-06-15 | 5.3 | CVE-2023-29290 MISC |
microsoft — windows_server_2019 | DHCP Server Service Information Disclosure Vulnerability | 2023-06-14 | 5.3 | CVE-2023-29355 MISC |
grpc — grpc | gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url | 2023-06-09 | 5.3 | CVE-2023-32732 MISC |
microsoft — visual_studio_code | Visual Studio Code Spoofing Vulnerability | 2023-06-14 | 5 | CVE-2023-33144 MISC |
miniorange — active_directory_integration_\/_ldap_integration | The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-09 | 4.9 | CVE-2023-2484 MISC MISC MISC |
iptanus — wordpress_file_upload_pro | The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root. | 2023-06-09 | 4.9 | CVE-2023-2688 MISC MISC |
adobe — magento_commerce | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. | 2023-06-15 | 4.9 | CVE-2023-29291 MISC |
adobe — magento_commerce | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. | 2023-06-15 | 4.9 | CVE-2023-29292 MISC |
galleryplugins — video_contest | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GalleryPlugins Video Contest plugin <= 3.2 versions. | 2023-06-12 | 4.8 | CVE-2022-45827 MISC |
yikesinc — easy_forms_for_mailchimp | The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-06-12 | 4.8 | CVE-2023-1323 MISC |
aviplugins — wp_register_profile_with_shortcode | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Aviplugins.Com WP Register Profile With Shortcode plugin <= 3.5.7 versions. | 2023-06-12 | 4.8 | CVE-2023-23818 MISC |
itemprop_wp_for_serp\/seo_rich_snippets_project — itemprop_wp_for_serp\/seo_rich_snippets | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rolands Umbrovskis itemprop WP for SERP/SEO Rich snippets plugin <= 3.5.201706131 versions. | 2023-06-12 | 4.8 | CVE-2023-23819 MISC |
utm_tracker_project — utm_tracker | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ludwig Media UTM Tracker plugin <= 1.3.1 versions. | 2023-06-12 | 4.8 | CVE-2023-23822 MISC |
pixelyoursite — pixelyoursite_pro | The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-09 | 4.8 | CVE-2023-2584 MISC MISC MISC |
stpetedesign — call_now_accessibility_button | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPeteDesign Call Now Accessibility Button plugin <= 1.1 versions. | 2023-06-12 | 4.8 | CVE-2023-28933 MISC |
ip_metaboxes_project — ip_metaboxes | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1 versions. | 2023-06-12 | 4.8 | CVE-2023-30745 MISC |
unfocus — scripts_n_styles | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFocus Projects Scripts n Styles plugin <= 3.5.7 versions. | 2023-06-12 | 4.8 | CVE-2023-31236 MISC |
sales_tracker_management_system_project — sales_tracker_management_system | A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164. | 2023-06-09 | 4.8 | CVE-2023-3184 MISC MISC MISC MISC |
wpdirectorykit — wp_directory_kit | The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the ‘insert’ function. This makes it possible for unauthenticated attackers to update the plugin’s settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-13 | 4.7 | CVE-2023-2277 MISC MISC MISC |
microsoft — windows_10_version_1809 | Windows Kernel Information Disclosure Vulnerability | 2023-06-14 | 4.7 | CVE-2023-32019 MISC |
teampass — teampass | Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-06-10 | 4.6 | CVE-2023-3190 CONFIRM MISC |
fortinet — fortiproxy | A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands. | 2023-06-13 | 4.4 | CVE-2022-41327 MISC |
fibosearch — fibosearch | The FiboSearch – AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-09 | 4.4 | CVE-2023-2450 MISC MISC MISC |
advanced-woo-search — advanced_woo_search | The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-06-09 | 4.4 | CVE-2023-2452 MISC MISC MISC |
wpmet — metform_elementor_contact_form_builder | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_last_name’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, specifically the submitter’s last name. | 2023-06-09 | 4.3 | CVE-2023-0691 MISC MISC MISC |
wpmet — metform_elementor_contact_form_builder | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_payment_status’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions. | 2023-06-09 | 4.3 | CVE-2023-0692 MISC MISC MISC |
wpmet — metform_elementor_contact_form_builder | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_transaction_id’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the transaction ids of arbitrary form submissions that included payment. | 2023-06-09 | 4.3 | CVE-2023-0693 MISC MISC MISC |
wpmet — metform_elementor_contact_form_builder | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission. | 2023-06-09 | 4.3 | CVE-2023-0694 MISC MISC MISC |
wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_sort_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | 2023-06-09 | 4.3 | CVE-2023-0729 MISC MISC MISC |
webfactoryltd — under_construction | The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismiss_notice function called via the admin_action_ucp_dismiss_notice action. This makes it possible for unauthenticated attackers to dismiss plugin notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 4.3 | CVE-2023-0831 MISC MISC |
webfactoryltd — under_construction | The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the install_weglot function called via the admin_action_install_weglot action. This makes it possible for unauthenticated attackers to perform an unauthorized install of the Weglot Translate plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 4.3 | CVE-2023-0832 MISC MISC |
getshieldsecurity — shield_security | The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the ‘theme-plugin-file’ AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992. | 2023-06-09 | 4.3 | CVE-2023-0993 MISC MISC MISC |
ooohboi_steroids_for_elementor_project — ooohboi_steroids_for_elementor | The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the ‘file_uploader_callback’ function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the site. | 2023-06-09 | 4.3 | CVE-2023-1169 MISC MISC MISC |
wpfastestcache — wp_fastest_cache | The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site’s cache. | 2023-06-09 | 4.3 | CVE-2023-1375 MISC MISC MISC |
staxwp — stax | The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the toggle_widget function. This makes it possible for unauthenticated attackers to enable or disable Elementor widgets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 4.3 | CVE-2023-1807 MISC MISC |
motopress — getwid_-_gutenberg_blocks | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to flush the remote template cache. Cached template information can also be accessed via this endpoint but these are not considered sensitive as they are publicly accessible from the developer’s site. | 2023-06-09 | 4.3 | CVE-2023-1910 MISC MISC |
bulletin — announcement_\&_notification_banner_-_bulletin | The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the ‘bulletinwp_update_bulletin_status’, ‘bulletinwp_update_bulletin’, ‘bulletinwp_update_settings’, ‘bulletinwp_update_status’, ‘bulletinwp_export_bulletins’, and ‘bulletinwp_import_bulletins’ functions functions in versions up to, and including, 3.6.0. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the plugin’s settings, modify bulletins, create new bulletins, and more. | 2023-06-09 | 4.3 | CVE-2023-2066 MISC MISC MISC |
wpdeveloper — essential_blocks | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | 2023-06-09 | 4.3 | CVE-2023-2083 MISC MISC MISC |
wpdeveloper — essential_blocks | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | 2023-06-09 | 4.3 | CVE-2023-2084 MISC MISC |
wpdeveloper — essential_blocks | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | 2023-06-09 | 4.3 | CVE-2023-2085 MISC MISC MISC |
wpdeveloper — essential_blocks | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check. | 2023-06-09 | 4.3 | CVE-2023-2086 MISC MISC MISC |
wpdeveloper — essential_blocks | The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 4.3 | CVE-2023-2087 MISC MISC MISC |
staxwp — stax | The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets. | 2023-06-09 | 4.3 | CVE-2023-2189 MISC MISC |
wpwhitesecurity — wp_activity_log | The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails. | 2023-06-09 | 4.3 | CVE-2023-2261 MISC MISC MISC |
wpwhitesecurity — wp_activity_log | The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin’s settings. | 2023-06-09 | 4.3 | CVE-2023-2284 MISC MISC |
wpwhitesecurity — wp_activity_log | The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make changes to the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 4.3 | CVE-2023-2285 MISC MISC |
wpwhitesecurity — wp_activity_log | The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 4.3 | CVE-2023-2286 MISC MISC MISC |
wpdirectorykit — wp_directory_kit | The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘ajax_admin’ function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0. | 2023-06-13 | 4.3 | CVE-2023-2351 MISC MISC MISC MISC MISC MISC |
vcita — online_booking_\&_scheduling_calendar | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload media files, and inject malicious JavaScript. | 2023-06-09 | 4.3 | CVE-2023-2414 MISC MISC MISC |
pluginus — wordpress_currency_switcher_professional | The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create a custom drop-down currency switcher. | 2023-06-09 | 4.3 | CVE-2023-2555 MISC MISC |
wordpress — wordpress | The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher. | 2023-06-09 | 4.3 | CVE-2023-2556 MISC MISC |
wordpress — wordpress | The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher. | 2023-06-09 | 4.3 | CVE-2023-2557 MISC MISC |
wordpress — wordpress | The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the featured image of arbitrary posts with an image that exists in the media library. | 2023-06-09 | 4.3 | CVE-2023-2764 MISC MISC MISC |
wordpress — wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 4.3 | CVE-2023-2891 MISC MISC |
wordpress — wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated attackers to bulk delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 4.3 | CVE-2023-2892 MISC MISC |
wordpress — wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unauthenticated attackers to deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 4.3 | CVE-2023-2893 MISC MISC |
wordpress — wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unauthenticated attackers to bulk deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 4.3 | CVE-2023-2894 MISC MISC |
wordpress — wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauthenticated attackers to bulk activate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 4.3 | CVE-2023-2895 MISC MISC |
wordpress — wordpress | The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated attackers to duplicate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-09 | 4.3 | CVE-2023-2896 MISC MISC |
adobe — magento_commerce | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user’s data. Exploitation of this issue does not require user interaction. | 2023-06-15 | 4.3 | CVE-2023-29288 MISC |
adobe — magento_commerce | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. | 2023-06-15 | 4.3 | CVE-2023-29294 MISC |
adobe — magento_commerce | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. | 2023-06-15 | 4.3 | CVE-2023-29295 MISC |
adobe — magento_commerce | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user’s data. Exploitation of this issue does not require user interaction. | 2023-06-15 | 4.3 | CVE-2023-29296 MISC |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
vmware — tools | A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | 2023-06-13 | 3.9 | CVE-2023-20867 MISC |
wordpress — wordpress | The FluentCRM – Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address. | 2023-06-09 | 3.7 | CVE-2023-1430 MISC MISC |
microsoft — windows_server_2019 | Windows DNS Spoofing Vulnerability | 2023-06-14 | 3.7 | CVE-2023-32020 MISC |
microsoft — snipping_tool | Windows Snipping Tool Information Disclosure Vulnerability | 2023-06-13 | 3.3 | CVE-2023-28303 MISC |
microsoft — microsoft_power_apps | Microsoft Power Apps Spoofing Vulnerability | 2023-06-14 | 3 | CVE-2023-32024 MISC |
fortinet — fortiproxy | A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests. | 2023-06-13 | 2.7 | CVE-2022-42474 MISC |
adobe — magento_commerce | Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction. | 2023-06-15 | 2.7 | CVE-2023-29293 MISC |
sap — netweaver | SAP NetWeaver (Change and Transport System) – versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application. | 2023-06-13 | 2.7 | CVE-2023-32114 MISC MISC |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
nanopb — nanopb | Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string. | 2023-06-17 | not yet calculated | CVE-2014-125106 MISC MISC MISC |
wordpress — wordpress | A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0. This vulnerability affects the function CopyProtect_options_page of the file wp-copyprotect.php. The manipulation of the argument CopyProtect_nrc_text leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.1.0 is able to address this issue. The patch is identified as 8b8fe4102886b326330dc1ff06b17313fb10aee5. It is recommended to upgrade the affected component. VDB-231202 is the identifier assigned to this vulnerability. | 2023-06-12 | not yet calculated | CVE-2015-10118 MISC MISC MISC |
sogo — web_mail | Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code. | 2023-06-14 | not yet calculated | CVE-2020-22402 MISC |
google — android | Product: AndroidVersions: Android SoCAndroid ID: A-277775870 | 2023-06-15 | not yet calculated | CVE-2021-0701 MISC |
google — android | Product: AndroidVersions: Android SoCAndroid ID: A-278156680 | 2023-06-15 | not yet calculated | CVE-2021-0945 MISC |
tp5cms — tp5cms | An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter. | 2023-06-14 | not yet calculated | CVE-2021-31280 MISC |
ibm — security_guardium | IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753. | 2023-06-15 | not yet calculated | CVE-2022-22307 MISC MISC |
hp_inc. — hp_pc_bios | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. | 2023-06-12 | not yet calculated | CVE-2022-27539 MISC |
hp_inc. — hp_pc_bios | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. | 2023-06-12 | not yet calculated | CVE-2022-27541 MISC |
jhead — jhead | Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given. | 2023-06-13 | not yet calculated | CVE-2022-28550 MISC MISC |
hp_inc. — hp_pc_bios | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | 2023-06-13 | not yet calculated | CVE-2022-31635 MISC |
hp_inc. — hp_pc_bios | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | 2023-06-13 | not yet calculated | CVE-2022-31636 MISC |
hp_inc. — hp_pc_bios | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | 2023-06-13 | not yet calculated | CVE-2022-31637 MISC |
hp_inc. — hp_pc_bios | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | 2023-06-13 | not yet calculated | CVE-2022-31638 MISC |
hp_inc. — hp_pc_bios | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | 2023-06-13 | not yet calculated | CVE-2022-31639 MISC |
hp_inc. — hp_pc_bios | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | 2023-06-14 | not yet calculated | CVE-2022-31640 MISC |
hp_inc. — hp_pc_bios | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | 2023-06-14 | not yet calculated | CVE-2022-31641 MISC |
hp_inc. — hp_pc_bios | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | 2023-06-14 | not yet calculated | CVE-2022-31642 MISC |
hp_inc. — hp_pc_bios | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | 2023-06-14 | not yet calculated | CVE-2022-31644 MISC |
hp_inc. — hp_pc_bios | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | 2023-06-14 | not yet calculated | CVE-2022-31645 MISC |
hp_inc. — hp_pc_bios | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | 2023-06-14 | not yet calculated | CVE-2022-31646 MISC |
ibm — security_directory_suite_va | IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439. | 2023-06-15 | not yet calculated | CVE-2022-32752 MISC MISC |
ibm — security_directory_suite_va | IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510. | 2023-06-15 | not yet calculated | CVE-2022-32757 MISC MISC |
ibm — security_directory_suite_va | IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567. | 2023-06-15 | not yet calculated | CVE-2022-33159 MISC MISC |
ibm — security_directory_suite_va | IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571. | 2023-06-15 | not yet calculated | CVE-2022-33163 MISC MISC |
ibm — security_directory_suite_va | IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product’s environment. IBM X-Force ID: 228586. | 2023-06-15 | not yet calculated | CVE-2022-33166 MISC MISC |
ibm — security_directory_suite_va | IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588. | 2023-06-15 | not yet calculated | CVE-2022-33168 MISC MISC |
western_digital — multiple_products | Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102. | 2023-06-12 | not yet calculated | CVE-2022-36331 MISC |
kratos — spectralnet | A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user. | 2023-06-12 | not yet calculated | CVE-2022-38156 MISC |
netskope –netskope_client | The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. Once the file is created by a malicious user with proper ACL permissions, all files within C:\Users\Public\netSkope\ becomes modifiable by the unprivileged user. By using Windows pseudo-symlink, these files can be pointed to other places in the system and thus malicious users will be able to elevate privileges. | 2023-06-15 | not yet calculated | CVE-2022-4149 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Upload Images plugin <= 3.3 versions allows Stored Cross-Site Scripting (XSS). | 2023-06-13 | not yet calculated | CVE-2022-42880 MISC |
servicenow — servicenow_core | ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls. | 2023-06-13 | not yet calculated | CVE-2022-43684 MISC |
hp_inc. — hp_pc_bios | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. | 2023-06-12 | not yet calculated | CVE-2022-43777 MISC |
hp_inc. — hp_pc_bios | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. | 2023-06-12 | not yet calculated | CVE-2022-43778 MISC |
oracle — apache | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0. | 2023-06-14 | not yet calculated | CVE-2022-47184 MISC |
becton_dickinson — alaris_infusion_central | The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data. | 2023-06-13 | not yet calculated | CVE-2022-47376 MISC |
huawei — flmg-10 | A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0(H100SP22C00). | 2023-06-16 | not yet calculated | CVE-2022-48330 MISC |
huawei — b535-232a | There is a traffic hijacking vulnerability in Huawei routers. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. | 2023-06-16 | not yet calculated | CVE-2022-48469 MISC |
huawei — bisheng-wnm | There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal. | 2023-06-16 | not yet calculated | CVE-2022-48471 MISC |
huawei — bisheng-wnm | A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211. | 2023-06-16 | not yet calculated | CVE-2022-48472 MISC |
huawei — bisheng-wnm | There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal. | 2023-06-16 | not yet calculated | CVE-2022-48473 MISC |
palo_alto_networks — globalprotect_app_on_windows | A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local service account or user with token impersonation privileges to execute programs with elevated privileges. | 2023-06-14 | not yet calculated | CVE-2023-0009 MISC |
palo_alto_networks — pan-os | A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. | 2023-06-14 | not yet calculated | CVE-2023-0010 MISC |
synology — multiple_products | Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors. | 2023-06-13 | not yet calculated | CVE-2023-0142 MISC MISC |
teamviewer — remote | An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration. | 2023-06-14 | not yet calculated | CVE-2023-0837 MISC |
schneider_electric — multiple_products | A CWE-94: Improper Control of Generation of Code (‘Code Injection’) vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI. | 2023-06-14 | not yet calculated | CVE-2023-1049 MISC |
hp_inc. — hp_multifunction_printers | A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products. | 2023-06-14 | not yet calculated | CVE-2023-1329 MISC |
hp_inc. — hp_enterprise_laserjet_and_hp_laserjet_managed_printers | Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6. | 2023-06-13 | not yet calculated | CVE-2023-1707 MISC |
atlas_copco — power_focus_6000 | Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller. | 2023-06-12 | not yet calculated | CVE-2023-1897 MISC |
atlas_copco — power_focus_6000 | Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user’s session. | 2023-06-12 | not yet calculated | CVE-2023-1898 MISC |
atlas_copco — power_focus_6000 | Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller. | 2023-06-12 | not yet calculated | CVE-2023-1899 MISC |
forcepoint — cloud_security_gateway | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection. | 2023-06-15 | not yet calculated | CVE-2023-2080 MISC |
cloud foundry — multiple_products | Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19. | 2023-06-16 | not yet calculated | CVE-2023-20885 MISC |
google — android | In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-242704576 | 2023-06-15 | not yet calculated | CVE-2023-21095 MISC |
google — android | In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258189255 | 2023-06-15 | not yet calculated | CVE-2023-21101 MISC |
google — android | In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568 | 2023-06-15 | not yet calculated | CVE-2023-21105 MISC |
google — android | In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-239414876 | 2023-06-15 | not yet calculated | CVE-2023-21108 MISC |
google — android | In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033 | 2023-06-15 | not yet calculated | CVE-2023-21115 MISC |
google — android | In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673 | 2023-06-15 | not yet calculated | CVE-2023-21120 MISC |
google — android | In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-205460459 | 2023-06-15 | not yet calculated | CVE-2023-21121 MISC |
google — android | In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050191 | 2023-06-15 | not yet calculated | CVE-2023-21122 MISC |
google — android | In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064 | 2023-06-15 | not yet calculated | CVE-2023-21123 MISC |
google — android | In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265798353 | 2023-06-15 | not yet calculated | CVE-2023-21124 MISC |
google — android | In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271846393 | 2023-06-15 | not yet calculated | CVE-2023-21126 MISC |
google — android | In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-275418191 | 2023-06-15 | not yet calculated | CVE-2023-21127 MISC |
google — android | In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183 | 2023-06-15 | not yet calculated | CVE-2023-21128 MISC |
google — android | In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-274759612 | 2023-06-15 | not yet calculated | CVE-2023-21129 MISC |
google — android | In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002 | 2023-06-15 | not yet calculated | CVE-2023-21130 MISC |
google — android | In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265015796 | 2023-06-15 | not yet calculated | CVE-2023-21131 MISC |
google — android | In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119 | 2023-06-15 | not yet calculated | CVE-2023-21135 MISC |
google — android | In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246542285 | 2023-06-15 | not yet calculated | CVE-2023-21136 MISC |
google — android | In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246541702 | 2023-06-15 | not yet calculated | CVE-2023-21137 MISC |
google — android | In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090 | 2023-06-15 | not yet calculated | CVE-2023-21138 MISC |
google — android | In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271845008 | 2023-06-15 | not yet calculated | CVE-2023-21139 MISC |
google — android | In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249 | 2023-06-15 | not yet calculated | CVE-2023-21141 MISC |
google — android | In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262243665 | 2023-06-15 | not yet calculated | CVE-2023-21142 MISC |
google — android | In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-268193777 | 2023-06-15 | not yet calculated | CVE-2023-21143 MISC |
google — android | In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252766417 | 2023-06-15 | not yet calculated | CVE-2023-21144 MISC |
netskope –netskope_client | The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\SYSTEM privileges on the end machine. | 2023-06-15 | not yet calculated | CVE-2023-2270 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions. | 2023-06-15 | not yet calculated | CVE-2023-23802 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rating-Widget Rating-Widget: Star Review System plugin <= 3.1.9 versions. | 2023-06-13 | not yet calculated | CVE-2023-23831 MISC |
solarwinds — servu | SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data. | 2023-06-15 | not yet calculated | CVE-2023-23841 MISC |
zimbra — collaboration_suite | An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807. | 2023-06-15 | not yet calculated | CVE-2023-24030 MISC MISC |
zimbra — collaboration_suite | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure. | 2023-06-15 | not yet calculated | CVE-2023-24031 MISC MISC |
zimbra — collaboration_suite | In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE). | 2023-06-15 | not yet calculated | CVE-2023-24032 MISC MISC |
cdata — rsb_connect | CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). | 2023-06-16 | not yet calculated | CVE-2023-24243 MISC MISC MISC MISC |
kubernetes — kubernetes | A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. | 2023-06-16 | not yet calculated | CVE-2023-2431 MISC MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <= 1.1.1 versions. | 2023-06-15 | not yet calculated | CVE-2023-24420 MISC |
micro_focus — arcsight_logger | Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0 | 2023-06-13 | not yet calculated | CVE-2023-24469 MISC MISC MISC |
micro_focus — arcsight_logger | Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. | 2023-06-13 | not yet calculated | CVE-2023-24470 MISC MISC MISC |
arista — cloudvision | On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service. | 2023-06-13 | not yet calculated | CVE-2023-24546 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions. | 2023-06-15 | not yet calculated | CVE-2023-25055 MISC |
nokia — airscale_asika_single_ran_devices | An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources. | 2023-06-16 | not yet calculated | CVE-2023-25185 MISC MISC |
nokia — airscale_asika_single_ran_devices | An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network. | 2023-06-16 | not yet calculated | CVE-2023-25186 MISC MISC |
nokia — airscale_asika_single_ran_devices | An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don’t give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities. | 2023-06-16 | not yet calculated | CVE-2023-25187 MISC MISC |
nokia — airscale_asika_single_ran_devices | An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level. | 2023-06-16 | not yet calculated | CVE-2023-25188 MISC MISC |
sigilent — multiple_products | In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password. | 2023-06-16 | not yet calculated | CVE-2023-25366 MISC MISC |
sigilent — multiple_products | Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server. | 2023-06-14 | not yet calculated | CVE-2023-25367 MISC MISC |
sigilent — multiple_products | Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmnware. | 2023-06-14 | not yet calculated | CVE-2023-25368 MISC |
sigilent — multiple_products | Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command. | 2023-06-14 | not yet calculated | CVE-2023-25369 MISC |
libtiff — libtiff | libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215. | 2023-06-14 | not yet calculated | CVE-2023-25434 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions. | 2023-06-15 | not yet calculated | CVE-2023-25449 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions. | 2023-06-15 | not yet calculated | CVE-2023-25450 MISC |
wordpress — wordpress | The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthenticated attackers to delete forms created with this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-13 | not yet calculated | CVE-2023-2563 MISC MISC MISC |
zte — multiple_products | There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user’s device, affecting device operation. | 2023-06-16 | not yet calculated | CVE-2023-25645 MISC |
ibm — powervm_hypervisor | IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592. | 2023-06-15 | not yet calculated | CVE-2023-25683 MISC MISC |
schneider_electric — ecostruxure_foxboro_dcs_control_core_services | A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | 2023-06-14 | not yet calculated | CVE-2023-2569 MISC |
schneider_electric — ecostruxure_foxboro_dcs_control_core_services | A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver. | 2023-06-14 | not yet calculated | CVE-2023-2570 MISC |
seimens — multiple_products | A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC S7-PM (All versions), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system’s server. | 2023-06-13 | not yet calculated | CVE-2023-25910 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions. | 2023-06-16 | not yet calculated | CVE-2023-25963 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah Hearle, Design Extreme We’re Open! plugin <= 1.46 versions. | 2023-06-13 | not yet calculated | CVE-2023-25964 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress ????? plugin <= 3.7 versions. | 2023-06-15 | not yet calculated | CVE-2023-25972 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psicosi448 wp2syslog plugin <= 1.0.5 versions. | 2023-06-16 | not yet calculated | CVE-2023-25974 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate Reist Protected Posts Logout Button plugin <= 1.4.5 versions. | 2023-06-13 | not yet calculated | CVE-2023-25978 MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions. | 2023-06-16 | not yet calculated | CVE-2023-26013 MISC |
nokia — web_element_manager | A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possible from mobile network user UEs, from roaming networks, or from the Internet. Exploitation is possible only from a CSP (Communication Service Provider) mobile network solution internal BTS management network. | 2023-06-14 | not yet calculated | CVE-2023-26062 MISC MISC |
hp_inc. — hp_device_manager | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | 2023-06-12 | not yet calculated | CVE-2023-26295 MISC |
hp_inc. — hp_device_manager | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | 2023-06-12 | not yet calculated | CVE-2023-26296 MISC |
hp_inc. — hp_device_manager | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | 2023-06-12 | not yet calculated | CVE-2023-26297 MISC |
hp_inc. — hp_device_manager | Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. | 2023-06-12 | not yet calculated | CVE-2023-26298 MISC |
rockwell_automation — factorytalk | Rockwell Automation’s FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited. | 2023-06-13 | not yet calculated | CVE-2023-2637 MISC |
rockwell_automation — factorytalk | Rockwell Automation’s FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited. | 2023-06-13 | not yet calculated | CVE-2023-2638 MISC |
rockwell_automation — factorytalk | The underlying feedback mechanism of Rockwell Automation’s FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat actor to craft a malicious website that, when visited, will send a malicious script that can connect to the local WebSocket endpoint and wait for events as if it was a valid client device. If successfully exploited, this would allow a threat actor to receive information including whether FactoryTalk Policy Manager is installed and potentially the entire security policy. | 2023-06-13 | not yet calculated | CVE-2023-2639 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko Takagi Simple Slug Translate plugin <= 2.7.2 versions. | 2023-06-16 | not yet calculated | CVE-2023-26515 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions. | 2023-06-16 | not yet calculated | CVE-2023-26527 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jinit9906 Shipyaari Shipping Management plugin <= 1.0 versions. | 2023-06-13 | not yet calculated | CVE-2023-26528 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <= 1.0.2 versions. | 2023-06-16 | not yet calculated | CVE-2023-26537 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamyabsoft Chat Bee plugin <= 1.1.0 versions. | 2023-06-13 | not yet calculated | CVE-2023-26538 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions. | 2023-06-16 | not yet calculated | CVE-2023-26541 MISC |
silabs.com — bluetooth_sdk | A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. | 2023-06-15 | not yet calculated | CVE-2023-2683 MISC MISC |
silabs.com — gecko_platform | Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. | 2023-06-15 | not yet calculated | CVE-2023-2686 MISC MISC |
libtiff — libtiff | loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. | 2023-06-14 | not yet calculated | CVE-2023-26965 MISC |
synology — multiple_products | Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. | 2023-06-13 | not yet calculated | CVE-2023-2729 MISC MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose theme <= 1.0.5 versions. | 2023-06-16 | not yet calculated | CVE-2023-27420 MISC |
siemens — multiple_products | A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device. | 2023-06-13 | not yet calculated | CVE-2023-27465 MISC |
silabs — gsdk | The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. | 2023-06-15 | not yet calculated | CVE-2023-2747 MISC MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions. | 2023-06-13 | not yet calculated | CVE-2023-27624 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions. | 2023-06-15 | not yet calculated | CVE-2023-27634 MISC |
freakchicken_kafkaUI-lite — freakchicken_kafkaUI-lite | An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it. | 2023-06-12 | not yet calculated | CVE-2023-27716 MISC |
rockwell_automation — factorytalk | A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS. | 2023-06-13 | not yet calculated | CVE-2023-2778 MISC |
mattermost — mattermost | Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. | 2023-06-16 | not yet calculated | CVE-2023-2783 MISC |
tp-link — tl-wpa8630p | TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C. | 2023-06-13 | not yet calculated | CVE-2023-27836 MISC |
tp-link — tl-wpa8630p | TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774. | 2023-06-13 | not yet calculated | CVE-2023-27837 MISC |
mattermost — mattermost | Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. | 2023-06-16 | not yet calculated | CVE-2023-2784 MISC |
mattermost — mattermost | Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files | 2023-06-16 | not yet calculated | CVE-2023-2785 MISC |
mattermost — mattermost | Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands. | 2023-06-16 | not yet calculated | CVE-2023-2786 MISC |
mattermost — mattermost | Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API. | 2023-06-16 | not yet calculated | CVE-2023-2787 MISC |
mattermost — mattermost | Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker’s account is deactivated. | 2023-06-16 | not yet calculated | CVE-2023-2788 MISC |
mattermost — mattermost | When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post. | 2023-06-16 | not yet calculated | CVE-2023-2791 MISC |
mattermost — mattermost | Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command. | 2023-06-16 | not yet calculated | CVE-2023-2792 MISC |
mattermost — mattermost | Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message. | 2023-06-16 | not yet calculated | CVE-2023-2793 MISC |
mattermost — mattermost | Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel. | 2023-06-16 | not yet calculated | CVE-2023-2797 MISC |
fortinet — multiple_products | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. | 2023-06-13 | not yet calculated | CVE-2023-27997 MISC |
fortinet — fortiadc_cli | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command. | 2023-06-13 | not yet calculated | CVE-2023-28000 MISC |
artica_pfms — pandora_fms | Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. This issue affects PandoraFMS v771 and prior versions on all platforms. | 2023-06-13 | not yet calculated | CVE-2023-2807 MISC |
bosch — vms | Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. | 2023-06-15 | not yet calculated | CVE-2023-28175 MISC |
proofpoint — threat_response/threat_response_auto_pull | A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. ?This could result in arbitrary javascript code execution in an admin context.?All versions prior to 5.10.0 are affected.? | 2023-06-14 | not yet calculated | CVE-2023-2819 MISC |
proofpoint — threat_response/threat_response_auto_pull | An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected. | 2023-06-14 | not yet calculated | CVE-2023-2820 MISC |
sap — plant_connectivity | SAP Plant Connectivity – version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing – version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing. | 2023-06-13 | not yet calculated | CVE-2023-2827 MISC MISC |
mattermost — mattermost | Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters. | 2023-06-16 | not yet calculated | CVE-2023-2831 MISC |
eset — multiple_products | During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability. | 2023-06-15 | not yet calculated | CVE-2023-2847 MISC |
zoom — zoom | Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash. | 2023-06-13 | not yet calculated | CVE-2023-28598 MISC |
zoom — zoom | Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation. | 2023-06-13 | not yet calculated | CVE-2023-28599 MISC |
zoom — zoom | Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client. | 2023-06-13 | not yet calculated | CVE-2023-28600 MISC |
zoom — zoom | Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client. | 2023-06-13 | not yet calculated | CVE-2023-28601 MISC |
zoom — zoom | Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions. | 2023-06-13 | not yet calculated | CVE-2023-28602 MISC |
zoom — zoom | Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. | 2023-06-13 | not yet calculated | CVE-2023-28603 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cyberus Labs Cyberus Key plugin <= 1.0 versions. | 2023-06-13 | not yet calculated | CVE-2023-28620 MISC |
abb — multiple_products | Sensitive Cookie Without ‘HttpOnly’ Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1. | 2023-06-13 | not yet calculated | CVE-2023-2876 MISC |
hikvision — multiple_products | Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user. | 2023-06-15 | not yet calculated | CVE-2023-28809 MISC |
hikvision — multiple_products | Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network. | 2023-06-15 | not yet calculated | CVE-2023-28810 MISC |
siemens — multiple_products | A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents. | 2023-06-13 | not yet calculated | CVE-2023-28829 MISC |
siemens — multiple_products | A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0). The affected versions of the module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. This CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration. | 2023-06-13 | not yet calculated | CVE-2023-29129 MISC |
fuji_electric_co.,_ltd. — frenic_rhc_loader | Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed. | 2023-06-13 | not yet calculated | CVE-2023-29160 MISC MISC |
fuji_electric_co.,_ltd. — frenic_rhc_loader | Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed. | 2023-06-13 | not yet calculated | CVE-2023-29167 MISC MISC |
fortinet — multiple_products | An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard’s map server. | 2023-06-13 | not yet calculated | CVE-2023-29175 MISC |
fortinet — multiple_products | A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests. | 2023-06-13 | not yet calculated | CVE-2023-29178 MISC |
fuji_electric_co.,_ltd. — frenic_rhc_loader | Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed. | 2023-06-13 | not yet calculated | CVE-2023-29498 MISC MISC |
runsystem_co._ltd. — jiyu_kukan_toku-toku_coupon_app | Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. | 2023-06-13 | not yet calculated | CVE-2023-29501 MISC MISC MISC MISC |
tp-link — tl-wpa7510 | TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale. | 2023-06-13 | not yet calculated | CVE-2023-29562 MISC |
google — guava | Use of Java’s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows. | 2023-06-14 | not yet calculated | CVE-2023-2976 MISC |
schneider_electric — igss_dashboard | A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. | 2023-06-14 | not yet calculated | CVE-2023-3001 MISC |
osticket — osticket | A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory. | 2023-06-14 | not yet calculated | CVE-2023-30082 MISC |
prestashop — leocustomajax | PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php. | 2023-06-14 | not yet calculated | CVE-2023-30150 MISC |
craftcms — craftcms | CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. | 2023-06-13 | not yet calculated | CVE-2023-30179 MISC MISC |
4d — 4d_sas/4d_server | An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping. | 2023-06-16 | not yet calculated | CVE-2023-30222 MISC MISC |
4d — 4d_sas/4d_server | A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions. | 2023-06-16 | not yet calculated | CVE-2023-30223 MISC MISC |
cloudflare — cfnts_for_rust | An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents. | 2023-06-14 | not yet calculated | CVE-2023-3036 MISC |
cloudflare — lua-resty-json | A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that because this debug function was only used in tests and demos, it was not exploitable in a normal environment. | 2023-06-14 | not yet calculated | CVE-2023-3040 MISC MISC |
atlassian — jira | The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter. | 2023-06-16 | not yet calculated | CVE-2023-30453 MISC MISC |
rudderstack — rudder-server | rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue. | 2023-06-16 | not yet calculated | CVE-2023-30625 MISC MISC MISC MISC MISC MISC MISC |
oracle — apache | Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn’t function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions | 2023-06-14 | not yet calculated | CVE-2023-30631 MISC |
siemens — multiple_products | A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous – yet unprotected – versions of the project without the knowledge of the know-how protection password. | 2023-06-13 | not yet calculated | CVE-2023-30757 MISC |
kbdevice_inc. — kb-ahr_series_and_kb-irip_series | Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A. | 2023-06-13 | not yet calculated | CVE-2023-30762 MISC MISC |
kbdevice_inc. — kb-ahr_series_and_kb-irip_series | OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A. | 2023-06-13 | not yet calculated | CVE-2023-30764 MISC MISC |
kbdevice_inc. — kb-ahr_series_and_kb-irip_series | Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A. | 2023-06-13 | not yet calculated | CVE-2023-30766 MISC MISC |
siemens — simatic | A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | 2023-06-13 | not yet calculated | CVE-2023-30897 MISC |
siemens — power_meter_sicam | A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. | 2023-06-13 | not yet calculated | CVE-2023-30901 MISC |
hewlett_packard_enterprise — hp-ux | HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. | 2023-06-16 | not yet calculated | CVE-2023-30903 MISC |
hewlett_packard_enterprise — hpe_insight_remote_support | A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information. | 2023-06-16 | not yet calculated | CVE-2023-30904 MISC |
hewlett_packard_enterprise — hpe_mc990_x_rmc_firmware | The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege. | 2023-06-16 | not yet calculated | CVE-2023-30905 MISC |
discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose. | 2023-06-13 | not yet calculated | CVE-2023-31142 MISC |
asustek_computer_inc. — asus_router_rt-ax3000 | ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without ‘Secure’ attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted (‘http’) connection, the user’s session may be hijacked. | 2023-06-13 | not yet calculated | CVE-2023-31195 MISC MISC |
inaba_denki_sangyo_co._ltd. — wi-fi_ap_unit | Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier | 2023-06-13 | not yet calculated | CVE-2023-31196 MISC MISC |
inaba_denki_sangyo_co._ltd. — wi-fi_ap_unit | OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier | 2023-06-13 | not yet calculated | CVE-2023-31198 MISC MISC |
siemens — power_meter_sicam | A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user. | 2023-06-13 | not yet calculated | CVE-2023-31238 MISC |
ckeditor — ckeditor | A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server. | 2023-06-13 | not yet calculated | CVE-2023-31541 MISC MISC MISC |
linux — kernel | A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. | 2023-06-12 | not yet calculated | CVE-2023-3159 MISC |
linux — kernel | A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. | 2023-06-12 | not yet calculated | CVE-2023-3161 MISC MISC |
prestashop — postfinance | PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess(). | 2023-06-14 | not yet calculated | CVE-2023-31671 MISC MISC |
prestashop — prestashop | In the PrestaShop < 2.4.3 module “Length, weight or volume sell” (ailinear) there is a SQL injection vulnerability. | 2023-06-15 | not yet calculated | CVE-2023-31672 MISC |
rst_instruments — vw2100_router | There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user. | 2023-06-14 | not yet calculated | CVE-2023-31746 MISC MISC MISC MISC |
liferay_inc — portal/dxp | Cross-site scripting (XSS) vulnerability in the Layout module’s SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. | 2023-06-15 | not yet calculated | CVE-2023-3193 MISC |
imagemagick — imagemagick | A stack-based buffer overflow issue was found in ImageMagick’s coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. | 2023-06-16 | not yet calculated | CVE-2023-3195 MISC MISC MISC MISC MISC |
wordpress — wordpress | The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-14 | not yet calculated | CVE-2023-3198 MISC MISC MISC |
wordpress — wordpress | The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-14 | not yet calculated | CVE-2023-3200 MISC MISC MISC |
wordpress — wordpress | The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-14 | not yet calculated | CVE-2023-3201 MISC MISC MISC |
wordpress — wordpress | The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-14 | not yet calculated | CVE-2023-3203 MISC MISC MISC |
chengdu — vec40g | A vulnerability classified as problematic was found in Chengdu VEC40G 3.0. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=restart. The manipulation of the argument restart with the input reboot leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-12 | not yet calculated | CVE-2023-3206 MISC MISC MISC |
discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds. | 2023-06-13 | not yet calculated | CVE-2023-32061 MISC |
roadflow — visual_process_engine_.net_core_mvc | A vulnerability, which was classified as critical, has been found in RoadFlow Visual Process Engine .NET Core Mvc 2.13.3. Affected by this issue is some unknown functionality of the file /Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05 of the component Login. The manipulation of the argument sidx/sord leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-12 | not yet calculated | CVE-2023-3208 MISC MISC MISC |
sap — master_data_synchronization | An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system. | 2023-06-13 | not yet calculated | CVE-2023-32115 MISC MISC |
google — chrome | Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | 2023-06-13 | not yet calculated | CVE-2023-3214 MISC MISC MISC MISC |
google — chrome | Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-06-13 | not yet calculated | CVE-2023-3215 MISC MISC MISC MISC |
google — chrome | Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-06-13 | not yet calculated | CVE-2023-3216 MISC MISC MISC MISC |
google — chrome | Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-06-13 | not yet calculated | CVE-2023-3217 MISC MISC MISC MISC |
it-novum — it-novum/openitcockpit | Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5. | 2023-06-13 | not yet calculated | CVE-2023-3218 MISC CONFIRM |
mazda — mazda | A Mazda model (2015-2016) can be unlocked via an unspecified method. | 2023-06-12 | not yet calculated | CVE-2023-32219 MISC |
milesight — ncr/camera | Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method. | 2023-06-12 | not yet calculated | CVE-2023-32220 MISC |
easeus — todo_backup | EaseUS Todo Backup version 20220111.390 – An omission during installation may allow a local attacker to perform privilege escalation. | 2023-06-12 | not yet calculated | CVE-2023-32221 MISC |
bosch — camera_firmware_cpp13/cpp14 | Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256. | 2023-06-15 | not yet calculated | CVE-2023-32229 MISC |
nuxt — nuxt | Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. | 2023-06-13 | not yet calculated | CVE-2023-3224 MISC CONFIRM |
discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled. | 2023-06-13 | not yet calculated | CVE-2023-32301 MISC |
ujcms — ujcms | A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability. | 2023-06-14 | not yet calculated | CVE-2023-3231 MISC MISC MISC |
zhong_bang — crmeb | A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231503. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-14 | not yet calculated | CVE-2023-3232 MISC MISC MISC |
zhong_bang — crmeb | A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231504. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-14 | not yet calculated | CVE-2023-3233 MISC MISC MISC |
zhong_bang — crmeb | A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been declared as problematic. Affected by this vulnerability is the function put_image of the file api/controller/v1/PublicController.php. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231505 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-14 | not yet calculated | CVE-2023-3234 MISC MISC MISC |
mccms — mccms | A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231506 is the identifier assigned to this vulnerability. | 2023-06-14 | not yet calculated | CVE-2023-3235 MISC MISC MISC |
mccms — mccms | A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231507. | 2023-06-14 | not yet calculated | CVE-2023-3236 MISC MISC MISC |
otcms — otcms | A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508. | 2023-06-14 | not yet calculated | CVE-2023-3237 MISC MISC MISC |
otcms — otcms | A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231509 was assigned to this vulnerability. | 2023-06-14 | not yet calculated | CVE-2023-3238 MISC MISC MISC |
otcms — otcms | A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: ‘../filedir’. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability. | 2023-06-14 | not yet calculated | CVE-2023-3239 MISC MISC MISC |
otcms — otcms | A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: ‘../filedir’. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511. | 2023-06-14 | not yet calculated | CVE-2023-3240 MISC MISC MISC |
otcms — otcms | A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231512. | 2023-06-14 | not yet calculated | CVE-2023-3241 MISC MISC MISC |
dell– power_protect_cyber_recovery | Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker. | 2023-06-14 | not yet calculated | CVE-2023-32465 MISC |
chatwork_co._ltd. — chatwork_desktop_application | Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user’s consent. | 2023-06-13 | not yet calculated | CVE-2023-32546 MISC MISC |
kingsoft_japan_inc. — wps_office | OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed. | 2023-06-13 | not yet calculated | CVE-2023-32548 MISC MISC |
hp_inc. — multiple_products | Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege. | 2023-06-12 | not yet calculated | CVE-2023-32673 MISC |
hp_inc. — hp_pc_hardware_diagnostics_windows | Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow. | 2023-06-12 | not yet calculated | CVE-2023-32674 MISC |
linux — kernel | An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. | 2023-06-16 | not yet calculated | CVE-2023-3268 MISC |
code-projects — supplier_management_system | A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btn_functions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231624. | 2023-06-15 | not yet calculated | CVE-2023-3274 MISC MISC MISC |
rail_pass_management_system — rail_pass_management_system | A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The identifier VDB-231625 was assigned to this vulnerability. | 2023-06-15 | not yet calculated | CVE-2023-3275 MISC MISC |
dromara — hutool | A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-15 | not yet calculated | CVE-2023-3276 MISC MISC MISC |
gpac — gpac | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. | 2023-06-16 | not yet calculated | CVE-2023-3291 CONFIRM MISC |
salesagility/suitecrm-core — salesagility/suitecrm-core | Cross-site Scripting (XSS) – Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0. | 2023-06-16 | not yet calculated | CVE-2023-3293 CONFIRM MISC |
saleor/react-storefront — saleor/react-storefront | Cross-site Scripting (XSS) – DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7. | 2023-06-16 | not yet calculated | CVE-2023-3294 MISC CONFIRM |
siemens — multiple_products | A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2023-06-13 | not yet calculated | CVE-2023-33121 MISC |
siemens — multiple_products | A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information. | 2023-06-13 | not yet calculated | CVE-2023-33122 MISC |
siemens — multiple_products | A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. | 2023-06-13 | not yet calculated | CVE-2023-33123 MISC |
siemens — multiple_products | A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. | 2023-06-13 | not yet calculated | CVE-2023-33124 MISC |
starface — starface/rest_api | RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application’s database generally has become best practice to protect users’ passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash. | 2023-06-15 | not yet calculated | CVE-2023-33243 MISC MISC |
labcollector — labcollector | LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent. | 2023-06-12 | not yet calculated | CVE-2023-33253 MISC MISC |
rust — rust | The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python). | 2023-06-12 | not yet calculated | CVE-2023-33290 MISC MISC |
fortinet — multiple_products | A loop with unreachable exit condition (‘infinite loop’) in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests. | 2023-06-13 | not yet calculated | CVE-2023-33305 MISC |
fortinet — multiple_products | A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter. | 2023-06-16 | not yet calculated | CVE-2023-33306 MISC |
fortinet — multiple_products | A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter. | 2023-06-16 | not yet calculated | CVE-2023-33307 MISC |
wolters_kluwer — teammate+ | A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML. | 2023-06-16 | not yet calculated | CVE-2023-33438 MISC MISC |
softexpert — excellence_suite | SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens. | 2023-06-14 | not yet calculated | CVE-2023-33515 MISC |
dolibarr– dolibarr | An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company’s entire customer file, prospects, suppliers, and employee information if a contact file exists. | 2023-06-13 | not yet calculated | CVE-2023-33568 MISC MISC MISC MISC MISC |
gl.inet — gl-ar750s-ext | GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. | 2023-06-13 | not yet calculated | CVE-2023-33620 MISC MISC MISC |
gl.inet — gl-ar750s-ext | GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay. | 2023-06-13 | not yet calculated | CVE-2023-33621 MISC MISC MISC |
hutool — hutool | Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. | 2023-06-13 | not yet calculated | CVE-2023-33695 MISC |
siemens — multiple_products | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. | 2023-06-13 | not yet calculated | CVE-2023-33919 MISC |
siemens — multiple_products | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability. | 2023-06-13 | not yet calculated | CVE-2023-33920 MISC |
siemens — multiple_products | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device. | 2023-06-13 | not yet calculated | CVE-2023-33921 MISC |
oracle — apache | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions | 2023-06-14 | not yet calculated | CVE-2023-33933 MISC |
sap — netweaver | SAP NetWeaver (Design Time Repository) – version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could lead to Cross-Site Scripting vulnerability. | 2023-06-13 | not yet calculated | CVE-2023-33984 MISC MISC |
sap — netweaver | SAP NetWeaver Enterprise Portal – version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | 2023-06-13 | not yet calculated | CVE-2023-33985 MISC MISC |
sap — crm_abap | SAP CRM ABAP (Grantor Management) – versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. | 2023-06-13 | not yet calculated | CVE-2023-33986 MISC MISC |
sap — ui5_variantManagement | SAP UI5 Variant Management – versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level. | 2023-06-13 | not yet calculated | CVE-2023-33991 MISC MISC |
wordpress — wordpress | Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions. | 2023-06-14 | not yet calculated | CVE-2023-34000 MISC MISC |
cpdb-libs — cpdb-libs | cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of `scanf(3)`. cpdb-libs uses the `fscanf()` and `scanf()` functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read by `fscanf()` and `scanf()` causing buffer overflows when a string is longer than 1023 characters. A patch for this issue is available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a length of 1024 characters, the patch limits the maximum string length to be read to 1023 by replacing all occurrences of `%s` with `%1023s` in all calls of the `fscanf()` and `scanf()` functions. | 2023-06-14 | not yet calculated | CVE-2023-34095 MISC MISC MISC MISC MISC MISC |
contiki-ng — contiki-ng | Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in the `dao_input_storing` function, the Contiki-NG OS does not verify that the packet buffer is big enough to contain the bytes it needs before accessing them. Up to 16 bytes can be read out of bounds in the `dao_input_storing` function. An attacker can truncate an ICMP packet so that it does not contain enough data, leading to an out-of-bounds read on these lines. The problem has been patched in the “develop” branch of Contiki-NG, and is expected to be included in release 4.9. As a workaround, one can apply the changes in Contiki-NG pull request #2435 to patch the system. | 2023-06-14 | not yet calculated | CVE-2023-34101 MISC MISC |
srs– srs | SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS’s `api-server` server is vulnerable to a drive-by command injection. An attacker may send a request to the `/api/v1/snapshots` endpoint containing any commands to be executed as part of the body of the POST request. This issue may lead to Remote Code Execution (RCE). Versions 5.0.157, 5.0-b1, and 6.0.48 contain a fix. | 2023-06-12 | not yet calculated | CVE-2023-34105 MISC MISC MISC |
zoom — zoom | Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. | 2023-06-13 | not yet calculated | CVE-2023-34113 MISC |
zoom — zoom | Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. | 2023-06-13 | not yet calculated | CVE-2023-34114 MISC |
zoom — zoom | Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenticated user to potentially enable a denial of service via local access. This issue may result in the Zoom Meeting SDK to crash and need to be restarted. | 2023-06-13 | not yet calculated | CVE-2023-34115 MISC |
zoom — zoom | Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges. | 2023-06-13 | not yet calculated | CVE-2023-34120 MISC |
zoom — zoom | Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. | 2023-06-13 | not yet calculated | CVE-2023-34121 MISC |
zoom — zoom | Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. | 2023-06-13 | not yet calculated | CVE-2023-34122 MISC |
oracle — apache | Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater. | 2023-06-14 | not yet calculated | CVE-2023-34149 MISC MISC |
huawei — harmonyos | Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources. | 2023-06-16 | not yet calculated | CVE-2023-34154 MISC |
hwwatchhealth — hwwatchhealth | Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app. | 2023-06-16 | not yet calculated | CVE-2023-34157 MISC |
huawei — harmonyos | Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions. | 2023-06-16 | not yet calculated | CVE-2023-34165 MISC |
oracle — apache | The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location. The resolution validates the JNDI URL and restricts locations to a set of allowed schemes. You are recommended to upgrade to version 1.22.0 or later which fixes this issue. | 2023-06-12 | not yet calculated | CVE-2023-34212 MISC MISC MISC |
cilium — cilium | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster can leverage this issue to use cluster secrets that should not be visible to them, or communicate with services that they should not have access to. Gateway API functionality is disabled by default. This vulnerability is fixed in Cilium release 1.13.4. As a workaround, restrict the creation of `ReferenceGrant` resources to admin users by using Kubernetes RBAC. | 2023-06-15 | not yet calculated | CVE-2023-34242 MISC MISC |
doorkeeper — doorkeeper | Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6. | 2023-06-12 | not yet calculated | CVE-2023-34246 MISC MISC MISC MISC MISC |
keystone — keystone | Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package. | 2023-06-13 | not yet calculated | CVE-2023-34247 MISC MISC |
benjjvi/pybb — benjjvi/pybb | benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`. | 2023-06-13 | not yet calculated | CVE-2023-34249 MISC MISC |
discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn’t have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds. | 2023-06-13 | not yet calculated | CVE-2023-34250 MISC |
grav — grav | Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this issue. | 2023-06-14 | not yet calculated | CVE-2023-34251 MISC MISC MISC |
grav — grav | Grav is a file-based Web platform. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a callable argument allows the validation check to be skipped. Consequently, a low privileged attacker with login access to Grav Admin panel and page creation/update permissions is able to inject malicious templates to obtain remote code execution. The vulnerability can be found in the `GravExtension.filterFilter()` function declared in `/system/src/Grav/Common/Twig/Extension/GravExtension.php`. Version 1.7.42 contains a patch for this issue. End users should also ensure that `twig.undefined_functions` and `twig.undefined_filters` properties in `/path/to/webroot/system/config/system.yaml` configuration file are set to `false` to disallow Twig from treating undefined filters/functions as PHP functions and executing them. | 2023-06-14 | not yet calculated | CVE-2023-34252 MISC MISC MISC MISC |
grav — grav | Grav is a file-based Web platform. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates was insufficient and could be easily subverted in multiple ways — (1) using unsafe functions that are not banned, (2) using capitalised callable names, and (3) using fully-qualified names for referencing callables. Consequently, a low privileged attacker with login access to Grav Admin panel and page creation/update permissions is able to inject malicious templates to obtain remote code execution. A patch in version 1.7.42 improves the denylist. | 2023-06-14 | not yet calculated | CVE-2023-34253 MISC MISC MISC MISC MISC |
bmc — ami | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering. | 2023-06-12 | not yet calculated | CVE-2023-34334 MISC |
bmc — ami | AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service. | 2023-06-12 | not yet calculated | CVE-2023-34335 MISC |
bmc — ami | AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges. | 2023-06-12 | not yet calculated | CVE-2023-34336 MISC |
bmc — ami | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or data tampering. | 2023-06-12 | not yet calculated | CVE-2023-34341 MISC |
bmc — ami | AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering. | 2023-06-12 | not yet calculated | CVE-2023-34342 MISC |
bmc — ami | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering. | 2023-06-12 | not yet calculated | CVE-2023-34343 MISC |
bmc — ami | AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure. | 2023-06-12 | not yet calculated | CVE-2023-34344 MISC |
bmc — ami | AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. | 2023-06-12 | not yet calculated | CVE-2023-34345 MISC |
microsoft — windows_7 | Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue. | 2023-06-14 | not yet calculated | CVE-2023-34367 MISC MISC MISC |
oracle — apache | Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater | 2023-06-14 | not yet calculated | CVE-2023-34396 MISC MISC |
grav — grav | Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig’s Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`. | 2023-06-14 | not yet calculated | CVE-2023-34448 MISC MISC MISC MISC MISC |
rust — rust | ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink_env::invoke_contract_delegate`, is decoded incorrectly. This bug was related to the mechanics around decoding a call’s return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! 4.0.0, no previous versions are affected. Users who have an ink! 4.x series contract should upgrade to 4.2.1 to receive a patch. | 2023-06-14 | not yet calculated | CVE-2023-34449 MISC MISC MISC MISC MISC |
grav — grav | Grav is a flat-file content management system. In versions 1.7.42 and prior, the “/forgot_password” page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the “email” parameter of the request. While this vulnerability can potentially allow an attacker to execute arbitrary code on the user’s browser, the impact is limited as it requires user interaction to trigger the vulnerability. As of time of publication, a patch is not available. Server-side validation should be implemented to prevent this vulnerability. | 2023-06-14 | not yet calculated | CVE-2023-34452 MISC |
snappy-java– snappy-java | snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`. The same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue. Version 1.1.10.1 contains a patch for this vulnerability. | 2023-06-15 | not yet calculated | CVE-2023-34453 MISC MISC MISC MISC |
snappy-java– snappy-java | snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function. Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array. Since the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error. The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place. Version 1.1.10.1 contains a patch for this issue. | 2023-06-15 | not yet calculated | CVE-2023-34454 MISC MISC MISC MISC MISC |
snappy-java– snappy-java | snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk. In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error. Version 1.1.10.1 contains a patch for this issue. | 2023-06-15 | not yet calculated | CVE-2023-34455 MISC MISC MISC MISC |
openzeppelin_contracts — openzeppelin_contracts | OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiProof`, or `processMultiProofCalldat` functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves. A contract may be vulnerable if it uses multiproofs for verification and the merkle tree that is processed includes a node with value 0 at depth 1 (just under the root). This could happen inadvertedly for balanced trees with 3 leaves or less, if the leaves are not hashed. This could happen deliberately if a malicious tree builder includes such a node in the tree. A contract is not vulnerable if it uses single-leaf proving (`verify`, `verifyCalldata`, `processProof`, or `processProofCalldata`), or if it uses multiproofs with a known tree that has hashed leaves. Standard merkle trees produced or validated with the @openzeppelin/merkle-tree library are safe. The problem has been patched in version 4.9.2. Some workarounds are available. For those using multiproofs: When constructing merkle trees hash the leaves and do not insert empty nodes in your trees. Using the @openzeppelin/merkle-tree package eliminates this issue. Do not accept user-provided merkle roots without reconstructing at least the first level of the tree. Verify the merkle tree structure by reconstructing it from the leaves. | 2023-06-16 | not yet calculated | CVE-2023-34459 MISC MISC MISC |
oracle — apache | The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue. | 2023-06-12 | not yet calculated | CVE-2023-34468 MISC MISC MISC |
imagemagick — imagemagick | A heap-based buffer overflow issue was discovered in ImageMagick’s ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. | 2023-06-16 | not yet calculated | CVE-2023-34474 MISC MISC MISC |
imagemagick — imagemagick | A heap use after free issue was discovered in ImageMagick’s ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service. | 2023-06-16 | not yet calculated | CVE-2023-34475 MISC MISC MISC |
hoteldruid — hoteldruid | A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage’s parameter to trick user on browser and/or exfiltrate data. | 2023-06-13 | not yet calculated | CVE-2023-34537 MISC |
langchain — langchain | Langchain 0.0.171 is vulnerable to Arbitrary Code Execution. | 2023-06-14 | not yet calculated | CVE-2023-34540 MISC |
simple_customer_relationship_management — simple_customer_relationship_management | Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter. | 2023-06-16 | not yet calculated | CVE-2023-34548 MISC |
netbox — netbox | Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the “Create Wireless LAN Groups” function. | 2023-06-14 | not yet calculated | CVE-2023-34565 MISC |
flexjson — flexjson | An issue was discovered flexjson thru 3.3 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-34609 MISC MISC MISC MISC |
json-io– json-io | An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-34610 MISC |
mjson — mjson | An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-34611 MISC |
ph-json — ph-json | An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-34612 MISC |
sojo — sojo | An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-34613 MISC |
jsonij — jsonij | An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-34614 MISC |
jsonutil — jsonutil | An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-34615 MISC |
pbjson — pbjson | An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-34616 MISC |
genson — genson | An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-34617 MISC |
hjson — hjson | An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-34620 MISC |
jtidy — jtidy | An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-34623 MISC |
htmlcleaner — htmlcleaner | An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-34624 MISC |
piwigo — piwigo | Piwigo 13.7.0 is vulnerable to SQL Injection via the “Users” function. | 2023-06-15 | not yet calculated | CVE-2023-34626 MISC |
jfinal_cms — jfinal_cms | jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | 2023-06-16 | not yet calculated | CVE-2023-34645 MISC |
jjeecg — jjeecg-boot | jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. | 2023-06-16 | not yet calculated | CVE-2023-34659 MISC |
jjeecg — jjeecg-boot | jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. | 2023-06-16 | not yet calculated | CVE-2023-34660 MISC |
cyber_cafe_management_system — cyber_cafe_management_system | Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter. | 2023-06-15 | not yet calculated | CVE-2023-34666 MISC |
volkswagen — discover_media_infotainment_system | A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle’s USB plug and play feature. | 2023-06-16 | not yet calculated | CVE-2023-34733 MISC |
ujcms — ujcms | File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload. | 2023-06-14 | not yet calculated | CVE-2023-34747 MISC |
xlsxio — xlsxio | xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX file. | 2023-06-16 | not yet calculated | CVE-2023-34795 MISC MISC MISC |
temenos — cwx | Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information. | 2023-06-15 | not yet calculated | CVE-2023-34797 MISC |
d-link — go-rt-ac750 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main. | 2023-06-15 | not yet calculated | CVE-2023-34800 MISC MISC |
fdkaac — fdkaac | fdkaac before 1.0.5 was discovered to contain a stack overflow in read_callback function in src/main.c. | 2023-06-14 | not yet calculated | CVE-2023-34823 MISC |
fdkaac — fdkaac | fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c. | 2023-06-14 | not yet calculated | CVE-2023-34824 MISC |
tp-link — archer_ax10(EU) | TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 – 0x132B4. | 2023-06-16 | not yet calculated | CVE-2023-34832 MISC MISC MISC MISC |
thinkadmin — thinkadmin | An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file. | 2023-06-15 | not yet calculated | CVE-2023-34833 MISC |
bludit — bludit | Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. | 2023-06-16 | not yet calculated | CVE-2023-34845 MISC |
publiccms — publiccms | PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. | 2023-06-15 | not yet calculated | CVE-2023-34852 MISC MISC |
youxun_electronic_equipment_(shanghai)_co._ltd — ac_centralized_management_platform | A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi. | 2023-06-12 | not yet calculated | CVE-2023-34855 MISC |
ujcms — ujcms | Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature. | 2023-06-14 | not yet calculated | CVE-2023-34865 MISC |
jerryscript_3.0 — jerryscript_3.0 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c. | 2023-06-14 | not yet calculated | CVE-2023-34867 MISC |
jerryscript_3.0 — jerryscript_3.0 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c. | 2023-06-14 | not yet calculated | CVE-2023-34868 MISC |
ujcms — ujcms | An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip. | 2023-06-14 | not yet calculated | CVE-2023-34878 MISC |
cmseasy — cmseasy | cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion. | 2023-06-15 | not yet calculated | CVE-2023-34880 MISC |
chamilo — chamilo | An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file. | 2023-06-13 | not yet calculated | CVE-2023-34944 MISC MISC MISC MISC |
sspanel-uim — sspanel-uim | SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information. | 2023-06-13 | not yet calculated | CVE-2023-34965 MISC MISC MISC |
liferay_inc — portal/dxp | Open redirect vulnerability in the Layout module’s SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. | 2023-06-15 | not yet calculated | CVE-2023-35029 MISC |
liferay_inc — portal/dxp | Cross-site request forgery (CSRF) vulnerability in the Layout module’s SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. | 2023-06-15 | not yet calculated | CVE-2023-35030 MISC |
atos — unify_openscape | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036. | 2023-06-12 | not yet calculated | CVE-2023-35031 MISC MISC |
atos — unify_openscape | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554. | 2023-06-12 | not yet calculated | CVE-2023-35032 MISC MISC |
atos — unify_openscape | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556. | 2023-06-12 | not yet calculated | CVE-2023-35033 MISC MISC |
atos — unify_openscape | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557. | 2023-06-12 | not yet calculated | CVE-2023-35035 MISC MISC |
geoserver_2 — geoserver_2 | GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. | 2023-06-12 | not yet calculated | CVE-2023-35042 MISC MISC |
jjson — jjson | An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | 2023-06-14 | not yet calculated | CVE-2023-35110 MISC |
jenkins — jenkins | In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu. | 2023-06-14 | not yet calculated | CVE-2023-35141 MISC MISC |
jenkins — jenkins | Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. | 2023-06-14 | not yet calculated | CVE-2023-35142 MISC MISC |
jenkins — jenkins | Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`. | 2023-06-14 | not yet calculated | CVE-2023-35143 MISC MISC |
jenkins — jenkins | Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability. | 2023-06-14 | not yet calculated | CVE-2023-35144 MISC MISC |
jenkins — jenkins | Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission. | 2023-06-14 | not yet calculated | CVE-2023-35145 MISC MISC |
jenkins — jenkins | Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs. | 2023-06-14 | not yet calculated | CVE-2023-35146 MISC MISC |
jenkins — jenkins | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system. | 2023-06-14 | not yet calculated | CVE-2023-35147 MISC MISC |
jenkins — jenkins | A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | 2023-06-14 | not yet calculated | CVE-2023-35148 MISC MISC |
jenkins — jenkins | A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | 2023-06-14 | not yet calculated | CVE-2023-35149 MISC MISC |
progress — moveit_transfer | In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3). | 2023-06-16 | not yet calculated | CVE-2023-35708 MISC MISC MISC |
typo3 — typo3 | The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection. | 2023-06-16 | not yet calculated | CVE-2023-35782 MISC |
typo3 — typo3 | The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data. | 2023-06-16 | not yet calculated | CVE-2023-35783 MISC |
openbsd — openbsd | A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected. | 2023-06-16 | not yet calculated | CVE-2023-35784 MISC MISC MISC MISC MISC MISC |
linux — kernel | An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. | 2023-06-16 | not yet calculated | CVE-2023-35788 MISC MISC MISC MLIST |
rabbitmq-c — rabbitmq-c | An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. | 2023-06-16 | not yet calculated | CVE-2023-35789 MISC MISC |
libjxl — libjxl | An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop. | 2023-06-16 | not yet calculated | CVE-2023-35790 MISC MISC |
sugarcrm_enterprise — sugarcrm_enterprise | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected. | 2023-06-17 | not yet calculated | CVE-2023-35808 MISC |
sugarcrm_enterprise — sugarcrm_enterprise | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected. | 2023-06-17 | not yet calculated | CVE-2023-35809 MISC |
sugarcrm_enterprise — sugarcrm_enterprise | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing input validation. Admin user privileges are required to exploit this vulnerability. Editions other than Enterprise are also affected. | 2023-06-17 | not yet calculated | CVE-2023-35810 MISC |
sugarcrm_enterprise — sugarcrm_enterprise | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected. | 2023-06-17 | not yet calculated | CVE-2023-35811 MISC |
sitecore — multiple_products | Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. | 2023-06-17 | not yet calculated | CVE-2023-35813 MISC |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.