US-CERT Vulnerability Summary for the Week of June 12, 2023

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
tmt — lockcell
 
Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.2023-06-1310CVE-2023-3049
MISC
MISC
danfoss — ak-em100_firmwareThe Danfoss AK-EM100 web forms allow for SQL injection in the login forms.2023-06-119.8CVE-2023-22583
MISC
MISC
wpdirectorykit — wp_directory_kitThe WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the ‘wdk_public_action’ function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.2023-06-139.8CVE-2023-2278
MISC
MISC
MISC
danfoss — ak-em100_firmwareThe Danfoss AK-EM100 web applications allow for OS command injection through the web application parameters.2023-06-119.8CVE-2023-25911
MISC
MISC
progressbar.js_project — progressbar.jsAll versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js.2023-06-129.8CVE-2023-26133
MISC
MISC
MISC
fortinet — fortisiemA plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI.2023-06-139.8CVE-2023-26204
MISC
microsoft — microsoft_sharepoint_server
 
Microsoft SharePoint Server Elevation of Privilege Vulnerability2023-06-149.8CVE-2023-29357
MISC
microsoft — windows_10
 
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability2023-06-149.8CVE-2023-29363
MISC
tmt — lockcell
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.2023-06-139.8CVE-2023-3047
MISC
MISC
tmt — lockcell
 
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.2023-06-139.8CVE-2023-3050
MISC
MISC
froxlor — froxlorImproper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20.2023-06-099.8CVE-2023-3173
MISC
CONFIRM
microsoft — windows_10
 
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability2023-06-149.8CVE-2023-32014
MISC
microsoft — windows_10
 
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability2023-06-149.8CVE-2023-32015
MISC
l7_networks — instantscan
 
L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.2023-06-169.8CVE-2023-32752
CONFIRM
itpison — contact itpison
 
OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.2023-06-169.8CVE-2023-32753
CONFIRM
thinking_software — efence
 
Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.2023-06-169.8CVE-2023-32754
CONFIRM
dlink — dir-600_firmwareD-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.2023-06-129.8CVE-2023-33625
MISC
MISC
MISC
MISC
dlink — dir-600_firmwareD-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.2023-06-129.8CVE-2023-33626
MISC
MISC
MISC
service_provider_management_system_project — service_provider_management_systemSourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=22023-06-129.8CVE-2023-34581
MISC
MISC
MISC
MISC
bloofox — bloofoxcmsbloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.2023-06-149.8CVE-2023-34750
MISC
bloofox — bloofoxcmsbloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.2023-06-149.8CVE-2023-34751
MISC
bloofox — bloofoxcmsbloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.2023-06-149.8CVE-2023-34752
MISC
MISC
MISC
bloofox — bloofoxcmsbloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.2023-06-149.8CVE-2023-34753
MISC
bloofox — bloofoxcmsbloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.2023-06-149.8CVE-2023-34754
MISC
bloofox — bloofoxcmsbloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.2023-06-149.8CVE-2023-34755
MISC
bloofox — bloofoxcmsbloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.2023-06-149.8CVE-2023-34756
MISC
atos — unify_openscape_4000_managerAtos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033.2023-06-129.8CVE-2023-35034
MISC
MISC
satos — satos_mobile
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607.2023-06-139.8CVE-2023-35064
MISC
motopress — getwid_-_gutenberg_blocksThe Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.2023-06-099.6CVE-2023-1895
MISC
MISC
expresstech — quiz_and_survey_masterThe Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.2023-06-099.1CVE-2023-0291
MISC
MISC
MISC
MISC
adobe — magento_commerce
 
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.2023-06-159.1CVE-2023-29297
MISC
progress — moveit_transferIn Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.2023-06-129.1CVE-2023-35036
MISC
CONFIRM
fortinet — fortisiemAn Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints.2023-06-138.8CVE-2022-42478
MISC
wpwax — directoristThe Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges.2023-06-098.8CVE-2023-1888
MISC
MISC
yudiz — wp_replicate_postThe WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for contributor-level attackers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-06-098.8CVE-2023-2237
MISC
MISC
MISC
gvectors — wpforo_forumThe wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services.2023-06-098.8CVE-2023-2249
MISC
MISC
MISC
tp-link — ec70_firmwareTP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow.2023-06-128.8CVE-2023-28478
MISC
microsoft — windows_10
 
Remote Desktop Client Remote Code Execution Vulnerability2023-06-148.8CVE-2023-29362
MISC
microsoft — windows_10
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2023-06-148.8CVE-2023-29372
MISC
microsoft — windows_10
 
Microsoft ODBC Driver Remote Code Execution Vulnerability2023-06-148.8CVE-2023-29373
MISC
mimsoftware — mim_local_concurrent_license_serverAn issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service.2023-06-098.8CVE-2023-30262
MISC
MISC
MISC
tmt — lockcell
 
Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.2023-06-138.8CVE-2023-3048
MISC
MISC
lost_and_found_information_system_project — lost_and_found_information_systemA vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.2023-06-098.8CVE-2023-3176
MISC
MISC
MISC
lost_and_found_information_system_project — lost_and_found_information_systemA vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.2023-06-098.8CVE-2023-3177
MISC
MISC
MISC
microsoft — windows_10
 
Windows Collaborative Translation Framework Elevation of Privilege Vulnerability2023-06-148.8CVE-2023-32009
MISC
microsoft — mcirosoft_exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability2023-06-148.8CVE-2023-32031
MISC
unitecms — unlimited_elements_for_elementor
 
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers, with contributor-level permissions and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. The issue was partially patched in version 1.5.66 and fully patched in 1.5.672023-06-178.8CVE-2023-3295
MISC
MISC
microsoft — microsoft_office
 
Microsoft Outlook Remote Code Execution Vulnerability2023-06-148.8CVE-2023-33131
MISC
thedaylightstudio — fuel_cmsFuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.2023-06-098.8CVE-2023-33557
MISC
MISC
digitaldruid — hoteldruidhoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.2023-06-138.8CVE-2023-33817
MISC
bytedeco — javacpp_presetsJavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-presets` use the `github.event.head_commit.message?` parameter in an insecure way. For example, the commit message is used in a run statement – resulting in a command injection vulnerability due to string interpolation. No exploitation has been reported. This issue has been addressed in version 1.5.9. Users of JavaCPP Presets are advised to upgrade as a precaution.2023-06-098.8CVE-2023-34112
MISC
MISC
expresstech — quiz_and_survey_masterThe Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-098.1CVE-2023-0292
MISC
MISC
MISC
MISC
microsoft — microsoft_visual_studio
 
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability2023-06-148.1CVE-2023-24936
MISC
microsoft — windows_10
 
Windows Group Policy Elevation of Privilege Vulnerability2023-06-148.1CVE-2023-29351
MISC
microsoft — mcirosoft_exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability2023-06-148CVE-2023-28310
MISC
hp — softpaq_installerA potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.2023-06-097.8CVE-2019-16283
MISC
fortinet — fortiproxyA use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands.2023-06-137.8CVE-2022-43953
MISC
wpmet — metform_elementor_contact_form_builderThe Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.2023-06-097.8CVE-2023-0721
MISC
MISC
MISC
adobe — substance3d_designer
 
Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-06-157.8CVE-2023-21618
MISC
fortinet — fortiproxyA out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.2023-06-137.8CVE-2023-22639
MISC
microsoft — .net/visual_studio
 
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability2023-06-147.8CVE-2023-24895
MISC
microsoft — .net/visual_studio
 
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability2023-06-147.8CVE-2023-24897
MISC
fortinet — fortiadcMultiple improper neutralization of special elements used in an os command (‘OS Command Injection’) vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.2023-06-137.8CVE-2023-26210
MISC
hp — hp_device_managerPrevious versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.2023-06-127.8CVE-2023-26294
MISC
microsoft — publisher
 
Microsoft Publisher Remote Code Execution Vulnerability2023-06-177.8CVE-2023-28287
MISC
microsoft — publisher
 
Microsoft Publisher Remote Code Execution Vulnerability2023-06-177.8CVE-2023-28295
MISC
adobe — animate
 
Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-06-157.8CVE-2023-29321
MISC
microsoft — .net
 
.NET Framework Remote Code Execution Vulnerability2023-06-147.8CVE-2023-29326
MISC
microsoft — windows_10
 
NTFS Elevation of Privilege Vulnerability2023-06-147.8CVE-2023-29346
MISC
microsoft — windows_10
 
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability2023-06-167.8CVE-2023-29349
MISC
microsoft — windows_10
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2023-06-167.8CVE-2023-29356
MISC
microsoft — windows_10
 
Windows GDI Elevation of Privilege Vulnerability2023-06-147.8CVE-2023-29358
MISC
microsoft — windows_10
 
GDI Elevation of Privilege Vulnerability2023-06-147.8CVE-2023-29359
MISC
microsoft — windows_10
 
Windows TPM Device Driver Elevation of Privilege Vulnerability2023-06-147.8CVE-2023-29360
MISC
microsoft — windows_10
 
Windows Media Remote Code Execution Vulnerability2023-06-147.8CVE-2023-29365
MISC
microsoft — windows_server
 
Windows Geolocation Service Remote Code Execution Vulnerability2023-06-147.8CVE-2023-29366
MISC
microsoft — windows_server
 
iSCSI Target WMI Provider Remote Code Execution Vulnerability2023-06-147.8CVE-2023-29367
MISC
microsoft — windows_10
 
Windows Media Remote Code Execution Vulnerability2023-06-147.8CVE-2023-29370
MISC
microsoft — windows_10
 
Windows GDI Elevation of Privilege Vulnerability2023-06-147.8CVE-2023-29371
MISC
yandex — navigatorAn issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.2023-06-097.8CVE-2023-29749
MISC
ekatox — facemoji_emoji_keyboardAn issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.2023-06-097.8CVE-2023-29752
MISC
urbanandroid — twilightAn issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.2023-06-097.8CVE-2023-29755
MISC
leap — blue_light_filterAn issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.2023-06-097.8CVE-2023-29757
MISC
appcrossx — crossxAn issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.2023-06-097.8CVE-2023-29766
MISC
microsoft — windows_10
 
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability2023-06-147.8CVE-2023-32008
MISC
microsoft — windows_10
 
Microsoft PostScript Printer Driver Remote Code Execution Vulnerability2023-06-147.8CVE-2023-32017
MISC
microsoft — windows_11
 
Windows Hello Remote Code Execution Vulnerability2023-06-147.8CVE-2023-32018
MISC
microsoft — microsoft_sql_server
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2023-06-167.8CVE-2023-32025
MISC
microsoft — microsoft_sql_server
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2023-06-167.8CVE-2023-32026
MISC
microsoft — microsoft_sql_server
 
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2023-06-167.8CVE-2023-32027
MISC
microsoft — microsoft_ole_db_driver
 
Microsoft OLE DB Remote Code Execution Vulnerability2023-06-167.8CVE-2023-32028
MISC
microsoft — microsoft_office
 
Microsoft Excel Remote Code Execution Vulnerability2023-06-147.8CVE-2023-32029
MISC
microsoft — microsoft_office
 
Microsoft Excel Remote Code Execution Vulnerability2023-06-147.8CVE-2023-33133
MISC
microsoft — microsoft_office
 
Microsoft Excel Remote Code Execution Vulnerability2023-06-147.8CVE-2023-33137
MISC
microsoft — microsoft_office
 
Microsoft Office Remote Code Execution Vulnerability2023-06-147.8CVE-2023-33146
MISC
emqx — nanomqNanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handler function of mqtt_parser.c when it processes malformed messages.2023-06-127.8CVE-2023-34488
MISC
microsoft — windows_server_2019
 
<div data-wrapper=”true” style=”font-family:’Segoe UI’,’Helvetica Neue’,sans-serif; font-size:9pt”> <div>Windows Server Service Security Feature Bypass Vulnerability</div> </div>2023-06-147.6CVE-2023-32022
MISC
fortinet — fortisiemA use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods.2023-06-137.5CVE-2022-43949
MISC
grpc — grpcThere exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC’s C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.2023-06-097.5CVE-2023-1428
MISC
adobe — magento_commerce
 
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user’s data. Exploitation of this issue does not require user interaction.2023-06-157.5CVE-2023-22248
MISC
danfoss — ak-em100_firmwareThe Danfoss AK-EM100 stores login credentials in cleartext.2023-06-117.5CVE-2023-22584
MISC
MISC
danfoss — ak-em100_firmwareThe Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.2023-06-117.5CVE-2023-22586
MISC
MISC
fortinet — fortinacAn improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.2023-06-137.5CVE-2023-22633
MISC
dottie_project — dottieVersions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.2023-06-107.5CVE-2023-26132
MISC
MISC
MISC
microsoft — .net/visual_studio
 
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability2023-06-147.5CVE-2023-29331
MISC
webbax — winbizpaymentPrestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.2023-06-127.5CVE-2023-30198
MISC
MISC
microsoft — windows_10
 
Windows iSCSI Discovery Service Denial of Service Vulnerability2023-06-147.5CVE-2023-32011
MISC
microsoft — .net/visual_studio
 
.NET and Visual Studio Denial of Service Vulnerability2023-06-147.5CVE-2023-32030
MISC
fossbilling — fossbillingMissing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0.2023-06-147.5CVE-2023-3230
CONFIRM
MISC
grpc — grpcWhen gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients – leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in  https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/330052023-06-097.5CVE-2023-32731
MISC
MISC
emqx — nanomqNanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.2023-06-127.5CVE-2023-34494
MISC
jetbrains — youtrackIn JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms2023-06-127.5CVE-2023-35053
MISC
microsoft — .net/visual_studio.NET and Visual Studio Remote Code Execution Vulnerability2023-06-147.3CVE-2023-33126
MISC
microsoft — .net/visual_studio
 
.NET and Visual Studio Remote Code Execution Vulnerability2023-06-147.3CVE-2023-33128
MISC
microsoft — sharepoint
 
Microsoft SharePoint Server Spoofing Vulnerability2023-06-147.3CVE-2023-33130
MISC
microsoft — .net/visual_studio
 
.NET and Visual Studio Elevation of Privilege Vulnerability2023-06-147.3CVE-2023-33135
MISC
fortinet — fortinacAn access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.2023-06-137.2CVE-2022-39946
MISC
hijiriworld — intuitive_custom_post_orderThe Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied ‘objects’ and ‘tags’ parameters and lack of sufficient preparation in the ‘update_options’ function as well as the ‘refresh’ function which runs queries on the same values. This allows authenticated attackers, with administrator permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that this attack may only be practical on configurations where it is possible to bypass addslashes due to the database using a nonstandard character set such as GBK.2023-06-097.2CVE-2023-1016
MISC
MISC
postgresql — postgresqlschema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.2023-06-097.2CVE-2023-2454
MISC
MISC
themeisle — multiple_page_generatorThe Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-06-097.2CVE-2023-2607
MISC
MISC
MISC
froxlor — froxlorPath Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.2023-06-097.2CVE-2023-3172
CONFIRM
MISC
microsoft — azure_devops_server_2022
 
Azure DevOps Server Spoofing Vulnerability2023-06-147.1CVE-2023-21565
MISC
bitwarden — bitwardenBitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault.2023-06-097.1CVE-2023-27706
MISC
MISC
MISC
MISC
microsoft — nuget
 
NuGet Client Remote Code Execution Vulnerability2023-06-147.1CVE-2023-29337
MISC
linux — linux_kernelA use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.2023-06-097.1CVE-2023-3141
MISC
MISC
MISC
microsoft — windows_server_2019
 
Windows SMB Witness Service Security Feature Bypass Vulnerability2023-06-147.1CVE-2023-32021
MISC
microsoft — windows_server_2022
 
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability2023-06-147CVE-2023-29361
MISC
microsoft — windows_10
 
Windows Authentication Elevation of Privilege Vulnerability2023-06-147CVE-2023-29364
MISC
microsoft — windows_10
 
Windows Filtering Platform Elevation of Privilege Vulnerability2023-06-147CVE-2023-29368
MISC
microsoft — windows_11
 
Windows Bus Filter Driver Elevation of Privilege Vulnerability2023-06-147CVE-2023-32010
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wpmet — metform_elementor_contact_form_builderThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_thankyou’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about form submissions, including payment status, and transaction ID.2023-06-096.5CVE-2023-0688
MISC
MISC
MISC
themefic — ultimate_addons_for_contact_form_7The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in versions up to, and including, 3.1.23. This makes it possible for authenticated attackers of any authorization level to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-06-096.5CVE-2023-1615
MISC
MISC
MISC
MISC
wpwax — directoristThe Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.2023-06-096.5CVE-2023-1889
MISC
MISC
microsoft — windows_10_version_1809
 
Windows CryptoAPI Denial of Service Vulnerability2023-06-146.5CVE-2023-24937
MISC
microsoft — windows_10_version_1809
 
Windows CryptoAPI Denial of Service Vulnerability2023-06-146.5CVE-2023-24938
MISC
fortinet — fortimanagerA server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.2023-06-136.5CVE-2023-25609
MISC
miniorange — active_directory_integration_\/_ldap_integrationThe Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to cause resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link.2023-06-096.5CVE-2023-2599
MISC
MISC
MISC
fortinet — fortiproxyAn insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text.2023-06-136.5CVE-2023-26207
MISC
adobe — magento_commerceAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.2023-06-156.5CVE-2023-29289
MISC
microsoft — windows_10_version_1809Windows Remote Desktop Security Feature Bypass Vulnerability2023-06-146.5CVE-2023-29352
MISC
microsoft — windows_server_2019Remote Procedure Call Runtime Denial of Service Vulnerability2023-06-146.5CVE-2023-29369
MISC
owncast_project — owncastServer-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.2023-06-106.5CVE-2023-3188
CONFIRM
MISC
microsoft — windows_10_version_1809Windows Hyper-V Denial of Service Vulnerability2023-06-146.5CVE-2023-32013
MISC
microsoft — .net
 
.NET and Visual Studio Elevation of Privilege Vulnerability2023-06-146.5CVE-2023-32032
MISC
fossbilling — fossbillingBusiness Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.2023-06-146.5CVE-2023-3229
CONFIRM
MISC
microsoft — sharepoint_enterprise_serverMicrosoft SharePoint Denial of Service Vulnerability2023-06-146.5CVE-2023-33129
MISC
microsoft — onenoteMicrosoft OneNote Spoofing Vulnerability2023-06-146.5CVE-2023-33140
MISC
microsoft — sharepoint_serverMicrosoft SharePoint Server Elevation of Privilege Vulnerability2023-06-146.5CVE-2023-33142
MISC
microsoft –edgeMicrosoft Edge (Chromium-based) Information Disclosure Vulnerability2023-06-146.5CVE-2023-33145
MISC
microsoft — windows_11_version_21h2Windows Container Manager Service Elevation of Privilege Vulnerability2023-06-146.3CVE-2023-32012
MISC
microsoft — sharepoint_serverMicrosoft SharePoint Server Spoofing Vulnerability2023-06-146.3CVE-2023-33132
MISC
reputeinfosystems — armemberUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.1 versions.2023-06-126.1CVE-2022-47140
MISC
getshieldsecurity — shield_securityThe Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the ‘User-Agent’ header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-096.1CVE-2023-0992
MISC
MISC
MISC
plainware — shiftcontrollerThe ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-096.1CVE-2023-1978
MISC
MISC
i13websolution — wp_responsive_tabsThe WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-096.1CVE-2023-2184
MISC
MISC
danfoss — ak-em100_firmwareThe Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.2023-06-116.1CVE-2023-22582
MISC
MISC
danfoss — ak-em100_firmwareThe Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.2023-06-116.1CVE-2023-22585
MISC
MISC
i13websolution — wordpress_vertical_image_sliderThe wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-096.1CVE-2023-2289
MISC
MISC
wow-company — button_generatorThe Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-06-126.1CVE-2023-2362
MISC
icegram — icegram_engageThe Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-06-126.1CVE-2023-2398
MISC
i13websolution — photo_gallery_slideshow_\&_masonry_tiled_galleryThe Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-096.1CVE-2023-2402
MISC
MISC
ays-pro — photo_galleryThe Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-06-126.1CVE-2023-2568
MISC
i13websolution — team_circle_image_slider_with_lightboxThe Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-06-096.1CVE-2023-2604
MISC
MISC
pega — pega_platformPega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.2023-06-096.1CVE-2023-26465
MISC
wp_abstracts_project — wp_abstractsUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.2023-06-126.1CVE-2023-29385
MISC
vadesecure — secure_gatewayCross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter.2023-06-096.1CVE-2023-29712
MISC
MISC
MISC
vadesecure — secure_gatewayCross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory.2023-06-096.1CVE-2023-29713
MISC
MISC
MISC
vadesecure — secure_gatewayCross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter.2023-06-096.1CVE-2023-29714
MISC
MISC
MISC
ip_metaboxes_project — ip_metaboxesUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1.2023-06-126.1CVE-2023-30753
MISC
online_school_fees_system_project — online_school_fees_systemA vulnerability, which was classified as problematic, was found in SourceCodester Online School Fees System 1.0. This affects an unknown part of the file /paysystem/branch.php of the component POST Parameter Handler. The manipulation of the argument branch leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231501 was assigned to this vulnerability.2023-06-146.1CVE-2023-3189
MISC
MISC
MISC
wpoperation — salert_-_fake_sales_notification_woocommerceUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperation SALERT – Fake Sales Notification WooCommerce plugin <= 1.2.1 versions.2023-06-126.1CVE-2023-32118
MISC
zotpress_project — zotpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.3 versions.2023-06-126.1CVE-2023-32961
MISC
this_day_in_history_project — this_day_in_historyUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCrust This Day In History plugin <= 3.10.1 versions.2023-06-126.1CVE-2023-34026
MISC
phoenix_contact — fl_mguard_2102Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks.2023-06-135.8CVE-2023-2673
MISC
fossbilling — fossbillingInsufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.2023-06-145.7CVE-2023-3227
CONFIRM
MISC
fossbilling — fossbillingBusiness Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.2023-06-145.7CVE-2023-3228
CONFIRM
MISC
fortinet — forticonverterAn incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.2023-06-135.5CVE-2022-33877
MISC
microsoft — azure_devops_server_2020Azure DevOps Server Spoofing Vulnerability2023-06-145.5CVE-2023-21569
MISC
iptanus — wordpress_file_upload_proThe WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-06-095.5CVE-2023-2767
MISC
MISC
microsoft — windows_sysinternals_process_monitorSysinternals Process Monitor for Windows Denial of Service Vulnerability2023-06-145.5CVE-2023-29353
MISC
yandex — navigatorAn issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.2023-06-095.5CVE-2023-29751
MISC
ekatox — facemoji\An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files.2023-06-095.5CVE-2023-29753
MISC
urbanandroid — twilightAn issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.2023-06-095.5CVE-2023-29756
MISC
leap — blue_light_filterAn issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.2023-06-095.5CVE-2023-29758
MISC
flightaware — flightawareAn issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.2023-06-095.5CVE-2023-29759
MISC
urbanandroid — sleepAn issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.2023-06-095.5CVE-2023-29761
MISC
appcrossx — crossxAn issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files.2023-06-095.5CVE-2023-29767
MISC
microsoft — windows_10_version_1809Windows Installer Information Disclosure Vulnerability2023-06-145.5CVE-2023-32016
MISC
microsoft — microsoft_visual_studioVisual Studio Information Disclosure Vulnerability2023-06-145.5CVE-2023-33139
MISC
file_away_project — file_awayThe File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.2023-06-125.4CVE-2023-0431
MISC
wpmet — metform_elementor_contact_form_builderThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the ‘mf’ shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a specific link. Note that getting the JavaScript to execute still requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.2023-06-095.4CVE-2023-0695
MISC
MISC
wpmet — metform_elementor_contact_form_builderThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the ‘mf_first_name’ shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.2023-06-095.4CVE-2023-0708
MISC
MISC
MISC
wpmet — metform_elementor_contact_form_builderThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the ‘mf_last_name’ shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.2023-06-095.4CVE-2023-0709
MISC
MISC
MISC
wpmet — metform_elementor_contact_form_builderThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the ‘fname’ attribute of the ‘mf_thankyou’ shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. Additionally this requires successful payment, increasing the complexity.2023-06-095.4CVE-2023-0710
MISC
MISC
weavertheme — weaver_xtreme_themeThe Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-095.4CVE-2023-1403
MISC
MISC
weavertheme — weaver_show_postsThe Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-095.4CVE-2023-1404
MISC
MISC
blubrry — powerpressThe PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround.2023-06-095.4CVE-2023-1917
MISC
MISC
MISC
MISC
plainware — locatoraidThe Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-095.4CVE-2023-2031
MISC
MISC
MISC
bulletin — announcement_\&_notification_banner_-_bulletinThe Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the ‘bulletinwp_update_bulletin_status’, ‘bulletinwp_update_bulletin’, ‘bulletinwp_update_settings’, ‘bulletinwp_update_status’, ‘bulletinwp_export_bulletins’, and ‘bulletinwp_import_bulletins’ functions in versions up to, and including, 3.7.0. This makes it possible for unauthenticated attackers to modify the plugin’s settings, modify bulletins, create new bulletins, and more, via a forged request granted they can trick a site’s user into performing an action such as clicking on a link.2023-06-095.4CVE-2023-2067
MISC
MISC
MISC
hashicorp — vaultVault and Vault Enterprise’s (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.2023-06-095.4CVE-2023-2121
MISC
wclovers — woocommerce_multivendor_marketplaceThe WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the ‘get_item’, ‘get_order_notes’ and ‘add_order_note’ functions in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers with subscriber privileges or above, to view the order details and order notes, and add order notes.2023-06-095.4CVE-2023-2275
MISC
MISC
MISC
MISC
MISC
wpdownloadmanager — wordpress_download_managerThe Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpdm_members’, ‘wpdm_login_form’, ‘wpdm_reg_form’ shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-095.4CVE-2023-2305
MISC
MISC
MISC
MISC
MISC
postgresql — postgresqlRow security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.2023-06-095.4CVE-2023-2455
MISC
MISC
supsystic — easy_google_mapsThe Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-095.4CVE-2023-2526
MISC
MISC
MISC
MISC
pluginus — wordpress_currency_switcher_professionalThe WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-095.4CVE-2023-2558
MISC
MISC
codepeople — contact_form_emailThe Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.2023-06-125.4CVE-2023-2718
MISC
adobe — experience_managerAdobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-06-155.4CVE-2023-29302
MISC
adobe — experience_managerAdobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-06-155.4CVE-2023-29304
MISC
adobe — experience_managerAdobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.2023-06-155.4CVE-2023-29307
MISC
adobe — experience_managerAdobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.2023-06-155.4CVE-2023-29322
MISC
performance_indicator_system_project — performance_indicator_systemA vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163.2023-06-095.4CVE-2023-3183
MISC
MISC
MISC
teachers_record_management_system_project — teachers_record_management_systemA vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.2023-06-095.4CVE-2023-3187
MISC
MISC
MISC
MISC
teampass — teampassCross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.2023-06-105.4CVE-2023-3191
MISC
CONFIRM
froxlor — froxlorSession Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.2023-06-115.4CVE-2023-3192
CONFIRM
MISC
eyoucms — eyoucmsEyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).2023-06-125.4CVE-2023-33492
MISC
dlink — di-7500g-ci_firmwareA Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi.2023-06-095.4CVE-2023-34856
MISC
jetbrains — youtrackIn JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible2023-06-125.4CVE-2023-35054
MISC
crypto-js_project — crypto-jsThe crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string “0.” with an integer, which makes the output more predictable than necessary.2023-06-125.3CVE-2020-36732
MISC
MISC
MISC
MISC
MISC
wpmet — metform_elementor_contact_form_builderThe Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the permalink structure.2023-06-095.3CVE-2023-1843
MISC
MISC
MISC
niteothemes — cmpThe CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin’s provided feature.2023-06-095.3CVE-2023-2159
MISC
MISC
MISC
wpdirectorykit — wp_directory_kitThe WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘ajax_public’ function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0 and an additional partial patch was introduced in version 1.2.2, but the issue was not fully patched until 1.2.3.2023-06-095.3CVE-2023-2280
MISC
MISC
MISC
danfoss — ak-em100_firmwareThe webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.2023-06-115.3CVE-2023-25912
MISC
MISC
brizy — brizyThe Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an ‘X-Forwarded-For’ HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mode whitelist. Supplying a whitelisted IP address within the ‘X-Forwarded-For’ header allows maintenance mode to be bypassed and may result in the disclosure of potentially sensitive information or allow access to restricted functionality.2023-06-095.3CVE-2023-2897
MISC
MISC
adobe — magento_commerceAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction..2023-06-155.3CVE-2023-29287
MISC
adobe — magento_commerceAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.2023-06-155.3CVE-2023-29290
MISC
microsoft — windows_server_2019DHCP Server Service Information Disclosure Vulnerability2023-06-145.3CVE-2023-29355
MISC
grpc — grpcgRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url2023-06-095.3CVE-2023-32732
MISC
microsoft — visual_studio_codeVisual Studio Code Spoofing Vulnerability2023-06-145CVE-2023-33144
MISC
miniorange — active_directory_integration_\/_ldap_integrationThe Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-06-094.9CVE-2023-2484
MISC
MISC
MISC
iptanus — wordpress_file_upload_proThe WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.2023-06-094.9CVE-2023-2688
MISC
MISC
adobe — magento_commerceAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.2023-06-154.9CVE-2023-29291
MISC
adobe — magento_commerceAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.2023-06-154.9CVE-2023-29292
MISC
galleryplugins — video_contestAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GalleryPlugins Video Contest plugin <= 3.2 versions.2023-06-124.8CVE-2022-45827
MISC
yikesinc — easy_forms_for_mailchimpThe Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-06-124.8CVE-2023-1323
MISC
aviplugins — wp_register_profile_with_shortcodeAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Aviplugins.Com WP Register Profile With Shortcode plugin <= 3.5.7 versions.2023-06-124.8CVE-2023-23818
MISC
itemprop_wp_for_serp\/seo_rich_snippets_project — itemprop_wp_for_serp\/seo_rich_snippetsAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rolands Umbrovskis itemprop WP for SERP/SEO Rich snippets plugin <= 3.5.201706131 versions.2023-06-124.8CVE-2023-23819
MISC
utm_tracker_project — utm_trackerAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ludwig Media UTM Tracker plugin <= 1.3.1 versions.2023-06-124.8CVE-2023-23822
MISC
pixelyoursite — pixelyoursite_proThe PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-06-094.8CVE-2023-2584
MISC
MISC
MISC
stpetedesign — call_now_accessibility_buttonAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPeteDesign Call Now Accessibility Button plugin <= 1.1 versions.2023-06-124.8CVE-2023-28933
MISC
ip_metaboxes_project — ip_metaboxesAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1 versions.2023-06-124.8CVE-2023-30745
MISC
unfocus — scripts_n_stylesAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFocus Projects Scripts n Styles plugin <= 3.5.7 versions.2023-06-124.8CVE-2023-31236
MISC
sales_tracker_management_system_project — sales_tracker_management_systemA vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.2023-06-094.8CVE-2023-3184
MISC
MISC
MISC
MISC
wpdirectorykit — wp_directory_kitThe WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the ‘insert’ function. This makes it possible for unauthenticated attackers to update the plugin’s settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-134.7CVE-2023-2277
MISC
MISC
MISC
microsoft — windows_10_version_1809Windows Kernel Information Disclosure Vulnerability2023-06-144.7CVE-2023-32019
MISC
teampass — teampassImproper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.2023-06-104.6CVE-2023-3190
CONFIRM
MISC
fortinet — fortiproxyA cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.2023-06-134.4CVE-2022-41327
MISC
fibosearch — fibosearchThe FiboSearch – AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-06-094.4CVE-2023-2450
MISC
MISC
MISC
advanced-woo-search — advanced_woo_searchThe Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-06-094.4CVE-2023-2452
MISC
MISC
MISC
wpmet — metform_elementor_contact_form_builderThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_last_name’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, specifically the submitter’s last name.2023-06-094.3CVE-2023-0691
MISC
MISC
MISC
wpmet — metform_elementor_contact_form_builderThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_payment_status’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions.2023-06-094.3CVE-2023-0692
MISC
MISC
MISC
wpmet — metform_elementor_contact_form_builderThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf_transaction_id’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the transaction ids of arbitrary form submissions that included payment.2023-06-094.3CVE-2023-0693
MISC
MISC
MISC
wpmet — metform_elementor_contact_form_builderThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the ‘mf’ shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission.2023-06-094.3CVE-2023-0694
MISC
MISC
MISC
wickedplugins — wicked_foldersThe Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_sort_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.2023-06-094.3CVE-2023-0729
MISC
MISC
MISC
webfactoryltd — under_constructionThe Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismiss_notice function called via the admin_action_ucp_dismiss_notice action. This makes it possible for unauthenticated attackers to dismiss plugin notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-094.3CVE-2023-0831
MISC
MISC
webfactoryltd — under_constructionThe Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the install_weglot function called via the admin_action_install_weglot action. This makes it possible for unauthenticated attackers to perform an unauthorized install of the Weglot Translate plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-094.3CVE-2023-0832
MISC
MISC
getshieldsecurity — shield_securityThe Shield Security plugin for WordPress is vulnerable to Missing Authorization on the ‘theme-plugin-file’ AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992.2023-06-094.3CVE-2023-0993
MISC
MISC
MISC
ooohboi_steroids_for_elementor_project — ooohboi_steroids_for_elementorThe OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the ‘file_uploader_callback’ function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the site.2023-06-094.3CVE-2023-1169
MISC
MISC
MISC
wpfastestcache — wp_fastest_cacheThe WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site’s cache.2023-06-094.3CVE-2023-1375
MISC
MISC
MISC
staxwp — staxThe Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the toggle_widget function. This makes it possible for unauthenticated attackers to enable or disable Elementor widgets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-094.3CVE-2023-1807
MISC
MISC
motopress — getwid_-_gutenberg_blocksThe Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to flush the remote template cache. Cached template information can also be accessed via this endpoint but these are not considered sensitive as they are publicly accessible from the developer’s site.2023-06-094.3CVE-2023-1910
MISC
MISC
bulletin — announcement_\&_notification_banner_-_bulletinThe Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the ‘bulletinwp_update_bulletin_status’, ‘bulletinwp_update_bulletin’, ‘bulletinwp_update_settings’, ‘bulletinwp_update_status’, ‘bulletinwp_export_bulletins’, and ‘bulletinwp_import_bulletins’ functions functions in versions up to, and including, 3.6.0. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the plugin’s settings, modify bulletins, create new bulletins, and more.2023-06-094.3CVE-2023-2066
MISC
MISC
MISC
wpdeveloper — essential_blocksThe Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.2023-06-094.3CVE-2023-2083
MISC
MISC
MISC
wpdeveloper — essential_blocksThe Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.2023-06-094.3CVE-2023-2084
MISC
MISC
wpdeveloper — essential_blocksThe Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.2023-06-094.3CVE-2023-2085
MISC
MISC
MISC
wpdeveloper — essential_blocksThe Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.2023-06-094.3CVE-2023-2086
MISC
MISC
MISC
wpdeveloper — essential_blocksThe Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-094.3CVE-2023-2087
MISC
MISC
MISC
staxwp — staxThe Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets.2023-06-094.3CVE-2023-2189
MISC
MISC
wpwhitesecurity — wp_activity_logThe WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails.2023-06-094.3CVE-2023-2261
MISC
MISC
MISC
wpwhitesecurity — wp_activity_logThe WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin’s settings.2023-06-094.3CVE-2023-2284
MISC
MISC
wpwhitesecurity — wp_activity_logThe WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make changes to the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-094.3CVE-2023-2285
MISC
MISC
wpwhitesecurity — wp_activity_logThe WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-094.3CVE-2023-2286
MISC
MISC
MISC
wpdirectorykit — wp_directory_kitThe WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘ajax_admin’ function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0.2023-06-134.3CVE-2023-2351
MISC
MISC
MISC
MISC
MISC
MISC
vcita — online_booking_\&_scheduling_calendarThe Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload media files, and inject malicious JavaScript.2023-06-094.3CVE-2023-2414
MISC
MISC
MISC
pluginus — wordpress_currency_switcher_professionalThe WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create a custom drop-down currency switcher.2023-06-094.3CVE-2023-2555
MISC
MISC
wordpress — wordpressThe WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher.2023-06-094.3CVE-2023-2556
MISC
MISC
wordpress — wordpressThe WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher.2023-06-094.3CVE-2023-2557
MISC
MISC
wordpress — wordpressThe Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the featured image of arbitrary posts with an image that exists in the media library.2023-06-094.3CVE-2023-2764
MISC
MISC
MISC
wordpress — wordpressThe WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-094.3CVE-2023-2891
MISC
MISC
wordpress — wordpressThe WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated attackers to bulk delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-094.3CVE-2023-2892
MISC
MISC
wordpress — wordpressThe WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unauthenticated attackers to deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-094.3CVE-2023-2893
MISC
MISC
wordpress — wordpressThe WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unauthenticated attackers to bulk deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-094.3CVE-2023-2894
MISC
MISC
wordpress — wordpressThe WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauthenticated attackers to bulk activate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-094.3CVE-2023-2895
MISC
MISC
wordpress — wordpressThe WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated attackers to duplicate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-094.3CVE-2023-2896
MISC
MISC
adobe — magento_commerceAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user’s data. Exploitation of this issue does not require user interaction.2023-06-154.3CVE-2023-29288
MISC
adobe — magento_commerceAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.2023-06-154.3CVE-2023-29294
MISC
adobe — magento_commerceAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.2023-06-154.3CVE-2023-29295
MISC
adobe — magento_commerceAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user’s data. Exploitation of this issue does not require user interaction.2023-06-154.3CVE-2023-29296
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
vmware — toolsA fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.2023-06-133.9CVE-2023-20867
MISC
wordpress — wordpressThe FluentCRM – Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address.2023-06-093.7CVE-2023-1430
MISC
MISC
microsoft — windows_server_2019Windows DNS Spoofing Vulnerability2023-06-143.7CVE-2023-32020
MISC
microsoft — snipping_toolWindows Snipping Tool Information Disclosure Vulnerability2023-06-133.3CVE-2023-28303
MISC
microsoft — microsoft_power_appsMicrosoft Power Apps Spoofing Vulnerability2023-06-143CVE-2023-32024
MISC
fortinet — fortiproxyA relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.2023-06-132.7CVE-2022-42474
MISC
adobe — magento_commerceAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction.2023-06-152.7CVE-2023-29293
MISC
sap — netweaverSAP NetWeaver (Change and Transport System) – versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application.2023-06-132.7CVE-2023-32114
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
nanopb — nanopb
 
Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.2023-06-17not yet calculatedCVE-2014-125106
MISC
MISC
MISC
wordpress — wordpress
 
A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0. This vulnerability affects the function CopyProtect_options_page of the file wp-copyprotect.php. The manipulation of the argument CopyProtect_nrc_text leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.1.0 is able to address this issue. The patch is identified as 8b8fe4102886b326330dc1ff06b17313fb10aee5. It is recommended to upgrade the affected component. VDB-231202 is the identifier assigned to this vulnerability.2023-06-12not yet calculatedCVE-2015-10118
MISC
MISC
MISC
sogo — web_mail
 
Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code.2023-06-14not yet calculatedCVE-2020-22402
MISC
google — android
 
Product: AndroidVersions: Android SoCAndroid ID: A-2777758702023-06-15not yet calculatedCVE-2021-0701
MISC
google — android
 
Product: AndroidVersions: Android SoCAndroid ID: A-2781566802023-06-15not yet calculatedCVE-2021-0945
MISC
tp5cms — tp5cms
 
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter.2023-06-14not yet calculatedCVE-2021-31280
MISC
ibm — security_guardium
 
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.2023-06-15not yet calculatedCVE-2022-22307
MISC
MISC
hp_inc. — hp_pc_bios
 
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.2023-06-12not yet calculatedCVE-2022-27539
MISC
hp_inc. — hp_pc_bios
 
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.2023-06-12not yet calculatedCVE-2022-27541
MISC
jhead — jhead
 
Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.2023-06-13not yet calculatedCVE-2022-28550
MISC
MISC
hp_inc. — hp_pc_bios
 
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.2023-06-13not yet calculatedCVE-2022-31635
MISC
hp_inc. — hp_pc_bios
 
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.2023-06-13not yet calculatedCVE-2022-31636
MISC
hp_inc. — hp_pc_bios
 
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.2023-06-13not yet calculatedCVE-2022-31637
MISC
hp_inc. — hp_pc_bios
 
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.2023-06-13not yet calculatedCVE-2022-31638
MISC
hp_inc. — hp_pc_bios
 
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.2023-06-13not yet calculatedCVE-2022-31639
MISC
hp_inc. — hp_pc_bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.2023-06-14not yet calculatedCVE-2022-31640
MISC
hp_inc. — hp_pc_bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.2023-06-14not yet calculatedCVE-2022-31641
MISC
hp_inc. — hp_pc_bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.2023-06-14not yet calculatedCVE-2022-31642
MISC
hp_inc. — hp_pc_bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.2023-06-14not yet calculatedCVE-2022-31644
MISC
hp_inc. — hp_pc_bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.2023-06-14not yet calculatedCVE-2022-31645
MISC
hp_inc. — hp_pc_bios
 
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.2023-06-14not yet calculatedCVE-2022-31646
MISC
ibm — security_directory_suite_va
 
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.2023-06-15not yet calculatedCVE-2022-32752
MISC
MISC
ibm — security_directory_suite_va
 
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510.2023-06-15not yet calculatedCVE-2022-32757
MISC
MISC
ibm — security_directory_suite_va
 
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.2023-06-15not yet calculatedCVE-2022-33159
MISC
MISC
ibm — security_directory_suite_va
 
IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.2023-06-15not yet calculatedCVE-2022-33163
MISC
MISC
ibm — security_directory_suite_va
 
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product’s environment. IBM X-Force ID: 228586.2023-06-15not yet calculatedCVE-2022-33166
MISC
MISC
ibm — security_directory_suite_va
 
IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.2023-06-15not yet calculatedCVE-2022-33168
MISC
MISC
western_digital — multiple_products
 
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.2023-06-12not yet calculatedCVE-2022-36331
MISC
kratos — spectralnet
 
A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user.2023-06-12not yet calculatedCVE-2022-38156
MISC
netskope –netskope_client
 
The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. Once the file is created by a malicious user with proper ACL permissions, all files within C:\Users\Public\netSkope\ becomes modifiable by the unprivileged user. By using Windows pseudo-symlink, these files can be pointed to other places in the system and thus malicious users will be able to elevate privileges.2023-06-15not yet calculatedCVE-2022-4149
MISC
wordpress — wordpress 
 
Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Upload Images plugin <= 3.3 versions allows Stored Cross-Site Scripting (XSS).2023-06-13not yet calculatedCVE-2022-42880
MISC
servicenow — servicenow_core
 
ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.2023-06-13not yet calculatedCVE-2022-43684
MISC
hp_inc. — hp_pc_bios
 
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.2023-06-12not yet calculatedCVE-2022-43777
MISC
hp_inc. — hp_pc_bios
 
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.2023-06-12not yet calculatedCVE-2022-43778
MISC
oracle — apache
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.2023-06-14not yet calculatedCVE-2022-47184
MISC
becton_dickinson — alaris_infusion_central
 
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data.2023-06-13not yet calculatedCVE-2022-47376
MISC
huawei — flmg-10
 
A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0(H100SP22C00).2023-06-16not yet calculatedCVE-2022-48330
MISC
huawei — b535-232a
 
There is a traffic hijacking vulnerability in Huawei routers. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. 2023-06-16not yet calculatedCVE-2022-48469
MISC
huawei — bisheng-wnm
 
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal.2023-06-16not yet calculatedCVE-2022-48471
MISC
huawei — bisheng-wnm
 
A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211.2023-06-16not yet calculatedCVE-2022-48472
MISC
huawei — bisheng-wnm
 
There is a misinterpretation of input vulnerability in Huawei Printer. Successful exploitation of this vulnerability may cause the printer service to be abnormal.2023-06-16not yet calculatedCVE-2022-48473
MISC
palo_alto_networks — globalprotect_app_on_windows
 
A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local service account or user with token impersonation privileges to execute programs with elevated privileges.2023-06-14not yet calculatedCVE-2023-0009
MISC
palo_alto_networks — pan-os
 
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.2023-06-14not yet calculatedCVE-2023-0010
MISC
synology — multiple_products
 
Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors.2023-06-13not yet calculatedCVE-2023-0142
MISC
MISC
teamviewer — remote
 
An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration.2023-06-14not yet calculatedCVE-2023-0837
MISC
schneider_electric — multiple_products
 
A CWE-94: Improper Control of Generation of Code (‘Code Injection’) vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI.2023-06-14not yet calculatedCVE-2023-1049
MISC
hp_inc. — hp_multifunction_printers
 
A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products.2023-06-14not yet calculatedCVE-2023-1329
MISC
hp_inc. — hp_enterprise_laserjet_and_hp_laserjet_managed_printers
 
Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6.2023-06-13not yet calculatedCVE-2023-1707
MISC
atlas_copco — power_focus_6000
 
Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller.2023-06-12not yet calculatedCVE-2023-1897
MISC
atlas_copco — power_focus_6000
 
Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user’s session.2023-06-12not yet calculatedCVE-2023-1898
MISC
atlas_copco — power_focus_6000
 
Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller.2023-06-12not yet calculatedCVE-2023-1899
MISC
forcepoint — cloud_security_gatewayImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.2023-06-15not yet calculatedCVE-2023-2080
MISC
cloud foundry — multiple_productsVulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19.2023-06-16not yet calculatedCVE-2023-20885
MISC
google — android
 
In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-2427045762023-06-15not yet calculatedCVE-2023-21095
MISC
google — android
 
In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-2581892552023-06-15not yet calculatedCVE-2023-21101
MISC
google — android
 
In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2610365682023-06-15not yet calculatedCVE-2023-21105
MISC
google — android
 
In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2394148762023-06-15not yet calculatedCVE-2023-21108
MISC
google — android
 
In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-2588340332023-06-15not yet calculatedCVE-2023-21115
MISC
google — android
 
In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-2581886732023-06-15not yet calculatedCVE-2023-21120
MISC
google — android
 
In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-2054604592023-06-15not yet calculatedCVE-2023-21121
MISC
google — android
 
In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2700501912023-06-15not yet calculatedCVE-2023-21122
MISC
google — android
 
In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2700500642023-06-15not yet calculatedCVE-2023-21123
MISC
google — android
 
In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2657983532023-06-15not yet calculatedCVE-2023-21124
MISC
google — android
 
In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2718463932023-06-15not yet calculatedCVE-2023-21126
MISC
google — android
 
In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2754181912023-06-15not yet calculatedCVE-2023-21127
MISC
google — android
 
In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2720421832023-06-15not yet calculatedCVE-2023-21128
MISC
google — android
 
In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2747596122023-06-15not yet calculatedCVE-2023-21129
MISC
google — android
 
In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2735020022023-06-15not yet calculatedCVE-2023-21130
MISC
google — android
 
In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2650157962023-06-15not yet calculatedCVE-2023-21131
MISC
google — android
 
In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2605701192023-06-15not yet calculatedCVE-2023-21135
MISC
google — android
 
In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2465422852023-06-15not yet calculatedCVE-2023-21136
MISC
google — android
 
In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2465417022023-06-15not yet calculatedCVE-2023-21137
MISC
google — android
 
In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2732600902023-06-15not yet calculatedCVE-2023-21138
MISC
google — android
 
In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2718450082023-06-15not yet calculatedCVE-2023-21139
MISC
google — android
 
In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2622442492023-06-15not yet calculatedCVE-2023-21141
MISC
google — android
 
In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2622436652023-06-15not yet calculatedCVE-2023-21142
MISC
google — android
 
In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2681937772023-06-15not yet calculatedCVE-2023-21143
MISC
google — android
 
In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2527664172023-06-15not yet calculatedCVE-2023-21144
MISC
netskope –netskope_client
 
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\SYSTEM privileges on the end machine.2023-06-15not yet calculatedCVE-2023-2270
MISC
wordpress — wordpress 
 
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions.2023-06-15not yet calculatedCVE-2023-23802
MISC
wordpress — wordpress 
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rating-Widget Rating-Widget: Star Review System plugin <= 3.1.9 versions.2023-06-13not yet calculatedCVE-2023-23831
MISC
solarwinds — servu
 
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data.2023-06-15not yet calculatedCVE-2023-23841
MISC
zimbra — collaboration_suite
 
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807.2023-06-15not yet calculatedCVE-2023-24030
MISC
MISC
zimbra — collaboration_suite
 
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure.2023-06-15not yet calculatedCVE-2023-24031
MISC
MISC
zimbra — collaboration_suite
 
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).2023-06-15not yet calculatedCVE-2023-24032
MISC
MISC
cdata — rsb_connectCData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).2023-06-16not yet calculatedCVE-2023-24243
MISC
MISC
MISC
MISC
kubernetes — kubernetesA security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.2023-06-16not yet calculatedCVE-2023-2431
MISC
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <= 1.1.1 versions.2023-06-15not yet calculatedCVE-2023-24420
MISC
micro_focus — arcsight_logger
 
Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.02023-06-13not yet calculatedCVE-2023-24469
MISC
MISC
MISC
micro_focus — arcsight_logger
 
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.2023-06-13not yet calculatedCVE-2023-24470
MISC
MISC
MISC
arista — cloudvision
 
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.2023-06-13not yet calculatedCVE-2023-24546
MISC
wordpress — wordpress 
 
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions.2023-06-15not yet calculatedCVE-2023-25055
MISC
nokia — airscale_asika_single_ran_devices
 
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources.2023-06-16not yet calculatedCVE-2023-25185
MISC
MISC
nokia — airscale_asika_single_ran_devices
 
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network.2023-06-16not yet calculatedCVE-2023-25186
MISC
MISC
nokia — airscale_asika_single_ran_devices
 
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don’t give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities.2023-06-16not yet calculatedCVE-2023-25187
MISC
MISC
nokia — airscale_asika_single_ran_devicesAn issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level.2023-06-16not yet calculatedCVE-2023-25188
MISC
MISC
sigilent — multiple_products
 
In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.2023-06-16not yet calculatedCVE-2023-25366
MISC
MISC
sigilent — multiple_products
 
Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server.2023-06-14not yet calculatedCVE-2023-25367
MISC
MISC
sigilent — multiple_products
 
Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmnware.2023-06-14not yet calculatedCVE-2023-25368
MISC
sigilent — multiple_products
 
Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command.2023-06-14not yet calculatedCVE-2023-25369
MISC
libtiff — libtiff
 
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.2023-06-14not yet calculatedCVE-2023-25434
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions.2023-06-15not yet calculatedCVE-2023-25449
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.2023-06-15not yet calculatedCVE-2023-25450
MISC
wordpress — wordpress
 
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthenticated attackers to delete forms created with this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-13not yet calculatedCVE-2023-2563
MISC
MISC
MISC
zte — multiple_products
 
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user’s device, affecting device operation.2023-06-16not yet calculatedCVE-2023-25645
MISC
ibm — powervm_hypervisor
 
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.2023-06-15not yet calculatedCVE-2023-25683
MISC
MISC
schneider_electric — ecostruxure_foxboro_dcs_control_core_services
 
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.2023-06-14not yet calculatedCVE-2023-2569
MISC
schneider_electric — ecostruxure_foxboro_dcs_control_core_services
 
A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver.2023-06-14not yet calculatedCVE-2023-2570
MISC
seimens — multiple_products
 
A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC S7-PM (All versions), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system’s server.2023-06-13not yet calculatedCVE-2023-25910
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.2023-06-16not yet calculatedCVE-2023-25963
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah Hearle, Design Extreme We’re Open! plugin <= 1.46 versions.2023-06-13not yet calculatedCVE-2023-25964
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress ????? plugin <= 3.7 versions.2023-06-15not yet calculatedCVE-2023-25972
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psicosi448 wp2syslog plugin <= 1.0.5 versions.2023-06-16not yet calculatedCVE-2023-25974
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate Reist Protected Posts Logout Button plugin <= 1.4.5 versions.2023-06-13not yet calculatedCVE-2023-25978
MISC
wordpress — wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions.2023-06-16not yet calculatedCVE-2023-26013
MISC
nokia — web_element_managerA mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possible from mobile network user UEs, from roaming networks, or from the Internet. Exploitation is possible only from a CSP (Communication Service Provider) mobile network solution internal BTS management network.2023-06-14not yet calculatedCVE-2023-26062
MISC
MISC
hp_inc. — hp_device_manager
 
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.2023-06-12not yet calculatedCVE-2023-26295
MISC
hp_inc. — hp_device_manager
 
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.2023-06-12not yet calculatedCVE-2023-26296
MISC
hp_inc. — hp_device_manager
 
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.2023-06-12not yet calculatedCVE-2023-26297
MISC
hp_inc. — hp_device_manager
 
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.2023-06-12not yet calculatedCVE-2023-26298
MISC
rockwell_automation — factorytalk
 
Rockwell Automation’s FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies.  Hard-coded cryptographic key may lead to privilege escalation.  This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.2023-06-13not yet calculatedCVE-2023-2637
MISC
rockwell_automation — factorytalk
 
Rockwell Automation’s FactoryTalk System Services does not verify that a backup configuration archive is password protected.   Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives.  This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited.2023-06-13not yet calculatedCVE-2023-2638
MISC
rockwell_automation — factorytalk
 
The underlying feedback mechanism of Rockwell Automation’s FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device.  This may allow a threat actor to craft a malicious website that, when visited, will send a malicious script that can connect to the local WebSocket endpoint and wait for events as if it was a valid client device. If successfully exploited, this would allow a threat actor to receive information including whether FactoryTalk Policy Manager is installed and potentially the entire security policy. 2023-06-13not yet calculatedCVE-2023-2639
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko Takagi Simple Slug Translate plugin <= 2.7.2 versions.2023-06-16not yet calculatedCVE-2023-26515
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions.2023-06-16not yet calculatedCVE-2023-26527
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jinit9906 Shipyaari Shipping Management plugin <= 1.0 versions.2023-06-13not yet calculatedCVE-2023-26528
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <= 1.0.2 versions.2023-06-16not yet calculatedCVE-2023-26537
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamyabsoft Chat Bee plugin <= 1.1.0 versions.2023-06-13not yet calculatedCVE-2023-26538
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions.2023-06-16not yet calculatedCVE-2023-26541
MISC
silabs.com — bluetooth_sdkA memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.2023-06-15not yet calculatedCVE-2023-2683
MISC
MISC
silabs.com — gecko_platformBuffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.2023-06-15not yet calculatedCVE-2023-2686
MISC
MISC
libtiff — libtiff
 
loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.2023-06-14not yet calculatedCVE-2023-26965
MISC
synology — multiple_products
 
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.2023-06-13not yet calculatedCVE-2023-2729
MISC
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose theme <= 1.0.5 versions.2023-06-16not yet calculatedCVE-2023-27420
MISC
siemens — multiple_products
 
A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device.2023-06-13not yet calculatedCVE-2023-27465
MISC
silabs — gsdk
 
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. 2023-06-15not yet calculatedCVE-2023-2747
MISC
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions.2023-06-13not yet calculatedCVE-2023-27624
MISC
wordpress — wordpress 
 
Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.2023-06-15not yet calculatedCVE-2023-27634
MISC
freakchicken_kafkaUI-lite — freakchicken_kafkaUI-liteAn issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it.2023-06-12not yet calculatedCVE-2023-27716
MISC
rockwell_automation — factorytalk
 
A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS.2023-06-13not yet calculatedCVE-2023-2778
MISC
mattermost — mattermost
 
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.2023-06-16not yet calculatedCVE-2023-2783
MISC
tp-link — tl-wpa8630p
 
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.2023-06-13not yet calculatedCVE-2023-27836
MISC
tp-link — tl-wpa8630p
 
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774.2023-06-13not yet calculatedCVE-2023-27837
MISC
mattermost — mattermost
 
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps.2023-06-16not yet calculatedCVE-2023-2784
MISC
mattermost — mattermost
 
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files2023-06-16not yet calculatedCVE-2023-2785
MISC
mattermost — mattermost
 
Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands.2023-06-16not yet calculatedCVE-2023-2786
MISC
mattermost — mattermost
 
Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API.2023-06-16not yet calculatedCVE-2023-2787
MISC
mattermost — mattermost
 
Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker’s account is deactivated.2023-06-16not yet calculatedCVE-2023-2788
MISC
mattermost — mattermost
 
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.2023-06-16not yet calculatedCVE-2023-2791
MISC
mattermost — mattermost
 
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.2023-06-16not yet calculatedCVE-2023-2792
MISC
mattermost — mattermost
 
Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.2023-06-16not yet calculatedCVE-2023-2793
MISC
mattermost — mattermost
 
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.2023-06-16not yet calculatedCVE-2023-2797
MISC
fortinet — multiple_products
 
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.2023-06-13not yet calculatedCVE-2023-27997
MISC
fortinet — fortiadc_cli
 
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command.2023-06-13not yet calculatedCVE-2023-28000
MISC
artica_pfms — pandora_fms
 
Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. This issue affects PandoraFMS v771 and prior versions on all platforms.2023-06-13not yet calculatedCVE-2023-2807
MISC
bosch — vms
 
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.2023-06-15not yet calculatedCVE-2023-28175
MISC
proofpoint — threat_response/threat_response_auto_pullA stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. ?This could result in arbitrary javascript code execution in an admin context.?All versions prior to 5.10.0 are affected.? 2023-06-14not yet calculatedCVE-2023-2819
MISC
proofpoint — threat_response/threat_response_auto_pullAn information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected. 2023-06-14not yet calculatedCVE-2023-2820
MISC
sap — plant_connectivity
 
SAP Plant Connectivity – version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing – version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.2023-06-13not yet calculatedCVE-2023-2827
MISC
MISC
mattermost — mattermost
 
Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters.2023-06-16not yet calculatedCVE-2023-2831
MISC
eset — multiple_productsDuring internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.2023-06-15not yet calculatedCVE-2023-2847
MISC
zoom — zoom
 
Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.2023-06-13not yet calculatedCVE-2023-28598
MISC
zoom — zoom
 
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.2023-06-13not yet calculatedCVE-2023-28599
MISC
zoom — zoom
 
Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.2023-06-13not yet calculatedCVE-2023-28600
MISC
zoom — zoom
 
Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client.2023-06-13not yet calculatedCVE-2023-28601
MISC
zoom — zoom
 
Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions.2023-06-13not yet calculatedCVE-2023-28602
MISC
zoom — zoom
 
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions.2023-06-13not yet calculatedCVE-2023-28603
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cyberus Labs Cyberus Key plugin <= 1.0 versions.2023-06-13not yet calculatedCVE-2023-28620
MISC
abb — multiple_productsSensitive Cookie Without ‘HttpOnly’ Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.2023-06-13not yet calculatedCVE-2023-2876
MISC
hikvision — multiple_productsSome access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.2023-06-15not yet calculatedCVE-2023-28809
MISC
hikvision — multiple_productsSome access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.2023-06-15not yet calculatedCVE-2023-28810
MISC
siemens — multiple_products
 
A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.2023-06-13not yet calculatedCVE-2023-28829
MISC
siemens — multiple_products
 
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0). The affected versions of the module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. This CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration.2023-06-13not yet calculatedCVE-2023-29129
MISC
fuji_electric_co.,_ltd. — frenic_rhc_loader
 
Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.2023-06-13not yet calculatedCVE-2023-29160
MISC
MISC
fuji_electric_co.,_ltd. — frenic_rhc_loader
 
Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.2023-06-13not yet calculatedCVE-2023-29167
MISC
MISC
fortinet — multiple_products
 
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard’s map server.2023-06-13not yet calculatedCVE-2023-29175
MISC
fortinet — multiple_products
 
A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.2023-06-13not yet calculatedCVE-2023-29178
MISC
fuji_electric_co.,_ltd. — frenic_rhc_loader
 
Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed.2023-06-13not yet calculatedCVE-2023-29498
MISC
MISC
runsystem_co._ltd. — jiyu_kukan_toku-toku_coupon_app
 
Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.2023-06-13not yet calculatedCVE-2023-29501
MISC
MISC
MISC
MISC
tp-link — tl-wpa7510
 
TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale.2023-06-13not yet calculatedCVE-2023-29562
MISC
google — guava
 
Use of Java’s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.2023-06-14not yet calculatedCVE-2023-2976
MISC
schneider_electric — igss_dashboardA CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file.2023-06-14not yet calculatedCVE-2023-3001
MISC
osticket — osticketA denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory.2023-06-14not yet calculatedCVE-2023-30082
MISC
prestashop — leocustomajax
 
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.2023-06-14not yet calculatedCVE-2023-30150
MISC
craftcms — craftcms
 
CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution.2023-06-13not yet calculatedCVE-2023-30179
MISC
MISC
4d — 4d_sas/4d_server
 
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.2023-06-16not yet calculatedCVE-2023-30222
MISC
MISC
4d — 4d_sas/4d_server
 
A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.2023-06-16not yet calculatedCVE-2023-30223
MISC
MISC
cloudflare — cfnts_for_rust
 
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71  enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents.2023-06-14not yet calculatedCVE-2023-3036
MISC
cloudflare — lua-resty-json
 
A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that because this debug function was only used in tests and demos, it was not exploitable in a normal environment.2023-06-14not yet calculatedCVE-2023-3040
MISC
MISC
atlassian — jira
 
The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter.2023-06-16not yet calculatedCVE-2023-30453
MISC
MISC
rudderstack — rudder-server
 
rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.2023-06-16not yet calculatedCVE-2023-30625
MISC
MISC
MISC
MISC
MISC
MISC
MISC
oracle — apache
 
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn’t function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions2023-06-14not yet calculatedCVE-2023-30631
MISC
siemens — multiple_products
 
A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous – yet unprotected – versions of the project without the knowledge of the know-how protection password.2023-06-13not yet calculatedCVE-2023-30757
MISC
kbdevice_inc. — kb-ahr_series_and_kb-irip_series
 
Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A.2023-06-13not yet calculatedCVE-2023-30762
MISC
MISC
kbdevice_inc. — kb-ahr_series_and_kb-irip_series
 
OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A.2023-06-13not yet calculatedCVE-2023-30764
MISC
MISC
kbdevice_inc. — kb-ahr_series_and_kb-irip_series
 
Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A.2023-06-13not yet calculatedCVE-2023-30766
MISC
MISC
siemens — simatic
 
A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.2023-06-13not yet calculatedCVE-2023-30897
MISC
siemens — power_meter_sicam
 
A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.2023-06-13not yet calculatedCVE-2023-30901
MISC
hewlett_packard_enterprise — hp-ux
 
HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.2023-06-16not yet calculatedCVE-2023-30903
MISC
hewlett_packard_enterprise — hpe_insight_remote_support
 
A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.2023-06-16not yet calculatedCVE-2023-30904
MISC
hewlett_packard_enterprise — hpe_mc990_x_rmc_firmware
 
The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.2023-06-16not yet calculatedCVE-2023-30905
MISC
discourse — discourse
 
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose.2023-06-13not yet calculatedCVE-2023-31142
MISC
asustek_computer_inc. — asus_router_rt-ax3000
 
ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without ‘Secure’ attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted (‘http’) connection, the user’s session may be hijacked.2023-06-13not yet calculatedCVE-2023-31195
MISC
MISC
inaba_denki_sangyo_co._ltd. — wi-fi_ap_unit
 
Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier2023-06-13not yet calculatedCVE-2023-31196
MISC
MISC
inaba_denki_sangyo_co._ltd. — wi-fi_ap_unit
 
OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier2023-06-13not yet calculatedCVE-2023-31198
MISC
MISC
siemens — power_meter_sicam
 
A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.2023-06-13not yet calculatedCVE-2023-31238
MISC
ckeditor — ckeditor
 
A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.2023-06-13not yet calculatedCVE-2023-31541
MISC
MISC
MISC
linux — kernel
 
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.2023-06-12not yet calculatedCVE-2023-3159
MISC
linux — kernel
 
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.2023-06-12not yet calculatedCVE-2023-3161
MISC
MISC
prestashop — postfinance
 
PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess().2023-06-14not yet calculatedCVE-2023-31671
MISC
MISC
prestashop — prestashop
 
In the PrestaShop < 2.4.3 module “Length, weight or volume sell” (ailinear) there is a SQL injection vulnerability.2023-06-15not yet calculatedCVE-2023-31672
MISC
rst_instruments — vw2100_router
 
There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user.2023-06-14not yet calculatedCVE-2023-31746
MISC
MISC
MISC
MISC
liferay_inc — portal/dxp
 
Cross-site scripting (XSS) vulnerability in the Layout module’s SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.2023-06-15not yet calculatedCVE-2023-3193
MISC
imagemagick — imagemagick
 
A stack-based buffer overflow issue was found in ImageMagick’s coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.2023-06-16not yet calculatedCVE-2023-3195
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-14not yet calculatedCVE-2023-3198
MISC
MISC
MISC
wordpress — wordpress
 
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-14not yet calculatedCVE-2023-3200
MISC
MISC
MISC
wordpress — wordpress
 
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-14not yet calculatedCVE-2023-3201
MISC
MISC
MISC
wordpress — wordpress
 
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-14not yet calculatedCVE-2023-3203
MISC
MISC
MISC
chengdu — vec40g
 
A vulnerability classified as problematic was found in Chengdu VEC40G 3.0. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=restart. The manipulation of the argument restart with the input reboot leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-12not yet calculatedCVE-2023-3206
MISC
MISC
MISC
discourse — discourse
 
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.2023-06-13not yet calculatedCVE-2023-32061
MISC
roadflow — visual_process_engine_.net_core_mvc
 
A vulnerability, which was classified as critical, has been found in RoadFlow Visual Process Engine .NET Core Mvc 2.13.3. Affected by this issue is some unknown functionality of the file /Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05 of the component Login. The manipulation of the argument sidx/sord leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-12not yet calculatedCVE-2023-3208
MISC
MISC
MISC
sap — master_data_synchronization
 
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.2023-06-13not yet calculatedCVE-2023-32115
MISC
MISC
google — chrome
 
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)2023-06-13not yet calculatedCVE-2023-3214
MISC
MISC
MISC
MISC
google — chrome
 
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-06-13not yet calculatedCVE-2023-3215
MISC
MISC
MISC
MISC
google — chrome
 
Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-06-13not yet calculatedCVE-2023-3216
MISC
MISC
MISC
MISC
google — chrome
 
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-06-13not yet calculatedCVE-2023-3217
MISC
MISC
MISC
MISC
it-novum — it-novum/openitcockpit
 
Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.2023-06-13not yet calculatedCVE-2023-3218
MISC
CONFIRM
mazda — mazda
 
A Mazda model (2015-2016) can be unlocked via an unspecified method.2023-06-12not yet calculatedCVE-2023-32219
MISC
milesight — ncr/camera
 
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.2023-06-12not yet calculatedCVE-2023-32220
MISC
easeus — todo_backup
 
EaseUS Todo Backup version 20220111.390 – An omission during installation may allow a local attacker to perform privilege escalation.2023-06-12not yet calculatedCVE-2023-32221
MISC
bosch — camera_firmware_cpp13/cpp14
 
Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256.2023-06-15not yet calculatedCVE-2023-32229
MISC
nuxt — nuxt
 
Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.2023-06-13not yet calculatedCVE-2023-3224
MISC
CONFIRM
discourse — discourse
 
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled.2023-06-13not yet calculatedCVE-2023-32301
MISC
ujcms — ujcms
 
A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-231502 is the identifier assigned to this vulnerability.2023-06-14not yet calculatedCVE-2023-3231
MISC
MISC
MISC
zhong_bang — crmeb
 
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231503. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-14not yet calculatedCVE-2023-3232
MISC
MISC
MISC
zhong_bang — crmeb
 
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231504. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-14not yet calculatedCVE-2023-3233
MISC
MISC
MISC
zhong_bang — crmeb
 
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been declared as problematic. Affected by this vulnerability is the function put_image of the file api/controller/v1/PublicController.php. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231505 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-14not yet calculatedCVE-2023-3234
MISC
MISC
MISC
mccms — mccms
 
A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231506 is the identifier assigned to this vulnerability.2023-06-14not yet calculatedCVE-2023-3235
MISC
MISC
MISC
mccms — mccms
 
A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231507.2023-06-14not yet calculatedCVE-2023-3236
MISC
MISC
MISC
otcms — otcms
 
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508.2023-06-14not yet calculatedCVE-2023-3237
MISC
MISC
MISC
otcms — otcms
 
A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231509 was assigned to this vulnerability.2023-06-14not yet calculatedCVE-2023-3238
MISC
MISC
MISC
otcms — otcms
 
A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: ‘../filedir’. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability.2023-06-14not yet calculatedCVE-2023-3239
MISC
MISC
MISC
otcms — otcms
 
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: ‘../filedir’. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511.2023-06-14not yet calculatedCVE-2023-3240
MISC
MISC
MISC
otcms — otcms
 
A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231512.2023-06-14not yet calculatedCVE-2023-3241
MISC
MISC
MISC
dell– power_protect_cyber_recovery
 
Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.2023-06-14not yet calculatedCVE-2023-32465
MISC
chatwork_co._ltd. — chatwork_desktop_application
 
Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user’s consent.2023-06-13not yet calculatedCVE-2023-32546
MISC
MISC
kingsoft_japan_inc. — wps_office
 
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.2023-06-13not yet calculatedCVE-2023-32548
MISC
MISC
hp_inc. — multiple_products
 
Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.2023-06-12not yet calculatedCVE-2023-32673
MISC
hp_inc. — hp_pc_hardware_diagnostics_windows
 
Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.2023-06-12not yet calculatedCVE-2023-32674
MISC
linux — kernel
 
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.2023-06-16not yet calculatedCVE-2023-3268
MISC
code-projects — supplier_management_system
 
A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btn_functions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231624.2023-06-15not yet calculatedCVE-2023-3274
MISC
MISC
MISC
rail_pass_management_system — rail_pass_management_system
 
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The identifier VDB-231625 was assigned to this vulnerability.2023-06-15not yet calculatedCVE-2023-3275
MISC
MISC
dromara — hutool
 
A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-15not yet calculatedCVE-2023-3276
MISC
MISC
MISC
gpac — gpac
 
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.2023-06-16not yet calculatedCVE-2023-3291
CONFIRM
MISC
salesagility/suitecrm-core — salesagility/suitecrm-core
 
Cross-site Scripting (XSS) – Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.2023-06-16not yet calculatedCVE-2023-3293
CONFIRM
MISC
saleor/react-storefront — saleor/react-storefront
 
Cross-site Scripting (XSS) – DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7.2023-06-16not yet calculatedCVE-2023-3294
MISC
CONFIRM
siemens — multiple_products
 
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.2023-06-13not yet calculatedCVE-2023-33121
MISC
siemens — multiple_products
 
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information.2023-06-13not yet calculatedCVE-2023-33122
MISC
siemens — multiple_products
 
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.2023-06-13not yet calculatedCVE-2023-33123
MISC
siemens — multiple_products
 
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.2023-06-13not yet calculatedCVE-2023-33124
MISC
starface — starface/rest_api
 
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application’s database generally has become best practice to protect users’ passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.2023-06-15not yet calculatedCVE-2023-33243
MISC
MISC
labcollector — labcollector
 
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.2023-06-12not yet calculatedCVE-2023-33253
MISC
MISC
rust — rust
 
The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).2023-06-12not yet calculatedCVE-2023-33290
MISC
MISC
fortinet — multiple_products
 
A loop with unreachable exit condition (‘infinite loop’) in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.2023-06-13not yet calculatedCVE-2023-33305
MISC
fortinet — multiple_products
 
A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.2023-06-16not yet calculatedCVE-2023-33306
MISC
fortinet — multiple_products
 
A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter.2023-06-16not yet calculatedCVE-2023-33307
MISC
wolters_kluwer — teammate+
 
A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML.2023-06-16not yet calculatedCVE-2023-33438
MISC
MISC
softexpert — excellence_suite
 
SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens.2023-06-14not yet calculatedCVE-2023-33515
MISC
dolibarr– dolibarr
 
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company’s entire customer file, prospects, suppliers, and employee information if a contact file exists.2023-06-13not yet calculatedCVE-2023-33568
MISC
MISC
MISC
MISC
MISC
gl.inet — gl-ar750s-ext
 
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack.2023-06-13not yet calculatedCVE-2023-33620
MISC
MISC
MISC
gl.inet — gl-ar750s-ext
 
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay.2023-06-13not yet calculatedCVE-2023-33621
MISC
MISC
MISC
hutool — hutool
 
Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.2023-06-13not yet calculatedCVE-2023-33695
MISC
siemens — multiple_products
 
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.2023-06-13not yet calculatedCVE-2023-33919
MISC
siemens — multiple_products
 
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability.2023-06-13not yet calculatedCVE-2023-33920
MISC
siemens — multiple_products
 
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device.2023-06-13not yet calculatedCVE-2023-33921
MISC
oracle — apache
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions2023-06-14not yet calculatedCVE-2023-33933
MISC
sap — netweaver
 
SAP NetWeaver (Design Time Repository) – version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could lead to Cross-Site Scripting vulnerability.2023-06-13not yet calculatedCVE-2023-33984
MISC
MISC
sap — netweaver
 
SAP NetWeaver Enterprise Portal – version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.2023-06-13not yet calculatedCVE-2023-33985
MISC
MISC
sap — crm_abap
 
SAP CRM ABAP (Grantor Management) – versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.2023-06-13not yet calculatedCVE-2023-33986
MISC
MISC
sap — ui5_variantManagement
 
SAP UI5 Variant Management – versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level.2023-06-13not yet calculatedCVE-2023-33991
MISC
MISC
wordpress — wordpress
 
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions.2023-06-14not yet calculatedCVE-2023-34000
MISC
MISC
cpdb-libs — cpdb-libs
 
cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of `scanf(3)`. cpdb-libs uses the `fscanf()` and `scanf()` functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read by `fscanf()` and `scanf()` causing buffer overflows when a string is longer than 1023 characters. A patch for this issue is available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a length of 1024 characters, the patch limits the maximum string length to be read to 1023 by replacing all occurrences of `%s` with `%1023s` in all calls of the `fscanf()` and `scanf()` functions.2023-06-14not yet calculatedCVE-2023-34095
MISC
MISC
MISC
MISC
MISC
MISC
contiki-ng — contiki-ng
 
Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in the `dao_input_storing` function, the Contiki-NG OS does not verify that the packet buffer is big enough to contain the bytes it needs before accessing them. Up to 16 bytes can be read out of bounds in the `dao_input_storing` function. An attacker can truncate an ICMP packet so that it does not contain enough data, leading to an out-of-bounds read on these lines. The problem has been patched in the “develop” branch of Contiki-NG, and is expected to be included in release 4.9. As a workaround, one can apply the changes in Contiki-NG pull request #2435 to patch the system.2023-06-14not yet calculatedCVE-2023-34101
MISC
MISC
srs– srs
 
SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS’s `api-server` server is vulnerable to a drive-by command injection. An attacker may send a request to the `/api/v1/snapshots` endpoint containing any commands to be executed as part of the body of the POST request. This issue may lead to Remote Code Execution (RCE). Versions 5.0.157, 5.0-b1, and 6.0.48 contain a fix.2023-06-12not yet calculatedCVE-2023-34105
MISC
MISC
MISC
zoom — zoom
 
Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.2023-06-13not yet calculatedCVE-2023-34113
MISC
zoom — zoom
 
Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access.2023-06-13not yet calculatedCVE-2023-34114
MISC
zoom — zoom
 
Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenticated user to potentially enable a denial of service via local access. This issue may result in the Zoom Meeting SDK to crash and need to be restarted.2023-06-13not yet calculatedCVE-2023-34115
MISC
zoom — zoom
 
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.2023-06-13not yet calculatedCVE-2023-34120
MISC
zoom — zoom
 
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.2023-06-13not yet calculatedCVE-2023-34121
MISC
zoom — zoom
 
Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.2023-06-13not yet calculatedCVE-2023-34122
MISC
oracle — apache
 
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.2023-06-14not yet calculatedCVE-2023-34149
MISC
MISC
huawei — harmonyos
 
Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.2023-06-16not yet calculatedCVE-2023-34154
MISC
hwwatchhealth — hwwatchhealth
 
Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.2023-06-16not yet calculatedCVE-2023-34157
MISC
huawei — harmonyos
 
Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions.2023-06-16not yet calculatedCVE-2023-34165
MISC
oracle — apache
 
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location. The resolution validates the JNDI URL and restricts locations to a set of allowed schemes. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.2023-06-12not yet calculatedCVE-2023-34212
MISC
MISC
MISC
cilium — cilium
 
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster can leverage this issue to use cluster secrets that should not be visible to them, or communicate with services that they should not have access to. Gateway API functionality is disabled by default. This vulnerability is fixed in Cilium release 1.13.4. As a workaround, restrict the creation of `ReferenceGrant` resources to admin users by using Kubernetes RBAC.2023-06-15not yet calculatedCVE-2023-34242
MISC
MISC
doorkeeper — doorkeeper
 
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.2023-06-12not yet calculatedCVE-2023-34246
MISC
MISC
MISC
MISC
MISC
keystone — keystone
 
Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package.2023-06-13not yet calculatedCVE-2023-34247
MISC
MISC
benjjvi/pybb — benjjvi/pybb
 
benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to `BulletinDatabaseModule.py`.2023-06-13not yet calculatedCVE-2023-34249
MISC
MISC
discourse — discourse
 
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn’t have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.2023-06-13not yet calculatedCVE-2023-34250
MISC
grav — grav
 
Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this issue.2023-06-14not yet calculatedCVE-2023-34251
MISC
MISC
MISC
grav — grav
 
Grav is a file-based Web platform. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a callable argument allows the validation check to be skipped. Consequently, a low privileged attacker with login access to Grav Admin panel and page creation/update permissions is able to inject malicious templates to obtain remote code execution. The vulnerability can be found in the `GravExtension.filterFilter()` function declared in `/system/src/Grav/Common/Twig/Extension/GravExtension.php`. Version 1.7.42 contains a patch for this issue. End users should also ensure that `twig.undefined_functions` and `twig.undefined_filters` properties in `/path/to/webroot/system/config/system.yaml` configuration file are set to `false` to disallow Twig from treating undefined filters/functions as PHP functions and executing them.2023-06-14not yet calculatedCVE-2023-34252
MISC
MISC
MISC
MISC
grav — grav
 
Grav is a file-based Web platform. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates was insufficient and could be easily subverted in multiple ways — (1) using unsafe functions that are not banned, (2) using capitalised callable names, and (3) using fully-qualified names for referencing callables. Consequently, a low privileged attacker with login access to Grav Admin panel and page creation/update permissions is able to inject malicious templates to obtain remote code execution. A patch in version 1.7.42 improves the denylist.2023-06-14not yet calculatedCVE-2023-34253
MISC
MISC
MISC
MISC
MISC
bmc — ami
 
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.  2023-06-12not yet calculatedCVE-2023-34334
MISC
bmc — ami
 
AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial of service.  2023-06-12not yet calculatedCVE-2023-34335
MISC
bmc — ami
 
AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges.  2023-06-12not yet calculatedCVE-2023-34336
MISC
bmc — ami
 
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or data tampering.2023-06-12not yet calculatedCVE-2023-34341
MISC
bmc — ami
 
AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering.2023-06-12not yet calculatedCVE-2023-34342
MISC
bmc — ami
 
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.2023-06-12not yet calculatedCVE-2023-34343
MISC
bmc — ami
 
AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure.2023-06-12not yet calculatedCVE-2023-34344
MISC
bmc — ami
 
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure.2023-06-12not yet calculatedCVE-2023-34345
MISC
microsoft — windows_7
 
Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue.2023-06-14not yet calculatedCVE-2023-34367
MISC
MISC
MISC
oracle — apache
 
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater2023-06-14not yet calculatedCVE-2023-34396
MISC
MISC
grav — grav
 
Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig’s Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`.2023-06-14not yet calculatedCVE-2023-34448
MISC
MISC
MISC
MISC
MISC
rust — rust
 
ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink_env::invoke_contract_delegate`, is decoded incorrectly. This bug was related to the mechanics around decoding a call’s return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! 4.0.0, no previous versions are affected. Users who have an ink! 4.x series contract should upgrade to 4.2.1 to receive a patch.2023-06-14not yet calculatedCVE-2023-34449
MISC
MISC
MISC
MISC
MISC
grav — grav
 
Grav is a flat-file content management system. In versions 1.7.42 and prior, the “/forgot_password” page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the “email” parameter of the request. While this vulnerability can potentially allow an attacker to execute arbitrary code on the user’s browser, the impact is limited as it requires user interaction to trigger the vulnerability. As of time of publication, a patch is not available. Server-side validation should be implemented to prevent this vulnerability.2023-06-14not yet calculatedCVE-2023-34452
MISC
snappy-java– snappy-java
 
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`. The same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue. Version 1.1.10.1 contains a patch for this vulnerability.2023-06-15not yet calculatedCVE-2023-34453
MISC
MISC
MISC
MISC
snappy-java– snappy-java
 
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function. Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array. Since the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error. The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place. Version 1.1.10.1 contains a patch for this issue.2023-06-15not yet calculatedCVE-2023-34454
MISC
MISC
MISC
MISC
MISC
snappy-java– snappy-java
 
snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk. In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error. Version 1.1.10.1 contains a patch for this issue.2023-06-15not yet calculatedCVE-2023-34455
MISC
MISC
MISC
MISC
openzeppelin_contracts — openzeppelin_contracts
 
OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiProof`, or `processMultiProofCalldat` functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves. A contract may be vulnerable if it uses multiproofs for verification and the merkle tree that is processed includes a node with value 0 at depth 1 (just under the root). This could happen inadvertedly for balanced trees with 3 leaves or less, if the leaves are not hashed. This could happen deliberately if a malicious tree builder includes such a node in the tree. A contract is not vulnerable if it uses single-leaf proving (`verify`, `verifyCalldata`, `processProof`, or `processProofCalldata`), or if it uses multiproofs with a known tree that has hashed leaves. Standard merkle trees produced or validated with the @openzeppelin/merkle-tree library are safe. The problem has been patched in version 4.9.2. Some workarounds are available. For those using multiproofs: When constructing merkle trees hash the leaves and do not insert empty nodes in your trees. Using the @openzeppelin/merkle-tree package eliminates this issue. Do not accept user-provided merkle roots without reconstructing at least the first level of the tree. Verify the merkle tree structure by reconstructing it from the leaves.2023-06-16not yet calculatedCVE-2023-34459
MISC
MISC
MISC
oracle — apache
 
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.2023-06-12not yet calculatedCVE-2023-34468
MISC
MISC
MISC
imagemagick — imagemagick
 
A heap-based buffer overflow issue was discovered in ImageMagick’s ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.2023-06-16not yet calculatedCVE-2023-34474
MISC
MISC
MISC
imagemagick — imagemagick
 
A heap use after free issue was discovered in ImageMagick’s ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.2023-06-16not yet calculatedCVE-2023-34475
MISC
MISC
MISC
hoteldruid — hoteldruid
 
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage’s parameter to trick user on browser and/or exfiltrate data.2023-06-13not yet calculatedCVE-2023-34537
MISC
langchain — langchain
 
Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.2023-06-14not yet calculatedCVE-2023-34540
MISC
simple_customer_relationship_management — simple_customer_relationship_management 
 
Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.2023-06-16not yet calculatedCVE-2023-34548
MISC
netbox — netbox
 
Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the “Create Wireless LAN Groups” function.2023-06-14not yet calculatedCVE-2023-34565
MISC
flexjson — flexjson
 
An issue was discovered flexjson thru 3.3 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-34609
MISC
MISC
MISC
MISC
json-io– json-io
 
An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-34610
MISC
mjson — mjson
 
An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-34611
MISC
ph-json — ph-json
 
An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-34612
MISC
sojo — sojo
 
An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-34613
MISC
jsonij — jsonij
 
An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-34614
MISC
jsonutil — jsonutil
 
An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-34615
MISC
pbjson — pbjson
 
An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-34616
MISC
genson — genson
 
An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-34617
MISC
hjson — hjson
 
An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-34620
MISC
jtidy — jtidy
 
An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-34623
MISC
htmlcleaner — htmlcleaner
 
An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-34624
MISC
piwigo — piwigo
 
Piwigo 13.7.0 is vulnerable to SQL Injection via the “Users” function.2023-06-15not yet calculatedCVE-2023-34626
MISC
jfinal_cms — jfinal_cms
 
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.2023-06-16not yet calculatedCVE-2023-34645
MISC
jjeecg — jjeecg-boot
 
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.2023-06-16not yet calculatedCVE-2023-34659
MISC
jjeecg — jjeecg-boot
 
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.2023-06-16not yet calculatedCVE-2023-34660
MISC
cyber_cafe_management_system — cyber_cafe_management_system
 
Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.2023-06-15not yet calculatedCVE-2023-34666
MISC
volkswagen — discover_media_infotainment_system
 
A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle’s USB plug and play feature.2023-06-16not yet calculatedCVE-2023-34733
MISC
ujcms — ujcms
 
File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload.2023-06-14not yet calculatedCVE-2023-34747
MISC
xlsxio — xlsxio
 
xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX file.2023-06-16not yet calculatedCVE-2023-34795
MISC
MISC
MISC
temenos — cwx
 
Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information.2023-06-15not yet calculatedCVE-2023-34797
MISC
d-link — go-rt-ac750
 
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main.2023-06-15not yet calculatedCVE-2023-34800
MISC
MISC
fdkaac — fdkaac
 
fdkaac before 1.0.5 was discovered to contain a stack overflow in read_callback function in src/main.c.2023-06-14not yet calculatedCVE-2023-34823
MISC
fdkaac — fdkaac
 
fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c.2023-06-14not yet calculatedCVE-2023-34824
MISC
tp-link — archer_ax10(EU)
 
TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 – 0x132B4.2023-06-16not yet calculatedCVE-2023-34832
MISC
MISC
MISC
MISC
thinkadmin  — thinkadmin 
 
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file.2023-06-15not yet calculatedCVE-2023-34833
MISC
bludit — bludit
 
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file.2023-06-16not yet calculatedCVE-2023-34845
MISC
publiccms — publiccms
 
PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.2023-06-15not yet calculatedCVE-2023-34852
MISC
MISC
youxun_electronic_equipment_(shanghai)_co._ltd — ac_centralized_management_platform
 
A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi.2023-06-12not yet calculatedCVE-2023-34855
MISC
ujcms — ujcms
 
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature.2023-06-14not yet calculatedCVE-2023-34865
MISC
jerryscript_3.0 — jerryscript_3.0
 
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c.2023-06-14not yet calculatedCVE-2023-34867
MISC
jerryscript_3.0 — jerryscript_3.0
 
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c.2023-06-14not yet calculatedCVE-2023-34868
MISC
ujcms — ujcms
 
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip.2023-06-14not yet calculatedCVE-2023-34878
MISC
cmseasy — cmseasy
 
cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion.2023-06-15not yet calculatedCVE-2023-34880
MISC
chamilo — chamilo
 
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.2023-06-13not yet calculatedCVE-2023-34944
MISC
MISC
MISC
MISC
sspanel-uim — sspanel-uim
 
SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information.2023-06-13not yet calculatedCVE-2023-34965
MISC
MISC
MISC
liferay_inc — portal/dxp
 
Open redirect vulnerability in the Layout module’s SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.2023-06-15not yet calculatedCVE-2023-35029
MISC
liferay_inc — portal/dxp
 
Cross-site request forgery (CSRF) vulnerability in the Layout module’s SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.2023-06-15not yet calculatedCVE-2023-35030
MISC
atos — unify_openscape
 
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036.2023-06-12not yet calculatedCVE-2023-35031
MISC
MISC
atos — unify_openscape
 
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554.2023-06-12not yet calculatedCVE-2023-35032
MISC
MISC
atos — unify_openscape
 
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556.2023-06-12not yet calculatedCVE-2023-35033
MISC
MISC
atos — unify_openscape
 
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557.2023-06-12not yet calculatedCVE-2023-35035
MISC
MISC
geoserver_2 — geoserver_2
 
GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023.2023-06-12not yet calculatedCVE-2023-35042
MISC
MISC
jjson — jjson
 
An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.2023-06-14not yet calculatedCVE-2023-35110
MISC
jenkins — jenkins
 
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.2023-06-14not yet calculatedCVE-2023-35141
MISC
MISC
jenkins — jenkins
 
Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.2023-06-14not yet calculatedCVE-2023-35142
MISC
MISC
jenkins — jenkins
 
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`.2023-06-14not yet calculatedCVE-2023-35143
MISC
MISC
jenkins — jenkins
 
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.2023-06-14not yet calculatedCVE-2023-35144
MISC
MISC
jenkins — jenkins
 
Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.2023-06-14not yet calculatedCVE-2023-35145
MISC
MISC
jenkins — jenkins
 
Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.2023-06-14not yet calculatedCVE-2023-35146
MISC
MISC
jenkins — jenkins
 
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.2023-06-14not yet calculatedCVE-2023-35147
MISC
MISC
jenkins — jenkins
 
A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.2023-06-14not yet calculatedCVE-2023-35148
MISC
MISC
jenkins — jenkins
 
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.2023-06-14not yet calculatedCVE-2023-35149
MISC
MISC
progress — moveit_transfer
 
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).2023-06-16not yet calculatedCVE-2023-35708
MISC
MISC
MISC
typo3 — typo3
 
The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.2023-06-16not yet calculatedCVE-2023-35782
MISC
typo3 — typo3
 
The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.2023-06-16not yet calculatedCVE-2023-35783
MISC
openbsd — openbsd
 
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.2023-06-16not yet calculatedCVE-2023-35784
MISC
MISC
MISC
MISC
MISC
MISC
linux — kernel
 
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.2023-06-16not yet calculatedCVE-2023-35788
MISC
MISC
MISC
MLIST
rabbitmq-c — rabbitmq-c
 
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.2023-06-16not yet calculatedCVE-2023-35789
MISC
MISC
libjxl — libjxl
 
An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.2023-06-16not yet calculatedCVE-2023-35790
MISC
MISC
sugarcrm_enterprise — sugarcrm_enterprise
 
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.2023-06-17not yet calculatedCVE-2023-35808
MISC
sugarcrm_enterprise — sugarcrm_enterprise
 
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.2023-06-17not yet calculatedCVE-2023-35809
MISC
sugarcrm_enterprise — sugarcrm_enterprise
 
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing input validation. Admin user privileges are required to exploit this vulnerability. Editions other than Enterprise are also affected.2023-06-17not yet calculatedCVE-2023-35810
MISC
sugarcrm_enterprise — sugarcrm_enterprise
 
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected.2023-06-17not yet calculatedCVE-2023-35811
MISC
sitecore — multiple_products
 
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.2023-06-17not yet calculatedCVE-2023-35813
MISC

Back to top


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.