US-CERT Vulnerability Summary for the Week of June 26, 2023

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple — mac_os_xA use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution2023-06-239.8CVE-2022-22630
MISC
MISC
MISC
google — androidIn cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-250100597References: N/A2023-06-289.8CVE-2023-21066
MISC
wordpress — wordpressThe wpbrutalai WordPress plugin before 2.0.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.2023-06-279.8CVE-2023-2601
MISC
wordpress — wordpress
 
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.2023-06-309.8CVE-2023-2834
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.2023-06-299.8CVE-2023-2982
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the ‘id’ parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-06-249.8CVE-2023-3197
MISC
MISC
apple — macosA use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution2023-06-239.8CVE-2023-32387
MISC
MISC
MISC
apple — macosA use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution2023-06-239.8CVE-2023-32412
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — iphone_osThe issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution2023-06-239.8CVE-2023-32419
MISC
wordpress — wordpress
 
The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the ‘hidden_form_data’ function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.2023-06-309.8CVE-2023-3249
MISC
MISC
trendmicro — apex_oneA path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.2023-06-269.8CVE-2023-32557
MISC
wavlink — wn579x3_firmwareA vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-239.8CVE-2023-3380
MISC
MISC
MISC
game_result_matrix_system_project — game_result_matrix_systemA vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0. This affects an unknown part of the file /dipam/athlete-profile.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232239.2023-06-239.8CVE-2023-3383
MISC
MISC
MISC
human_resource_management_system_project — human_resource_management_systemA vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232288.2023-06-239.8CVE-2023-3391
MISC
MISC
MISC
trendmicro — mobile_securityA path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.2023-06-269.1CVE-2023-32521
MISC
MISC
wordpress — wordpress
 
The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_groups() function. This makes it possible for unauthenticated attackers to add new group members via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-018.8CVE-2021-4385
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-018.8CVE-2021-4386
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to update custom field meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-018.8CVE-2021-4394
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-018.8CVE-2021-4398
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-018.8CVE-2021-4401
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
yoga_class_registration_system_project — yoga_class_registration_systemYoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.2023-06-248.8CVE-2023-1722
MISC
MISC
wordpress — wordpressThe KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update various users (patients, doctors etc)2023-06-278.8CVE-2023-2628
MISC
wordpress — wordpress
 
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.2023-06-308.8CVE-2023-3063
MISC
MISC
apple — watchosA use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.2023-06-238.8CVE-2023-32373
MISC
MISC
MISC
MISC
MISC
MISC
apple — macosA memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.2023-06-238.8CVE-2023-32435
MISC
MISC
MISC
MISC
MLIST
apple — iphone_osA type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, Safari 16.5.1, macOS Ventura 13.4.1, iOS 15.7.7 and iPadOS 15.7.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.2023-06-238.8CVE-2023-32439
MISC
MISC
MISC
MISC
MLIST
FEDORA
trendmicro — mobile_securityAffected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524.2023-06-268.8CVE-2023-32523
MISC
MISC
trendmicro — mobile_securityAffected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523.2023-06-268.8CVE-2023-32524
MISC
MISC
trendmicro — mobile_securityTrend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528.2023-06-268.8CVE-2023-32527
MISC
MISC
trendmicro — mobile_securityTrend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527.2023-06-268.8CVE-2023-32528
MISC
MISC
trendmicro — apex_centralVulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530.2023-06-268.8CVE-2023-32529
MISC
MISC
trendmicro — apex_centralVulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529.2023-06-268.8CVE-2023-32530
MISC
MISC
google — chromeType Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-06-268.8CVE-2023-3420
MISC
MISC
MISC
MISC
google — chromeUse after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-06-268.8CVE-2023-3421
MISC
MISC
MISC
MISC
google — chromeUse after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-06-268.8CVE-2023-3422
MISC
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, one may apply the patch manually.2023-06-238.8CVE-2023-35152
MISC
MISC
MISC
MISC
MISC
gnu — libredwgLibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.2023-06-238.8CVE-2023-36271
MISC
gnu — libredwgLibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.2023-06-238.8CVE-2023-36272
MISC
gnu — libredwgLibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.2023-06-238.8CVE-2023-36273
MISC
gnu — libredwgLibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.2023-06-238.8CVE-2023-36274
MISC
codekop — codekopA Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges.2023-06-238.8CVE-2023-36345
MISC
MISC
codekop — codekopPOS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.2023-06-238.8CVE-2023-36348
MISC
MISC
apple — macosThe issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.2023-06-238.6CVE-2023-32409
MISC
MISC
MISC
MISC
MISC
apple — macosThe issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox2023-06-238.6CVE-2023-32414
MISC
wordpress — wordpress
 
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.2023-06-298.6CVE-2023-3447
MISC
MISC
microsoft — edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-06-298.3CVE-2022-29144
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-06-298.3CVE-2022-29146
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-06-288.2CVE-2021-31937
MISC
trendmicro — mobile_securityA path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2023-06-268.1CVE-2023-32522
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending configuration, including the smtp domain name and credentials. The problem has been patched in XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, the rights of the `Mail.MailConfig` page can be manually updated so that only a set of trusted users can view, edit and delete it (e.g., the `XWiki.XWikiAdminGroup` group).2023-06-238.1CVE-2023-34465
MISC
MISC
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8.2023-06-238CVE-2023-35150
MISC
MISC
MISC
google — androidIn lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kerne lAndroid ID: A-269661912References: N/A2023-06-287.8CVE-2023-21147
MISC
google — androidIn registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-270050709References: N/A2023-06-287.8CVE-2023-21149
MISC
google — androidIn multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-2622430152023-06-287.8CVE-2023-21172
MISC
google — androidIn isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-2358222222023-06-287.8CVE-2023-21174
MISC
google — androidIn onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-2622435742023-06-287.8CVE-2023-21175
MISC
google — androidIn parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-2727558652023-06-287.8CVE-2023-21179
MISC
apple — macosThe issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Big Sur 11.7.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges2023-06-237.8CVE-2023-23516
MISC
MISC
MISC
apple — macosA buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution2023-06-237.8CVE-2023-23539
MISC
apple — macosA type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges2023-06-237.8CVE-2023-27930
MISC
MISC
MISC
MISC
dell — precision_3570_firmwareDell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.2023-06-237.8CVE-2023-28073
MISC
apple — itunesA logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges2023-06-237.8CVE-2023-32351
MISC
apple — itunesA logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges2023-06-237.8CVE-2023-32353
MISC
apple — macosAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may lead to arbitrary code execution2023-06-237.8CVE-2023-32380
MISC
MISC
MISC
apple — macosA buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing an image may lead to arbitrary code execution2023-06-237.8CVE-2023-32384
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — macosA use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to execute arbitrary code with kernel privileges2023-06-237.8CVE-2023-32398
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — macosA logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges2023-06-237.8CVE-2023-32405
MISC
MISC
MISC
apple — iphone_osAn integer overflow was addressed with improved input validation. This issue is fixed in watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Big Sur 11.7.8, macOS Monterey 12.6.7, macOS Ventura 13.4.1, watchOS 9.5.2. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.2023-06-237.8CVE-2023-32434
MISC
MISC
MISC
MISC
MISC
MISC
MISC
admidio — admidioImproper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.2023-06-237.8CVE-2023-3302
MISC
CONFIRM
trendmicro — apex_oneAn untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145.2023-06-267.8CVE-2023-34144
MISC
MISC
trendmicro — apex_oneAn untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144.2023-06-267.8CVE-2023-34145
MISC
MISC
trendmicro — apex_oneAn exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148.2023-06-267.8CVE-2023-34146
MISC
MISC
trendmicro — apex_oneAn exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148.2023-06-267.8CVE-2023-34147
MISC
MISC
trendmicro — apex_oneAn exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.2023-06-267.8CVE-2023-34148
MISC
MISC
irontec — sngrepSngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c.2023-06-237.8CVE-2023-36192
MISC
gifsicle_project — gifsicleGifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c.2023-06-237.8CVE-2023-36193
MISC
wago — multiple_products
 
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets.2023-06-267.5CVE-2023-1150
MISC
dtstack — taierAn insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method.2023-06-237.5CVE-2023-29860
MISC
apple — macosA logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system2023-06-237.5CVE-2023-32397
MISC
MISC
MISC
MISC
microsoft — yet_another_reverse_proxyYet Another Reverse Proxy (YARP) Denial of Service Vulnerability2023-06-237.5CVE-2023-33141
MISC
diagrams — drawioDenial of Service in GitHub repository jgraph/drawio prior to 18.1.3.2023-06-267.5CVE-2023-3398
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.2023-06-237.5CVE-2023-34467
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.2023-06-237.5CVE-2023-35151
MISC
MISC
MISC
trendmicro — mobile_securityA remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product.2023-06-267.5CVE-2023-35695
MISC
MISC
webkul — qloappsAn unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application’s authentication and authorization mechanisms and retrieve the contents of an entire database.2023-06-237.5CVE-2023-36284
MISC
basecamp — basecampDirectory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application’s private directory. Additionally, by using a malicious intent, the attacker may redirect the server’s responses (containing sensitive information) to third-party applications by using a custom-crafted deeplink scheme.2023-06-257.5CVE-2023-36612
MISC
dell — alienware_updateDell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.2023-06-237.3CVE-2023-28065
MISC
yoga_class_registration_system_project — yoga_class_registration_systemYoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.2023-06-247.2CVE-2023-1721
MISC
MISC
wordpress — wordpressThe ERP WordPress plugin before 1.12.4 does not properly sanitize and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.2023-06-277.2CVE-2023-2744
MISC
fossbilling — fossbillingCode Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.2023-06-237.2CVE-2023-3393
MISC
MISC
dell — alienware_updateDell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).2023-06-237.1CVE-2023-28071
MISC
apple — macosAn authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to retain access to system configuration files even after its permission is revoked2023-06-237.1CVE-2023-32357
MISC
MISC
MISC
MISC
MISC
MISC
apple — macosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to cause unexpected system termination or read kernel memory2023-06-237.1CVE-2023-32420
MISC
MISC
MISC
MISC
apple — macosA race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges2023-06-237CVE-2023-32413
MISC
MISC
MISC
MISC
MISC
MISC
MISC
trendmicro — apex_oneA Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555.2023-06-267CVE-2023-32554
MISC
MISC
trendmicro — apex_oneA Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554.2023-06-267CVE-2023-32555
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
dell — alienware_m15_r7_firmwareDell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.2023-06-236.8CVE-2023-32480
MISC
google — androidthere is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-239867994References: N/A2023-06-286.7CVE-2023-21146
MISC
google — androidIn the Google BMS kernel module, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-265149414References: N/A2023-06-286.7CVE-2023-21151
MISC
google — androidIn Do_AIMS_SET_CALL_WAITING of imsservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-264259730References: N/A2023-06-286.7CVE-2023-21153
MISC
google — androidIn encode of wlandata.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783137References: N/A2023-06-286.7CVE-2023-21157
MISC
google — androidIn verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-2610852132023-06-286.7CVE-2023-21171
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-25936
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-25937
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-25938
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28026
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28027
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28028
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable2023-06-236.7CVE-2023-28029
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28030
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28031
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28032
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28033
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28034
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28035
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28036
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28039
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28040
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28041
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28042
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28044
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28050
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28052
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28054
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28056
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28058
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28059
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28060
MISC
dell — alienware_area_51m_r1_firmwareDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-236.7CVE-2023-28061
MISC
wordpress — wordpressThe KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users2023-06-276.5CVE-2023-2623
MISC
apple — macosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.2023-06-236.5CVE-2023-28204
MISC
MISC
MISC
MISC
MISC
MISC
apple — macosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information2023-06-236.5CVE-2023-32402
MISC
MISC
MISC
MISC
MISC
apple — macosA buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information2023-06-236.5CVE-2023-32423
MISC
MISC
MISC
MISC
MISC
trendmicro — mobile_securityTrend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32526.2023-06-266.5CVE-2023-32525
MISC
MISC
trendmicro — mobile_securityTrend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32525.2023-06-266.5CVE-2023-32526
MISC
MISC
wordpress — wordpressThe Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajax_store_save() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify plugin settings and inject malicious web scripts.2023-06-276.4CVE-2023-3412
MISC
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-07-016.3CVE-2021-31982
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-06-296.3CVE-2022-26899
MISC
apple — macosThe issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections2023-06-236.3CVE-2023-27940
MISC
MISC
MISC
apple — macosThe issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox2023-06-236.3CVE-2023-32371
MISC
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-07-016.1CVE-2021-34506
MISC
wordpress — wordpressThe wpbrutalai WordPress plugin before 2.0.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.2023-06-276.1CVE-2023-2605
MISC
wordpress — wordpressThe KiviCare WordPress plugin before 3.2.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator2023-06-276.1CVE-2023-2624
MISC
wordpress — wordpressThe ERP WordPress plugin before 1.12.4 does not sanitize and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.2023-06-276.1CVE-2023-2743
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin <= 11.6.0 versions.2023-06-236.1CVE-2023-29100
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions.2023-06-266.1CVE-2023-29427
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof theme <= 1.0.3 versions.2023-06-266.1CVE-2023-29430
MISC
trendmicro — apex_centralCertain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32532 through 32535.2023-06-266.1CVE-2023-32531
MISC
MISC
trendmicro — apex_centralCertain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.2023-06-266.1CVE-2023-32532
MISC
MISC
trendmicro — apex_centralCertain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.2023-06-266.1CVE-2023-32533
MISC
MISC
trendmicro — apex_centralCertain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.2023-06-266.1CVE-2023-32534
MISC
MISC
trendmicro — apex_centralCertain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32534.2023-06-266.1CVE-2023-32535
MISC
MISC
online_school_fees_system_project — online_school_fees_systemA vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-232237 was assigned to this vulnerability.2023-06-236.1CVE-2023-3381
MISC
MISC
MISC
game_result_matrix_system_project — game_result_matrix_systemA vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0. Affected by this issue is some unknown functionality of the file /dipam/save-delegates.php of the component GET Parameter Handler. The manipulation of the argument del_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-232238 is the identifier assigned to this vulnerability.2023-06-236.1CVE-2023-3382
MISC
MISC
MISC
wordpress — wordpressThe Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nsc_bar_content_href’ parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2.2023-06-246.1CVE-2023-3388
MISC
MISC
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <= 2.8.24 versions.2023-06-236.1CVE-2023-34012
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.2023-06-236.1CVE-2023-34021
MISC
wordpress — wordpress
 
The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on the ajax_store_save() function. This makes it possible for unauthenticated attackers to modify plugin settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-276.1CVE-2023-3411
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `<xwiki-host>/xwiki/bin/view/Main/?viewer=share&send=1&target=&target=%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Crenniepak%40intigriti.me%3E&includeDocument=inline&message=I+wanted+to+share+this+page+with+you.`, where `<xwiki-host>` is the URL of your XWiki installation. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8.2023-06-236.1CVE-2023-35155
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the delete template to perform a XSS, e.g. by using URL such as: > xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1. The vulnerability has been patched in XWiki 14.10.6 and 15.1. Note that a partial patch has been provided in 14.10.5 but wasn’t enough to entirely fix the vulnerability.2023-06-236.1CVE-2023-35156
MISC
MISC
MISC
MISC
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.2023-06-236.1CVE-2023-35158
MISC
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.2023-06-236.1CVE-2023-35159
MISC
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.2023-06-236.1CVE-2023-35160
MISC
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.2023-06-236.1CVE-2023-35161
MISC
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as: > <hostname>/xwiki/bin/get/FlamingoThemes/Cerulean xpage=xpart&vm=previewactions.vm&xcontinue=javascript:alert(document.domain). This vulnerability exists since XWiki 6.1-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.2023-06-236.1CVE-2023-35162
MISC
MISC
MISC
MISC
webkul — qloappsAn unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user’s session cookie and then impersonate that user via POST controller parameter.2023-06-236.1CVE-2023-36287
MISC
webkul — qloappsAn unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user’s session cookie and then impersonate that user via POST email_create and back parameter.2023-06-236.1CVE-2023-36289
MISC
codekop — codekopPOS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.2023-06-236.1CVE-2023-36346
MISC
MISC
wordpress — wordpress
 
The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail.2023-06-275.9CVE-2023-3132
MISC
MISC
apple — ipadosThis issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information2023-06-235.5CVE-2022-42792
MISC
apple — macosThis issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system2023-06-235.5CVE-2022-42860
MISC
MISC
MISC
apple — ipadosA logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences2023-06-235.5CVE-2022-46715
MISC
apple — macosA logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information2023-06-235.5CVE-2022-46718
MISC
MISC
MISC
MISC
google — androidIn FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-269174022References: N/A2023-06-285.5CVE-2023-21152
MISC
google — androidIn BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-264540700References: N/A2023-06-285.5CVE-2023-21155
MISC
google — androidIn convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-2532702852023-06-285.5CVE-2023-21168
MISC
google — androidIn multiple methods of DataUsageList.java, there is a possible way to learn about admin user’s network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2627418582023-06-285.5CVE-2023-21173
MISC
google — androidIn requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-2739064102023-06-285.5CVE-2023-21177
MISC
apple — macosThis issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences2023-06-235.5CVE-2023-28191
MISC
MISC
MISC
MISC
MISC
MISC
apple — macosThis issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app firewall setting may not take effect after exiting the Settings app2023-06-235.5CVE-2023-28202
MISC
MISC
MISC
MISC
trendmicro — apex_oneA privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.2023-06-265.5CVE-2023-30902
MISC
apple — macosA logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may bypass Gatekeeper checks2023-06-235.5CVE-2023-32352
MISC
MISC
MISC
MISC
MISC
apple — watchosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory2023-06-235.5CVE-2023-32354
MISC
MISC
MISC
apple — macosA logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system2023-06-235.5CVE-2023-32355
MISC
MISC
MISC
apple — macosAn authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An unauthenticated user may be able to access recently printed documents2023-06-235.5CVE-2023-32360
MISC
MISC
MISC
apple — macosA permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences2023-06-235.5CVE-2023-32363
MISC
apple — macosThis issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data2023-06-235.5CVE-2023-32367
MISC
MISC
apple — macosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory2023-06-235.5CVE-2023-32368
MISC
MISC
MISC
MISC
MISC
apple — macosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. Processing an image may result in disclosure of process memory2023-06-235.5CVE-2023-32372
MISC
MISC
MISC
MISC
apple — macosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory2023-06-235.5CVE-2023-32375
MISC
MISC
apple — macosThis issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to modify protected parts of the file system2023-06-235.5CVE-2023-32376
MISC
MISC
MISC
MISC
apple — macosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory2023-06-235.5CVE-2023-32382
MISC
MISC
MISC
apple — macosA denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination2023-06-235.5CVE-2023-32385
MISC
MISC
apple — macosA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences2023-06-235.5CVE-2023-32388
MISC
MISC
MISC
MISC
MISC
MISC
apple — macosThis issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory2023-06-235.5CVE-2023-32389
MISC
MISC
MISC
MISC
apple — macosA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information2023-06-235.5CVE-2023-32392
MISC
MISC
MISC
MISC
MISC
MISC
apple — macosA logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system2023-06-235.5CVE-2023-32395
MISC
MISC
MISC
apple — macosThe issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to read sensitive location information2023-06-235.5CVE-2023-32399
MISC
MISC
MISC
MISC
apple — macosThis issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Entitlements and privacy permissions granted to this app may be used by a malicious app2023-06-235.5CVE-2023-32400
MISC
MISC
MISC
apple — macosThis issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information2023-06-235.5CVE-2023-32403
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — macosThis issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. An app may be able to bypass Privacy preferences2023-06-235.5CVE-2023-32404
MISC
MISC
MISC
apple — macosA logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences2023-06-235.5CVE-2023-32407
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — macosThe issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. An app may be able to read sensitive location information2023-06-235.5CVE-2023-32408
MISC
MISC
MISC
MISC
MISC
MISC
apple — macosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to leak sensitive kernel state2023-06-235.5CVE-2023-32410
MISC
MISC
MISC
MISC
apple — macosThis issue was addressed with improved entitlements. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences2023-06-235.5CVE-2023-32411
MISC
MISC
MISC
MISC
MISC
apple — macosThis issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to read sensitive location information2023-06-235.5CVE-2023-32415
MISC
MISC
MISC
apple — macosThis issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to bypass Privacy preferences2023-06-235.5CVE-2023-32422
MISC
MISC
MISC
trendmicro — apex_oneA link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2023-06-265.5CVE-2023-32556
MISC
MISC
sqlite — sqlitesqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c.2023-06-235.5CVE-2023-36191
MISC
FEDORA
microsoft — edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-07-015.4CVE-2021-34475
MISC
ladybirdweb — faveo_helpdeskFaveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.2023-06-245.4CVE-2023-1724
MISC
MISC
apple — airpods_firmwareAn authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.2023-06-235.4CVE-2023-27964
MISC
zwaply — cryptocurrency_all-in-oneAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Zwaply Cryptocurrency All-in-One plugin <= 3.0.19 versions.2023-06-265.4CVE-2023-29435
MISC
iframe_shortcode_project — iframe_shortcodeAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flyn San IFrame Shortcode plugin <= 1.0.5 versions.2023-06-265.4CVE-2023-29436
MISC
trendmicro — apex_centralAffected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32537.2023-06-265.4CVE-2023-32536
MISC
trendmicro — apex_centralAffected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32536.2023-06-265.4CVE-2023-32537
MISC
trendmicro — apex_centralAffected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32605.2023-06-265.4CVE-2023-32604
MISC
trendmicro — apex_centralAffected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32604.2023-06-265.4CVE-2023-32605
MISC
admidio — admidioImproper Access Control in GitHub repository admidio/admidio prior to 4.2.9.2023-06-235.4CVE-2023-3304
CONFIRM
MISC
wordpress — wordpressThe Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘lana_text_to_image’ and ‘lana_text_to_img’ shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-245.4CVE-2023-3387
MISC
MISC
MISC
fossbilling — fossbillingSession Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.2023-06-235.4CVE-2023-3394
MISC
MISC
wordpress — wordpress
 
The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the ‘save_customer’ function. This makes it possible for unauthenticated attackers to change the admin role to customer or change the user meta to arbitrary values via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-285.4CVE-2023-3427
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the `displaycontent` or `rendercontent` template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user’s rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax.2023-06-235.4CVE-2023-34464
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title. Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload. The issue has been patched in XWiki 14.4.8, 14.10.4, and 15.0. As a workaround, update `AppWithinMinutes.ClassEditSheet` with a patch.2023-06-235.4CVE-2023-35153
MISC
MISC
MISC
webkul — qloappsAn unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user’s session cookie and then impersonate that user via GET configure parameter.2023-06-235.4CVE-2023-36288
MISC
trendmicro — apex_oneAn Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-325532023-06-265.3CVE-2023-32552
MISC
MISC
trendmicro — apex_oneAn Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552.2023-06-265.3CVE-2023-32553
MISC
MISC
wordpress — wordpress
 
The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the ‘lock_content_form_handler’ and ‘display_password_form’ function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.2023-06-275.3CVE-2023-3371
MISC
MISC
MISC
MISC
MISC
MISC
wago — multiple_products
 
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.2023-06-264.9CVE-2023-1619
MISC
wago — multiple_products
 
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.2023-06-264.9CVE-2023-1620
MISC
wordpress — wordpressThe Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-06-274.8CVE-2023-2711
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions.2023-06-234.8CVE-2023-27427
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions.2023-06-234.8CVE-2023-28751
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plainware ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions.2023-06-264.8CVE-2023-29424
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin <= 1.3.1 versions.2023-06-264.8CVE-2023-29434
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions.2023-06-234.8CVE-2023-32580
MISC
student_study_center_management_system_project — student_study_center_management_systemPhpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the “Admin Name” field on Admin Profile page.2023-06-264.8CVE-2023-33580
MISC
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin <= 1.2.1 versions.2023-06-234.8CVE-2023-35048
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6.2023-06-234.8CVE-2023-35157
MISC
MISC
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability2023-06-294.7CVE-2022-23264
MISC
dell — alienware_m15_r6_firmwareDell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.2023-06-234.6CVE-2023-28064
MISC
apple — macosThe issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6. A shortcut may be able to use sensitive data with certain actions without prompting the user2023-06-234.6CVE-2023-32391
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the ‘comment’ parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-294.4CVE-2023-1602
MISC
MISC
MISC
google — androidIn BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783657References: N/A2023-06-284.4CVE-2023-21148
MISC
google — androidIn handle_set_parameters_ctrl of hal_socket.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-267312009References: N/A2023-06-284.4CVE-2023-21150
MISC
google — androidIn StoreAdbSerialNumber of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783910References: N/A2023-06-284.4CVE-2023-21154
MISC
google — androidIn BuildGetRadioNode of protocolmiscbulider.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the modem with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kerne lAndroid ID: A-264540759References: N/A2023-06-284.4CVE-2023-21156
MISC
google — androidIn inviteInternal of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2744434412023-06-284.4CVE-2023-21169
MISC
google — androidIn executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2527644102023-06-284.4CVE-2023-21170
MISC
google — androidIn list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2222873352023-06-284.4CVE-2023-21176
MISC
wordpress — wordpress
 
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36735
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the export_json, import_json, and status_logs_file functions. This makes it possible for unauthenticated attackers to import/export settings and trigger logs showing via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36736
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to display an import status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36737
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36738
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the my_fts_fb_load_more() function. This makes it possible for unauthenticated attackers to load feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36739
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36740
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36741
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to edit meta field values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36742
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to update product meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36743
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36744
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36745
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswp_save_meta() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36746
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to save metbox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36747
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36748
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2020-36749
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the load_images_thumbnail() and edit_gallery() functions. This makes it possible for unauthenticated attackers to edit galleries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4384
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpressThe Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3wordpress — wordpressCVE-2021-4387
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.2023-07-014.3CVE-2021-4388
MISC
MISC
MISC
wordpress — wordpress
 
The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4389
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. This makes it possible for unauthenticated attackers to quick edit templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4390
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4391
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to save product meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4392
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save manual digital orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4393
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4395
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the save_rc_post_meta() function. This makes it possible for unauthenticated attackers to save post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4396
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4397
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization(), connection_test_initiater(), admin_menus(), and subscribe_handler() function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4399
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process_settings_import() and bsearch_process_settings_export() functions. This makes it possible for unauthenticated attackers to import and export settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4400
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently() functions. This makes it possible for unauthenticated attackers to add additional roles to users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4402
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the validate() function. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4403
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. This makes it possible for unauthenticated attackers to op into notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4404
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed parameters for autosuggest to elasticpress[.]io via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-014.3CVE-2021-4405
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — macosA logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key2023-06-234.3CVE-2022-42807
MISC
wordpress — wordpress
 
The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.2023-06-284.3CVE-2023-1844
MISC
MISC
MISC
wordpress — wordpressThe KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin’s settings2023-06-274.3CVE-2023-2627
MISC
wordpress — wordpress
 
The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to users on sites running a vulnerable version of this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-284.3CVE-2023-3407
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.2023-06-234.3CVE-2023-34466
MISC
MISC
google — androidIn installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-1407624192023-06-284.1CVE-2023-21178
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
admidio — admidioImproper Access Control in GitHub repository admidio/admidio prior to 4.2.9.2023-06-233.5CVE-2023-3303
MISC
CONFIRM
apple — macosAn access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression2023-06-233.3CVE-2022-42834
MISC
MISC
MISC
apple — macosA privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to observe unprotected user data2023-06-233.3CVE-2023-32386
MISC
MISC
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability2023-07-013.1CVE-2021-42307
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability2023-06-293.1CVE-2022-29147
MISC
apple — ipadosThe issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, iOS 15.7.6 and iPadOS 15.7.6. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication2023-06-232.4CVE-2023-32365
MISC
MISC
apple — macosThe issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. A person with physical access to a device may be able to view contact information from the lock screen2023-06-232.4CVE-2023-32394
MISC
MISC
MISC
MISC
apple — watchosThis issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features2023-06-232.4CVE-2023-32417
MISC
apple — macosThe issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup2023-06-232.1CVE-2023-32390
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
jetbrains — teamcity
 
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.2023-06-29not yet calculatedCVE-2015-1313
MISC
MISC
gnu_c_library — gnu_c_library
 
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.2023-06-25not yet calculatedCVE-2015-20109
MISC
espcms — espcms
 
An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter.2023-06-27not yet calculatedCVE-2020-18404
MISC
cmseasy — cmseasy
 
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.2023-06-27not yet calculatedCVE-2020-18406
MISC
catfishcms — catfishcms
 
Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html.2023-06-27not yet calculatedCVE-2020-18409
MISC
chaoji_cms — chaoji_cms
 
A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges.2023-06-27not yet calculatedCVE-2020-18410
MISC
chaoji_cms — chaoji_cms
 
Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code.2023-06-27not yet calculatedCVE-2020-18413
MISC
chaoji_cms — chaoji_cms
 
Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset.2023-06-27not yet calculatedCVE-2020-18414
MISC
jymusic — jymusic
 
An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information.2023-06-27not yet calculatedCVE-2020-18416
MISC
feifeicms — feifeicms
 
A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.2023-06-27not yet calculatedCVE-2020-18418
MISC
MISC
semcms_php — semcms_php
 
File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges.2023-06-30not yet calculatedCVE-2020-18432
MISC
cryptoprof_wcms — cryptoprof_wcms
 
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter.2023-06-27not yet calculatedCVE-2020-19902
MISC
bludit — bludit
 
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.2023-06-26not yet calculatedCVE-2020-20210
MISC
jquery — jquery
 
Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.2023-06-26not yet calculatedCVE-2020-23064
MISC
MISC
ez_systems — as_ezpublish_platform/ez_publish_legacy
 
Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.2023-06-26not yet calculatedCVE-2020-23065
MISC
tinycme — tinycme
 
Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v.5.0.0 thru v.5.1.4 allows an attacker to execute arbitrary code via the editor function.2023-06-26not yet calculatedCVE-2020-23066
MISC
MISC
requests-xml — requests-xml
 
requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.2023-06-29not yet calculatedCVE-2020-26708
MISC
py-xml — py-xml
 
py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.2023-06-29not yet calculatedCVE-2020-26709
MISC
easy-parse — easy-parse
 
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.2023-06-29not yet calculatedCVE-2020-26710
MISC
emby — emby_server
 
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.2023-06-28not yet calculatedCVE-2021-25827
MISC
MISC
CONFIRM
emby — emby_server
 
Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web.2023-06-28not yet calculatedCVE-2021-25828
MISC
dzzoffice– dzzoffice
 
A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML.2023-06-27not yet calculatedCVE-2021-30203
MISC
dzzoffice — dzzoffice
 
Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames.2023-06-27not yet calculatedCVE-2021-30205
MISC
jfinal — jfinal
 
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.2023-06-26not yet calculatedCVE-2021-31635
MISC
google — android
 
In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-1944809912023-06-28not yet calculatedCVE-2022-20443
MISC
ibm — qradar_siem
 
IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. IBM X-Force ID: 230403.2023-06-27not yet calculatedCVE-2022-34352
MISC
MISC
tenda — ac6_ac1200
 
Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.2023-06-26not yet calculatedCVE-2022-40010
MISC
wordpress — wordpress
 
The Editorial Calendar WordPress plugin through 3.7.12 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users.2023-06-27not yet calculatedCVE-2022-4115
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization2023-06-28not yet calculatedCVE-2022-4143
CONFIRM
MISC
MISC
responsive_filemanager– responsive_filemanager
 
In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE.2023-06-28not yet calculatedCVE-2022-44276
MISC
ucopia — weblib
 
An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions.2023-06-29not yet calculatedCVE-2022-44719
MISC
MISC
ucopia — weblib
 
An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot.2023-06-29not yet calculatedCVE-2022-44720
MISC
MISC
ericsson — network_manager
 
Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability2023-06-29not yet calculatedCVE-2022-46407
MISC
ericsson — network_manager
 
Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability.2023-06-29not yet calculatedCVE-2022-46408
MISC
widevine — trusted_application
 
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow.2023-06-26not yet calculatedCVE-2022-48331
MISC
widevine — trusted_application
 
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow.2023-06-26not yet calculatedCVE-2022-48332
MISC
widevine — trusted_application
 
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow.2023-06-26not yet calculatedCVE-2022-48333
MISC
widevine — trusted_application
 
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow.2023-06-26not yet calculatedCVE-2022-48334
MISC
widevine — trusted_application
 
Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow.2023-06-26not yet calculatedCVE-2022-48335
MISC
widevine — trusted_application
 
Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow.2023-06-26not yet calculatedCVE-2022-48336
MISC
apple — macos
 
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system2023-06-28not yet calculatedCVE-2022-48505
MISC
wordpress — wordpress
 
The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin.2023-06-27not yet calculatedCVE-2023-0588
MISC
wordpress — wordpress
 
The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-06-27not yet calculatedCVE-2023-0873
MISC
wordpress — wordpress
 
The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).2023-06-27not yet calculatedCVE-2023-1166
MISC
linux — kernel
 
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.2023-06-30not yet calculatedCVE-2023-1206
MISC
linux — kernel
 
A time-of-check to time-of-use issue exists in io_uring subsystem’s IORING_OP_CLOSE operation in the Linux kernel’s versions 5.6 – 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.2023-06-28not yet calculatedCVE-2023-1295
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting2023-06-27not yet calculatedCVE-2023-1891
MISC
cisco — cisco_adaptive_security_appliance
 
A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload.2023-06-28not yet calculatedCVE-2023-20006
CISCO
cisco — cisco_web_security_appliance
 
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.2023-06-28not yet calculatedCVE-2023-20028
CISCO
tenable — multiple_products
 
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.2023-06-26not yet calculatedCVE-2023-2005
MISC
cisco — cisco_telepresence_video_communication_server
 
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: “Cisco Expressway Series” refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory.2023-06-28not yet calculatedCVE-2023-20105
CISCO
cisco — cisco_unified_communications_manager
 
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&amp;P users who were authenticated prior to an attack.2023-06-28not yet calculatedCVE-2023-20108
CISCO
cisco — cisco_unified_communications_manager
 
A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.2023-06-28not yet calculatedCVE-2023-20116
CISCO
cisco — cisco_web_security_appliance
 
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.2023-06-28not yet calculatedCVE-2023-20119
CISCO
cisco — cisco_web_security_appliance
 
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.2023-06-28not yet calculatedCVE-2023-20120
CISCO
cisco — cisco_secure_workload
 
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels.2023-06-28not yet calculatedCVE-2023-20136
CISCO
cisco — cisco_anyconnect_secure_mobility_client
 
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.2023-06-28not yet calculatedCVE-2023-20178
CISCO
cisco — cisco_small_business_smart_and_managed_switches
 
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. Cisco has not released software updates to address this vulnerability.2023-06-28not yet calculatedCVE-2023-20188
CISCO
cisco — cisco_telepresence_video_communication_server_expressway
 
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: “Cisco Expressway Series” refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory.2023-06-28not yet calculatedCVE-2023-20192
CISCO
cisco — cisco_duo
 
A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission.2023-06-28not yet calculatedCVE-2023-20199
CISCO
wordpress — wordpress
 
The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities.2023-06-27not yet calculatedCVE-2023-2032
MISC
wordpress — wordpress
 
The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.2023-06-27not yet calculatedCVE-2023-2068
MISC
google — android
 
In encode of miscdata.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783635References: N/A2023-06-28not yet calculatedCVE-2023-21158
MISC
google — android
 
In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783565References: N/A2023-06-28not yet calculatedCVE-2023-21159
MISC
google — android
 
In BuildSetTcsFci of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263784118References: N/A2023-06-28not yet calculatedCVE-2023-21160
MISC
google — android
 
In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783702References: N/A2023-06-28not yet calculatedCVE-2023-21161
MISC
google — android
 
In setProfileName of DevicePolicyManagerService.java, there is a possible way to crash the SystemUI menu due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2599429642023-06-28not yet calculatedCVE-2023-21167
MISC
google — android
 
In xmlParseTryOrFinish of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2613659442023-06-28not yet calculatedCVE-2023-21180
MISC
google — android
 
In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2648809692023-06-28not yet calculatedCVE-2023-21181
MISC
google — android
 
In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-2527641752023-06-28not yet calculatedCVE-2023-21182
MISC
google — android
 
In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2358637542023-06-28not yet calculatedCVE-2023-21183
MISC
google — android
 
In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2678095682023-06-28not yet calculatedCVE-2023-21184
MISC
google — android
 
In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2667007622023-06-28not yet calculatedCVE-2023-21185
MISC
google — android
 
In LogResponse of Dns.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2610791882023-06-28not yet calculatedCVE-2023-21186
MISC
google — android
 
In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2465429172023-06-28not yet calculatedCVE-2023-21187
MISC
google — android
 
In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2646242832023-06-28not yet calculatedCVE-2023-21188
MISC
google — android
 
In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2139425962023-06-28not yet calculatedCVE-2023-21189
MISC
google — android
 
In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2514365342023-06-28not yet calculatedCVE-2023-21190
MISC
google — android
 
In fixNotification of NotificationManagerService.java, there is a possible bypass of notification hide preference due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2697380572023-06-28not yet calculatedCVE-2023-21191
MISC
google — android
 
In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2272076532023-06-28not yet calculatedCVE-2023-21192
MISC
google — android
 
In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2330064992023-06-28not yet calculatedCVE-2023-21193
MISC
google — android
 
In gatt_dbg_op_name of gatt_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2600791412023-06-28not yet calculatedCVE-2023-21194
MISC
google — androidIn btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth, if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2338794202023-06-28not yet calculatedCVE-2023-21195
MISC
google — android
 
In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2618573952023-06-28not yet calculatedCVE-2023-21196
MISC
google — android
 
In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2514275612023-06-28not yet calculatedCVE-2023-21197
MISC
google — android
 
In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2455175032023-06-28not yet calculatedCVE-2023-21198
MISC
google — android
 
In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2544459612023-06-28not yet calculatedCVE-2023-21199
MISC
google — android
 
In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2366887642023-06-28not yet calculatedCVE-2023-21200
MISC
google — android
 
In on_create_record_event of btif_sdp_server.cc, there is a possible out of bounds read due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2635451862023-06-28not yet calculatedCVE-2023-21201
MISC
google — android
 
In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2605683592023-06-28not yet calculatedCVE-2023-21202
MISC
google — android
 
In startWpsPbcInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2622460822023-06-28not yet calculatedCVE-2023-21203
MISC
google — android
 
In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2622462312023-06-28not yet calculatedCVE-2023-21204
MISC
google — android
 
In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2622453762023-06-28not yet calculatedCVE-2023-21205
MISC
google — android
 
In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2622456302023-06-28not yet calculatedCVE-2023-21206
MISC
google — android
 
In initiateTdlsSetupInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2622366702023-06-28not yet calculatedCVE-2023-21207
MISC
google — android
 
In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2622452542023-06-28not yet calculatedCVE-2023-21208
MISC
google — android
 
In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2622362732023-06-28not yet calculatedCVE-2023-21209
MISC
google — android
 
In initiateHs20IconQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2622363312023-06-28not yet calculatedCVE-2023-21210
MISC
google — android
 
In multiple files, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2622359982023-06-28not yet calculatedCVE-2023-21211
MISC
google — android
 
In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2622360312023-06-28not yet calculatedCVE-2023-21212
MISC
google — android
 
In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2622359512023-06-28not yet calculatedCVE-2023-21213
MISC
google — android
 
In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2622357362023-06-28not yet calculatedCVE-2023-21214
MISC
google — android
 
there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-264698379References: N/A2023-06-28not yet calculatedCVE-2023-21219
MISC
google — android
 
there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-264590585References: N/A2023-06-28not yet calculatedCVE-2023-21220
MISC
google — android
 
In load_dt_data of storage.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-266977723References: N/A2023-06-28not yet calculatedCVE-2023-21222
MISC
google — android
 
In LPP_ConvertGNSS_DataBitAssistance of LPP_CommonUtil.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-256047000References: N/A2023-06-28not yet calculatedCVE-2023-21223
MISC
google — android
 
In ss_ProcessReturnResultComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-265276966References: N/A2023-06-28not yet calculatedCVE-2023-21224
MISC
google — android
 
there is a possible way to bypass the protected confirmation screen due to Failure to lock display power. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android kernel Android ID: A-270403821References: N/A2023-06-28not yet calculatedCVE-2023-21225
MISC
google — android
 
In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-240728187References: N/A2023-06-28not yet calculatedCVE-2023-21226
MISC
google — android
 
In aoc_service_set_read_blocked of aoc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-270148537References: N/A2023-06-28not yet calculatedCVE-2023-21236
MISC
google — androidIn applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-2515869122023-06-28not yet calculatedCVE-2023-21237
MISC
samsung_mobile — multiple_products
 
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.2023-06-28not yet calculatedCVE-2023-21512
MISC
samsung_mobile — multiple_products
 
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.2023-06-28not yet calculatedCVE-2023-21513
MISC
samsung_mobile — multiple_products
 
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.2023-06-28not yet calculatedCVE-2023-21517
MISC
samsung_mobile — multiple_products
 
Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.2023-06-28not yet calculatedCVE-2023-21518
MISC
wordpress — wordpress
 
The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-06-27not yet calculatedCVE-2023-2178
MISC
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix2023-06-28not yet calculatedCVE-2023-2232
MISC
CONFIRM
MISC
checkmk — checkmk
 
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.2023-06-26not yet calculatedCVE-2023-22359
MISC
ibm — robotic_process_automation_for_cloud_pak
 
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.2023-06-27not yet calculatedCVE-2023-22593
MISC
MISC
western_digital — my_cloud_os
 
An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.2023-07-01not yet calculatedCVE-2023-22814
MISC
western_digital — my_cloud_os
 
Post-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This issue affects My Cloud OS 5 devices: before 5.26.300.2023-06-30not yet calculatedCVE-2023-22815
MISC
western_digital — my_cloud_os
 
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300.2023-06-30not yet calculatedCVE-2023-22816
MISC
palantir — contour
 
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.2023-06-27not yet calculatedCVE-2023-22834
MISC
oracle — apache_airflow
 
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.2023-06-29not yet calculatedCVE-2023-22886
MISC
lenovo — thinkpad
 
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.2023-06-26not yet calculatedCVE-2023-2290
MISC
wordpress — wordpressThe Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack2023-06-27not yet calculatedCVE-2023-2326
MISC
ibm — robotic_process_automation_for_cloud_pak
 
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.2023-06-27not yet calculatedCVE-2023-23468
MISC
MISC
wordpress — wordpress
 
The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin.2023-06-27not yet calculatedCVE-2023-2482
MISC
autodesk — navisworks
 
A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.2023-06-27not yet calculatedCVE-2023-25001
MISC
autodesk — multiple_products
 
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.2023-06-27not yet calculatedCVE-2023-25002
MISC
autodesk — multiple_products
 
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.2023-06-27not yet calculatedCVE-2023-25004
MISC
quiltmc — quiltmc
 
MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.2023-06-26not yet calculatedCVE-2023-25306
MISC
quiltmc — quiltmc
 
nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal.2023-06-26not yet calculatedCVE-2023-25307
MISC
MISC
libtiff — libtiff
 
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.2023-06-29not yet calculatedCVE-2023-25433
MISC
MISC
wordpress — wordpress
 
The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).2023-06-27not yet calculatedCVE-2023-2580
MISC
wordpress — wordpress
 
The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.2023-06-27not yet calculatedCVE-2023-2592
MISC
arm — nn
 
A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.2023-06-29not yet calculatedCVE-2023-26085
MISC
CONFIRM
git-commit-info — git-commit-info
 
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content.2023-06-28not yet calculatedCVE-2023-26134
MISC
MISC
MISC
flatnest — flatnest
 
All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in flatnest/nest.js file.2023-06-30not yet calculatedCVE-2023-26135
MISC
MISC
MISC
tough-cookie — tough-cookie
 
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.2023-07-01not yet calculatedCVE-2023-26136
MISC
MISC
MISC
MISC
hitachi_energy — txpert_hub_coretec_4
 
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system.2023-06-28not yet calculatedCVE-2023-2625
MISC
ibm — qradar_siemIBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.2023-06-27not yet calculatedCVE-2023-26273
MISC
MISC
ibm — qradar_siem
 
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144.2023-06-27not yet calculatedCVE-2023-26274
MISC
MISC
ibm — qradar_siem
 
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147.2023-06-27not yet calculatedCVE-2023-26276
MISC
MISC
hp_inc. — hp_pc_products_using_ami_uefi_firmware
 
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.2023-06-30not yet calculatedCVE-2023-26299
MISC
d-link — dir-823
 
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo.2023-06-29not yet calculatedCVE-2023-26612
MISC
MISC
d-link — dir-823
 
An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted get request to excu_shel.2023-06-29not yet calculatedCVE-2023-26613
MISC
MISC
d-link — dir-823
 
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.2023-06-28not yet calculatedCVE-2023-26615
MISC
MISC
d-link — dir-823
 
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.2023-06-29not yet calculatedCVE-2023-26616
MISC
MISC
libtiff — libtiff
 
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.2023-06-29not yet calculatedCVE-2023-26966
MISC
MISC
pluck_cms
— pluck_cms
 
Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.2023-06-26not yet calculatedCVE-2023-27082
MISC
malwarebytes — anti-exploit
 
Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a ‘\0’ character.2023-06-30not yet calculatedCVE-2023-27469
MISC
MISC
ibm — informix_jdbc_driver
 
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511.2023-06-28not yet calculatedCVE-2023-27866
MISC
MISC
wordpress — wordpress
 
The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-06-27not yet calculatedCVE-2023-2795
MISC
proofpoint — insider_threat_management_agent_for_windows
 
An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents for MacOS and Linux and Cloud are unaffected.2023-06-27not yet calculatedCVE-2023-2818
MISC
ivanti — ivanti_endpoint_manager
 
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.2023-07-01not yet calculatedCVE-2023-28323
MISC
ivanti — ivanti_endpoint_manager
 
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.2023-07-01not yet calculatedCVE-2023-28324
MISC
brave_software — brave_browser_for_android
 
An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.2023-07-01not yet calculatedCVE-2023-28364
MISC
ubiquiti_inc. — unifi_applications_for_linux
 
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.2023-07-01not yet calculatedCVE-2023-28365
MISC
newspicks_inc. — newspicks_app_for_android
 
“NewsPicks” App for Android versions 10.4.5 and earlier and “NewsPicks” App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.2023-06-30not yet calculatedCVE-2023-28387
MISC
MISC
MISC
wordpress — wordpress
 
The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack2023-06-27not yet calculatedCVE-2023-2842
MISC
mitsuibishi_electric_corporation — melsec_iq-f_series
 
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.2023-06-30not yet calculatedCVE-2023-2846
MISC
MISC
MISC
wekan — wekan
 
A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads.2023-06-26not yet calculatedCVE-2023-28485
MISC
MISC
MISC
wordpress — wordpress
 
The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.2023-06-27not yet calculatedCVE-2023-2877
MISC
apareo — cas
 
Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “ssl_client_cert”. When checking the validity of the provided client certificate, X509CredentialsAuthenticationHandler performs check that this certificate is not revoked. To do so, it fetches URLs provided in the “CRL Distribution Points” extension of the certificate, which are taken from the certificate itself and therefore can be controlled by a malicious user. If the CAS server is configured to use an LDAP server for x509 authentication with a password, for example by setting a “cas.authn.x509.ldap.ldap-url” and “cas.authn.x509.ldap.bind-credential” properties, X509CredentialsAuthenticationHandler fetches revocation URLs from the certificate, which can be LDAP urls. When making requests to this LDAP urls, Apereo CAS uses the same password as for initially configured LDAP server, which can lead to a password leak. An unauthenticated user can leak the password used to LDAP connection configured on server. This issue has been addressed in version 6.6.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-27not yet calculatedCVE-2023-28857
MISC
MISC
MISC
trend_micro_inc. — trend_micro_security
 
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.2023-06-26not yet calculatedCVE-2023-28929
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce plugin <= 2.1.48 versions.2023-06-26not yet calculatedCVE-2023-28988
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin <= 3.0.19 versions.2023-06-26not yet calculatedCVE-2023-28991
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates – WooCommerce Affiliate Plugin plugin <= 5.4.3 versions.2023-06-26not yet calculatedCVE-2023-28992
MISC
autodesk — multiple_products
 
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2023-06-27not yet calculatedCVE-2023-29068
MISC
libtiff — libtiff
 
A null pointer dereference issue was discovered in Libtiff’s tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.2023-06-30not yet calculatedCVE-2023-2908
MISC
MISC
MISC
MISC
wordpress — wordpress
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PI Websolution Conditional cart fee plugin <= 1.0.96 versions.2023-06-26not yet calculatedCVE-2023-29093
MISC
malwarebytes — edr_1.0.11_for_linux
 
The Malwarebytes EDR 1.0.11 for Linux driver doesn’t properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.2023-06-30not yet calculatedCVE-2023-29145
MISC
MISC
malwarebytes — edr_1.0.11_for_linux
 
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.2023-06-30not yet calculatedCVE-2023-29147
MISC
MISC
bosch — building_integration_system
 
Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network2023-06-30not yet calculatedCVE-2023-29241
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin <= 1.3.2 versions.2023-06-26not yet calculatedCVE-2023-29423
MISC
wordpress — wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Steven A. Zahm Connections Business Directory plugin <= 10.4.36 versions.2023-06-26not yet calculatedCVE-2023-29437
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <= 1.2.9 versions.2023-06-26not yet calculatedCVE-2023-29438
MISC
laola.redbull — laola.redbull_application_for_android
 
The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application’s webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation.2023-06-26not yet calculatedCVE-2023-29459
MISC
MISC
lenovo — multiple_products
 
An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.2023-06-26not yet calculatedCVE-2023-2992
MISC
lenovo — multiple_products
 
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.2023-06-26not yet calculatedCVE-2023-2993
MISC
wordpress — wordpress
 
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.2023-06-27not yet calculatedCVE-2023-2996
MISC
MISC
librecad — librecad
 
A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file.2023-06-28not yet calculatedCVE-2023-30259
MISC
openwb– openwb
 
Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request.2023-06-26not yet calculatedCVE-2023-30261
MISC
MISC
MISC
bkg — ntrip_professional_caster
 
Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions <=2.0.442023-06-28not yet calculatedCVE-2023-3034
MISC
MISC
openssl — openssl
 
A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process’s stack memory to locate the permission model Permission::enabled_ in the host process’s heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.2023-07-01not yet calculatedCVE-2023-30586
MISC
node.js — node.js
 
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v202023-07-01not yet calculatedCVE-2023-30589
MISC
linux — kernel
 
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.2023-06-28not yet calculatedCVE-2023-3090
MISC
MISC
palantir — multiple_products
 
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.2023-06-26not yet calculatedCVE-2023-30945
MISC
palantir — foundry
 
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry’s Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.2023-06-29not yet calculatedCVE-2023-30946
MISC
palantir — foundry
 
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to ‘Developer Mode’. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.2023-06-29not yet calculatedCVE-2023-30955
MISC
ibm — cloud_pak_for_security

 

IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant’s account. IBM X-Force ID: 254136.2023-06-27not yet calculatedCVE-2023-30993
MISC
MISC
lenovo — xclarity_administrator
 
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA’s Common Information Model (CIM) server that could result in read-only access to specific files.2023-06-26not yet calculatedCVE-2023-3113
MISC
linux — kernel
 
A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system.2023-06-30not yet calculatedCVE-2023-3117
MISC
medtronic — paceart_optima_for_windows
 
Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic’s Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.2023-06-29not yet calculatedCVE-2023-31222
MISC
libx11 — libx11
 
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.2023-06-28not yet calculatedCVE-2023-3138
MISC
MISC
MISC
MISC
pipreqs — pipreqs
 
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.2023-06-30not yet calculatedCVE-2023-31543
MISC
MISC
ubiquiti_inc. — unifi_os
 
UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. “Applicable Cloud Keys” include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.2023-07-01not yet calculatedCVE-2023-31997
MISC
d-link — dsl-g256dg
 
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.2023-06-28not yet calculatedCVE-2023-32222
MISC
d-link — dsl-224
 
D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method.2023-06-28not yet calculatedCVE-2023-32223
MISC
d-link — dsl-224
 
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts2023-06-28not yet calculatedCVE-2023-32224
MISC
ibm — business_automation_workflow
 
IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587.2023-06-27not yet calculatedCVE-2023-32339
MISC
MISC
MISC
implem_inc. — pleasanter
 
Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.2023-06-30not yet calculatedCVE-2023-32607
MISC
MISC
implem_inc. — pleasanter
 
Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server.2023-06-30not yet calculatedCVE-2023-32608
MISC
MISC
synck_graphica — mailform_pro_cgiMailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.2023-06-29not yet calculatedCVE-2023-32610
MISC
MISC
MISC
wavlink_technology_ltd. — wl-wn531ax2
 
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.2023-06-30not yet calculatedCVE-2023-32612
MISC
MISC
wavlink_technology_ltd. — wl-wn531ax2
 
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.2023-06-30not yet calculatedCVE-2023-32613
MISC
MISC
wavlink_technology_ltd. — wl-wn531ax2
 
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.2023-06-30not yet calculatedCVE-2023-32620
MISC
MISC
wavlink_technology_ltd. — wl-wn531ax2
 
WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege.2023-06-30not yet calculatedCVE-2023-32621
MISC
MISC
wavlink_technology_ltd. — wl-wn531ax2
 
Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege.2023-06-30not yet calculatedCVE-2023-32622
MISC
MISC
monkey_wrench_inc. — snow_monkey_forms
 
Directory traversal vulnerability in Snow Monkey Forms versions v5.1.0 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server.2023-06-28not yet calculatedCVE-2023-32623
MISC
MISC
bigbluebutton — bigbluebutton
 
BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presentation should be downloaded. This URL was being used without having been successfully validated first. An update to the `followRedirect` method in the `PresentationUrlDownloadService` has been made to validate all URLs to be used for presentation download. Two new properties `presentationDownloadSupportedProtocols` and `presentationDownloadBlockedHosts` have also been added to `bigbluebutton.properties` to allow administrators to define what protocols a URL must use and to explicitly define hosts that a presentation cannot be downloaded from. All URLs passed to `insertDocument` must conform to the requirements of the two previously mentioned properties. Additionally, these URLs must resolve to valid addresses, and these addresses must not be local or loopback addresses. There are no workarounds. Users are advised to upgrade to a patched version of BigBlueButton.2023-06-26not yet calculatedCVE-2023-33176
MISC
MISC
MISC
MISC
MISC
sealos — sealos
 
Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-29not yet calculatedCVE-2023-33190
MISC
MISC
gira_giersiepen — gira_knx/ip-router
 
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a “404 – Not Found” status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS).2023-06-30not yet calculatedCVE-2023-33276
MISC
MISC
gira_giersiepen — gira_knx/ip-router
 
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL.2023-06-29not yet calculatedCVE-2023-33277
MISC
MISC
perimeter81 — perimeter81_for_macos
 
com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath.2023-06-30not yet calculatedCVE-2023-33298
MISC
MISC
nec_corporation — multiple_products
 
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.2023-06-28not yet calculatedCVE-2023-3330
MISC
nec_corporation — multiple_products
 
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product.2023-06-28not yet calculatedCVE-2023-3331
MISC
nec_corporation — multiple_products
 
Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to  execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.2023-06-28not yet calculatedCVE-2023-3332
MISC
nec_corporation — multiple_products
 
Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.2023-06-28not yet calculatedCVE-2023-3333
MISC
sophos — web_appliance
 
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.2023-06-30not yet calculatedCVE-2023-33336
MISC
linux — kernel
 
A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system.2023-06-30not yet calculatedCVE-2023-3338
MISC
blogengine.net — blogengine.net
 
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.2023-06-26not yet calculatedCVE-2023-33404
MISC
discourse — discourse
 
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).2023-06-29not yet calculatedCVE-2023-33466
MISC
linux — kernel
 
A NULL pointer dereference flaw was found in the Linux kernel’s drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system.2023-06-28not yet calculatedCVE-2023-3355
MISC
ros — ros2_foxy_fitzroy
 
An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the normal operations of the system or cause other potentially harmful behavior.2023-06-27not yet calculatedCVE-2023-33566
MISC
ros — ros2_foxy_fitzroy
 
An unauthorized access vulnerability has been discovered in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information.2023-06-27not yet calculatedCVE-2023-33567
MISC
linux — kernel
 
A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.2023-06-28not yet calculatedCVE-2023-3357
MISC
bagisto — bagisto
 
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).2023-06-28not yet calculatedCVE-2023-33570
MISC
linux — kernel
 
A null pointer dereference was found in the Linux kernel’s Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.2023-06-28not yet calculatedCVE-2023-3358
MISC
linux — kernel
 
An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference.2023-06-28not yet calculatedCVE-2023-3359
MISC
sourcecodester — lost_and_found_information_systemLost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.2023-06-28not yet calculatedCVE-2023-33592
MISC
MISC
church_crm — church_crm
 
Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.2023-06-29not yet calculatedCVE-2023-33661
MISC
linux — kernel
 
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).2023-06-28not yet calculatedCVE-2023-3389
MISC
MISC
MISC
MISC
MISC
MISC
linux — kernel
 
A use-after-free vulnerability was found in the Linux kernel’s netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.2023-06-28not yet calculatedCVE-2023-3390
MISC
MISC
campcodes — retro_cellphone_online_store
 
A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232351.2023-06-25not yet calculatedCVE-2023-3396
MISC
MISC
MISC
m-files — m-files_server
 
Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service2023-06-27not yet calculatedCVE-2023-3405
MISC
shopware — shopware
 
Shopware is an open source e-commerce software. Due to an incorrect configuration in the `.htaccess` file, the configuration file of the Javascript could be read in production environments (`themes/package-lock.json`). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability.2023-06-27not yet calculatedCVE-2023-34098
MISC
MISC
MISC
MISC
shopware — shopware
 
Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.2023-06-27not yet calculatedCVE-2023-34099
MISC
MISC
MISC
MISC
cloudexplorer-dev — cloudexplorer-lite
 
Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.2023-06-27not yet calculatedCVE-2023-3423
MISC
MISC
cloudexplorer-dev — cloudexplorer-lite
 
Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong passwords. This vulnerability has been fixed in version 1.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-27not yet calculatedCVE-2023-34240
MISC
plantuml — plantum
 
Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.2023-06-27not yet calculatedCVE-2023-3431
MISC
MISC
plantuml — plantum
 
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.2023-06-27not yet calculatedCVE-2023-3432
MISC
MISC
xpdf — xpdf
 
Xpdf 4.04 will deadlock on a PDF object stream whose “Length” field is itself in another object stream.2023-06-27not yet calculatedCVE-2023-3436
MISC
linux — kernel
 
A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device’s relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.2023-06-28not yet calculatedCVE-2023-3439
MISC
MISC
MLIST
oracle — apache_airflow
 
Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0.2023-06-27not yet calculatedCVE-2023-34395
MISC
MISC
lenovo — xclarity_administrator
 
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.2023-06-26not yet calculatedCVE-2023-34418
MISC
lenovo — xclarity_administrator
 
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.2023-06-26not yet calculatedCVE-2023-34420
MISC
lenovo — xclarity_administrator
 
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.2023-06-26not yet calculatedCVE-2023-34421
MISC
lenovo — xclarity_administrator
 
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.2023-06-26not yet calculatedCVE-2023-34422
MISC
spinacms — spinacms
 
Cross-site Scripting (XSS) – Stored in GitHub repository spinacms/spina prior to 2.15.1.2023-06-28not yet calculatedCVE-2023-3445
MISC
MISC
dataease — dataease
 
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-26not yet calculatedCVE-2023-34463
MISC
itsourcecode — online_hotel_management_system_project
 
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.2023-06-29not yet calculatedCVE-2023-34486
MISC
itsourcecode — online_hotel_management_system_project
 
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.2023-06-29not yet calculatedCVE-2023-34487
MISC
ibos — oa
 
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export&interviews=x of the component Interview Management Export. The manipulation of the argument interviews leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-232546 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-28not yet calculatedCVE-2023-3449
MISC
MISC
MISC
ruijie — rg-bcr860
 
A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232547. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-28not yet calculatedCVE-2023-3450
MISC
MISC
MISC
sourcecodester — shopping_website
 
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability.2023-06-29not yet calculatedCVE-2023-3457
MISC
MISC
MISC
sourcecodester — shopping_website
 
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232675.2023-06-29not yet calculatedCVE-2023-3458
MISC
MISC
MISC
gibbon — gibbon
 
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it’s possible to include the content of several files present in the installation folder in the server’s response.2023-06-29not yet calculatedCVE-2023-34598
MISC
gibbon — gibbon
 
Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.2023-06-29not yet calculatedCVE-2023-34599
MISC
simplephpscripts — classified_ads_script
 
A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been classified as problematic. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation of the argument p leads to cross site scripting. It is possible to launch the attack remotely. It is recommended to upgrade the affected component. VDB-232710 is the identifier assigned to this vulnerability.2023-06-29not yet calculatedCVE-2023-3464
MISC
MISC
MISC
phpgurukl — hostel_management_system
 
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).2023-06-28not yet calculatedCVE-2023-34647
MISC
phpgurukl — user_registration_login_and_management_system
 
A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php.2023-06-29not yet calculatedCVE-2023-34648
MISC
simplephpscripts — classified_ads_script
 
A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232711.2023-06-29not yet calculatedCVE-2023-3465
MISC
MISC
MISC
phpgurukl — small_crm
 
PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).2023-06-28not yet calculatedCVE-2023-34650
MISC
MISC
phpgurukl — hospital_management_system
 
PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).2023-06-28not yet calculatedCVE-2023-34651
MISC
MISC
phpgurukl — hostel_management_system
 
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.2023-06-28not yet calculatedCVE-2023-34652
MISC
MISC
xiamen_si_xin_communication_technology — video_management_system
 
An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges.2023-06-29not yet calculatedCVE-2023-34656
MISC
telegram — telegram
 
Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController.2023-06-29not yet calculatedCVE-2023-34658
MISC
thorsten — thorsten
 
Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.2023-06-30not yet calculatedCVE-2023-3469
MISC
MISC
campcodes — retro_cellphone_online_store
 
A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232752.2023-06-30not yet calculatedCVE-2023-3473
MISC
MISC
MISC
annet — ac_centralized_management_platform
 
Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS) .2023-06-29not yet calculatedCVE-2023-34734
MISC
property_cloud_platform_management_center — property_cloud_platform_management_center
 
Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection.2023-06-29not yet calculatedCVE-2023-34735
MISC
guantang_equipment_management_system — guantang_equipment_management_system
 
Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.2023-06-28not yet calculatedCVE-2023-34736
MISC
chemex — chemex
 
Chemex through 3.7.1 is vulnerable to arbitrary file upload.2023-06-29not yet calculatedCVE-2023-34738
MISC
simplephpscripts — simple_blog
 
A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability.2023-06-30not yet calculatedCVE-2023-3474
MISC
MISC
simplephpscripts — event_script
 
A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability.2023-06-30not yet calculatedCVE-2023-3475
MISC
MISC
simplephpscripts — guestbook_script
 
A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755.2023-06-30not yet calculatedCVE-2023-3476
MISC
MISC
7-eleven — led_message_cup,_hello_cup_for_android
 
An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application’s client-side chat censor filter.2023-06-28not yet calculatedCVE-2023-34761
MISC
MISC
rocketsoft — rocket_lms
 
A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.2023-06-30not yet calculatedCVE-2023-3477
MISC
MISC
ibos — oa
 
A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-30not yet calculatedCVE-2023-3478
MISC
MISC
MISC
hestiacp — hestiacp
 
Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.2023-06-30not yet calculatedCVE-2023-3479
MISC
MISC
i-doit — i-doit
 
i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page.2023-06-27not yet calculatedCVE-2023-34830
MISC
MISC
turnitin — lti_tool
 
The “Submission Web Form” of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form (“id” and “title” HTTP POST parameters) where the students submit their reports for similarity/plagiarism checks.2023-06-29not yet calculatedCVE-2023-34831
MISC
MISC
mcl_technologies — mcl-net
 
A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the “/file” endpoint.2023-06-29not yet calculatedCVE-2023-34834
MISC
MISC
microworld_technologies — escan_management_console
 
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.2023-06-27not yet calculatedCVE-2023-34835
MISC
microworld_technologies — escan_management_console
 
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.2023-06-27not yet calculatedCVE-2023-34836
MISC
microworld_technologies — escan_management_console
 
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.2023-06-27not yet calculatedCVE-2023-34837
MISC
microworld_technologies — escan_management_console
 
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.2023-06-27not yet calculatedCVE-2023-34838
MISC
issabel-pbx — issabel-pbx
 
A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.2023-06-27not yet calculatedCVE-2023-34839
MISC
angular-ui-notification — angular-ui-notification
 
angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability.2023-06-30not yet calculatedCVE-2023-34840
MISC
MISC
MISC
traggo_server — traggo_server
 
Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.2023-06-29not yet calculatedCVE-2023-34843
MISC
play_with_docker — play_with_docker
 
Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape.2023-06-29not yet calculatedCVE-2023-34844
MISC
ikuai — router_os
 
An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1.2023-06-29not yet calculatedCVE-2023-34849
MISC
temporal_technologies_inc. — temporal_server
 
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace.2023-06-30not yet calculatedCVE-2023-3485
MISC
fossbilling — fossbilling
 
SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.2023-06-30not yet calculatedCVE-2023-3490
MISC
MISC
fossbilling — fossbilling
 
Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.2023-06-30not yet calculatedCVE-2023-3491
MISC
MISC
h3c — magic_b1stv100r012
 
H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2023-06-26not yet calculatedCVE-2023-34924
MISC
h3c — magic_b1stv100r012
 
A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2023-06-28not yet calculatedCVE-2023-34928
MISC
h3c — magic_b1stv100r012
 
A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2023-06-28not yet calculatedCVE-2023-34929
MISC
fossbilling — fossbilling
 
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.2023-06-30not yet calculatedCVE-2023-3493
MISC
MISC
h3c — magic_b1stv100r012
 
A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2023-06-28not yet calculatedCVE-2023-34930
MISC
h3c — magic_b1stv100r012
 
A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2023-06-28not yet calculatedCVE-2023-34931
MISC
h3c — magic_b1stv100r012
 
A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2023-06-28not yet calculatedCVE-2023-34932
MISC
h3c — magic_b1stv100r012
 
A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2023-06-28not yet calculatedCVE-2023-34933
MISC
h3c — magic_b1stv100r012
 
A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2023-06-28not yet calculatedCVE-2023-34934
MISC
h3c — magic_b1stv100r012
 
A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2023-06-28not yet calculatedCVE-2023-34935
MISC
h3c — magic_b1stv100r012
 
A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2023-06-28not yet calculatedCVE-2023-34936
MISC
h3c — magic_b1stv100r012
 
A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.2023-06-28not yet calculatedCVE-2023-34937
MISC
dataease — dataease
 
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-26not yet calculatedCVE-2023-35164
MISC
dataease — dataease
 
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords, username, email, and phone number. The vulnerability has been fixed in v1.18.8. Users are advised to upgrade. There are no known workarounds for the vulnerability.2023-06-26not yet calculatedCVE-2023-35168
MISC
hp_inc. — hp_laserjet_pro
 
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.2023-06-30not yet calculatedCVE-2023-35175
MISC
hp_inc. — hp_laserjet_pro
 
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.2023-06-30not yet calculatedCVE-2023-35176
MISC
hp_inc. — hp_laserjet_pro
 
Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser.2023-06-30not yet calculatedCVE-2023-35177
MISC
hp_inc. — hp_laserjet_pro
 
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs.2023-06-30not yet calculatedCVE-2023-35178
MISC
oracle — apache_airflow
 
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected2023-06-27not yet calculatedCVE-2023-35798
MISC
MISC
stormshield — endpoint_security_evolution
 
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges.2023-06-27not yet calculatedCVE-2023-35799
CONFIRM
MISC
stormshield — endpoint_security_evolution
 
Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators.2023-06-27not yet calculatedCVE-2023-35800
CONFIRM
MISC
stw_mobile_machines — tensor-technik_wiedmann_tcg-4_connectivity_module_deploymentpackage
 
STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS.2023-06-29not yet calculatedCVE-2023-35830
MISC
MISC
spicedb — spicedb
 
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a `LookupResources` request with 1.22.0 is affected. For example, using `LookupResources` to find a list of resources to allow access to be okay: some subjects that should have access to a resource may not. But if using `LookupResources` to find a list of banned resources instead, then some users that shouldn’t have access may. Generally, `LookupResources` is not and should not be to gate access in this way – that’s what the `Check` API is for. Additionally, version 1.22.0 has included a warning about this bug since its initial release. Users are advised to upgrade to version 1.22.2. Users unable to upgrade should avoid using `LookupResources` for negative authorization decisions.2023-06-26not yet calculatedCVE-2023-35930
MISC
MISC
openfga — openfga
 
OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this vulnerability if they are using OpenFGA v1.1.0 or earlier, and if you are executing `Check` or `ListObjects` calls against a vulnerable authorization model. Users are advised to upgrade to version 1.1.1. There are no known workarounds for this vulnerability. Users that do not have circular relationships in their models are not affected.2023-06-26not yet calculatedCVE-2023-35933
MISC
MISC
MISC
MISC
tuleap — tuleap
 
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue.2023-06-29not yet calculatedCVE-2023-35938
MISC
MISC
MISC
MISC
gradle — gradle
 
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency’s coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build’s configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.2023-06-30not yet calculatedCVE-2023-35946
MISC
MISC
MISC
MISC
gradle — gradle
 
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### Impact This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. * When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. * For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build. ### Patches A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. It is recommended that users upgrade to a patched version. ### Workarounds There is no workaround. * If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability. * If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured. ### References * [CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)](https://cwe.mitre.org/data/definitions/22.html) * [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html) * [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)2023-06-30not yet calculatedCVE-2023-35947
MISC
MISC
MISC
proofpoint — insider_threat_management_agent
 
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.2023-06-27not yet calculatedCVE-2023-35998
MISC
proofpoint — insider_threat_management_agent
 
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.2023-06-27not yet calculatedCVE-2023-36000
MISC
proofpoint — insider_threat_management_agent
 
A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected.2023-06-27not yet calculatedCVE-2023-36002
MISC
maxprint — maxlink_1200g
 
Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the “Diagnostic tool” functionality of the device.2023-06-30not yet calculatedCVE-2023-36143
MISC
MISC
intelbras — switch_sg_2404_mr
 
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.2023-06-30not yet calculatedCVE-2023-36144
MISC
MISC
multilaser — re_170
 
A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.2023-06-30not yet calculatedCVE-2023-36146
MISC
MISC
ateme — flamingo_xl
 
An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to execute arbitrary code and cause a denial of service via a the session expiration function.2023-06-26not yet calculatedCVE-2023-36252
MISC
talend — data_catalog
 
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.2023-06-26not yet calculatedCVE-2023-36301
MISC
codekop — codekop
 
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.2023-06-30not yet calculatedCVE-2023-36347
MISC
MISC
meldekarten_generator — meldekarten_generator
 
Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn’t (fully) sanitized after submission. This issue has been addressed in commit `77e04f4af` which is included in the `1.0.0b1.1.2` release. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-27not yet calculatedCVE-2023-36463
MISC
MISC
pypdf — pypdf
 
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b”\r”, b”\n”)` in `pypdf/generic/_data_structures.py` to `while peek not in (b”\r”, b”\n”, b””)`.2023-06-27not yet calculatedCVE-2023-36464
MISC
MISC
MISC
aws_data.all — aws_data.all
 
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around.2023-06-28not yet calculatedCVE-2023-36467
MISC
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it’s still possible to exploit the vulnerability that was fixed in the new version. The severity of this depends on the fixed vulnerability, for the purpose of this advisory take CVE-2022-36100/GHSA-2g5c-228j-p52x as example – it is easily exploitable with just view rights and critical. When XWiki is upgraded from a version before the fix for it (e.g., 14.3) to a version including the fix (e.g., 14.4), the vulnerability can still be reproduced by adding `rev=1.1` to the URL used in the reproduction steps so remote code execution is possible even after upgrading. Therefore, this affects the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability also affects manually added script macros that contained security vulnerabilities that were later fixed by changing the script macro without deleting the versions with the security vulnerability from the history. This vulnerability doesn’t affect freshly installed versions of XWiki. Further, this vulnerability doesn’t affect content that is only loaded from the current version of a document like the code of wiki macros or UI extensions. This vulnerability has been patched in XWiki 14.10.7 and 15.2RC1 by forcing old revisions to be executed in a restricted mode that disables all script macros. As a workaround, admins can manually delete old revisions of affected documents. A script could be used to identify all installed documents and delete the history for them. However, also manually added and later corrected code may be affected by this vulnerability so it is easy to miss documents.2023-06-29not yet calculatedCVE-2023-36468
MISC
MISC
MISC
MISC
xwiki — xwiki
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.6 and 15.2RC1. Users are advised to update. As a workaround the main security fix can be manually applied by patching the affected document `XWiki.Notifications.Code.NotificationRSSService`. This will break the link to the differences, though as this requires additional changes to Velocity templates as shown in the patch. While the default template is available in the instance and can be easily patched, the template for mentions is contained in a `.jar`-file and thus cannot be fixed without replacing that jar.2023-06-29not yet calculatedCVE-2023-36469
MISC
MISC
MISC
MISC
MISC
xwiki — xwiki
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and thus allows remote code execution. There are different attack vectors, the simplest is the Velocity code in the icon set’s HTML or XWiki syntax definition. The [icon picker](https://extensions.xwiki.org/xwiki/bin/view/Extension/Icon%20Theme%20Application#HIconPicker) can be used to trigger the rendering of any icon set. The XWiki syntax variant of the icon set is also used without any escaping in some documents, allowing to inject XWiki syntax including script macros into a document that might have programming right, for this the currently used icon theme needs to be edited. Further, the HTML output of the icon set is output as JSON in the icon picker and this JSON is interpreted as XWiki syntax, allowing again the injection of script macros into a document with programming right and thus allowing remote code execution. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This issue has been patched in XWiki 14.10.6 and 15.1. Icon themes now require script right and the code in the icon theme is executed within the context of the icon theme, preventing any rights escalation. A macro for displaying icons has been introduced to avoid injecting the raw wiki syntax of an icon set into another document. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-29not yet calculatedCVE-2023-36470
MISC
MISC
MISC
MISC
MISC
xwiki — xwiki
 
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishing attacks or also in the context of a sheet, the attacker could add an input like `{{html}}<input type=”hidden” name=”content” value=”{{groovy}}println(&quot;Hello from Groovy!&quot;)” />{{/html}}` that would allow remote code execution when it is submitted by an admin (the sheet is rendered as part of the edit form). The attacker would need to ensure that the edit form looks plausible, though, which can be non-trivial as without script right the attacker cannot display the regular content of the document. This has been patched in XWiki 14.10.6 and 15.2RC1 by removing the central form-related tags from the list of allowed tags. Users are advised to upgrade. As a workaround an admin can manually disallow the tags by adding `form, input, select, textarea, button` to the configuration option `xml.htmlElementSanitizer.forbidTags` in the `xwiki.properties` configuration file.2023-06-29not yet calculatedCVE-2023-36471
MISC
MISC
MISC
interactsh — interactsh
 
Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing to `projectdiscovery.github.io` as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user’s browser when browsing the vulnerable subdomain. Version 1.0.0 fixes this issue by making CNAME optional, rather than default.2023-06-28not yet calculatedCVE-2023-36474
MISC
MISC
MISC
MISC
parse_server — parse_server
 
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.2023-06-28not yet calculatedCVE-2023-36475
MISC
MISC
MISC
MISC
MISC
MISC
MISC
nixos — nixos
 
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves.2023-06-29not yet calculatedCVE-2023-36476
MISC
MISC
MISC
xwiki — xwiki
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor’ space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details.2023-06-30not yet calculatedCVE-2023-36477
MISC
MISC
MISC
MISC
ilias — ilias
 
ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS).2023-06-29not yet calculatedCVE-2023-36484
MISC
MISC
ilias — ilias
 
The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.2023-06-29not yet calculatedCVE-2023-36487
MISC
MISC
ilias — ilias
 
ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS).2023-06-29not yet calculatedCVE-2023-36488
MISC
MISC
zoom — zoom
 
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.2023-06-30not yet calculatedCVE-2023-36539
MISC
ovarro — tbox_rm2
 
The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.2023-06-29not yet calculatedCVE-2023-36607
MISC
ruby — ruby
 
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.2023-06-29not yet calculatedCVE-2023-36617
MISC
cloudplanel — cloudplanel
 
In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.2023-06-25not yet calculatedCVE-2023-36630
MISC
MISC
nettle — libnettle
 
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.2023-06-25not yet calculatedCVE-2023-36660
MISC
MISC
MISC
jira — atlassian
 
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)2023-06-25not yet calculatedCVE-2023-36661
MISC
DEBIAN
jira — atlassian
 
The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24.2023-06-26not yet calculatedCVE-2023-36662
MISC
it-novum — open_it_cockpit
 
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.2023-06-25not yet calculatedCVE-2023-36663
MISC
MISC
artifex_software — ghostscript
 
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).2023-06-25not yet calculatedCVE-2023-36664
MISC
MISC
MISC
inex — Ixp-manager
 
INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected.2023-06-25not yet calculatedCVE-2023-36666
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.2023-06-26not yet calculatedCVE-2023-36675
MISC
pypdf — pypdf
 
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details.2023-06-30not yet calculatedCVE-2023-36807
MISC
MISC
MISC
pypdf — pypdf
 
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-06-30not yet calculatedCVE-2023-36810
MISC
MISC
MISC
opentsdb– opentsdb
 
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.2023-06-30not yet calculatedCVE-2023-36812
MISC
MISC
MISC
veritas — netbackup_appliance
 
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.2023-06-29not yet calculatedCVE-2023-37237
MISC
mediawiki — mediawiki
 
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.2023-06-29not yet calculatedCVE-2023-37251
MISC
mediawiki — mediawiki
 
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.2023-06-29not yet calculatedCVE-2023-37254
MISC
mediawiki — mediawiki
 
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the “get edits” type is vulnerable to HTML injection through the User-Agent HTTP request header.2023-06-29not yet calculatedCVE-2023-37255
MISC
mediawiki — mediawiki
 
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.2023-06-29not yet calculatedCVE-2023-37256
MISC
joplin — joplin
 
Joplin before 2.11.5 allows XSS via a USE element in an SVG document.2023-06-30not yet calculatedCVE-2023-37298
MISC
MISC
MISC
joplin — joplin
 
Joplin before 2.11.5 allows XSS via an AREA element of an image map.2023-06-30not yet calculatedCVE-2023-37299
MISC
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.2023-06-30not yet calculatedCVE-2023-37300
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn’t use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.2023-06-30not yet calculatedCVE-2023-37301
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).2023-06-30not yet calculatedCVE-2023-37302
MISC
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.2023-06-30not yet calculatedCVE-2023-37303
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.2023-06-30not yet calculatedCVE-2023-37304
MISC
MISC
mediawiki — mediawiki
 
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.2023-06-30not yet calculatedCVE-2023-37305
MISC
MISC
misp — misp
 
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.2023-06-30not yet calculatedCVE-2023-37306
MISC
MISC
misp — misp
 
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.2023-06-30not yet calculatedCVE-2023-37307
MISC
MISC
pacparser — pacparser
 
pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).2023-06-30not yet calculatedCVE-2023-37360
MISC
hnswlib — hnswlib
 
Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.2023-06-30not yet calculatedCVE-2023-37365
MISC

Back to top


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.