US-CERT Vulnerability Summary for the Week of May 22, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
PrimaryVendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cbot — chatbot | Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 2023-05-25 | 9.9 | CVE-2023-2882MISC |
cbot — chatbot | Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 2023-05-25 | 9.9 | CVE-2023-2885MISC |
linux — linux_kernel | An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12. | 2023-05-21 | 9.8 | CVE-2020-36694MISCMISCMISCMISC |
huawei — emui | Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read. | 2023-05-26 | 9.8 | CVE-2021-46887MISC |
thingsforrestaurants — quick_restaurant_reservations | Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.5.4 versions. | 2023-05-22 | 9.8 | CVE-2022-44739MISC |
schneider-electric — powerlogic_ion9000_firmware | A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. |
2023-05-22 | 9.8 | CVE-2022-46680MISC |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. | 2023-05-19 | 9.8 | CVE-2022-47984MISCMISC |
huawei — harmonyos | The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | 2023-05-26 | 9.8 | CVE-2022-48478MISC |
huawei — harmonyos | The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | 2023-05-26 | 9.8 | CVE-2022-48479MISC |
adam_retail_automation_systems — mobilmen_terminal_software | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects Mobilmen Terminal Software: before 3. | 2023-05-23 | 9.8 | CVE-2023-1508MISC |
ipekyolu_software — auto_damage_tracking_software | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection.This issue affects Auto Damage Tracking Software: before 4. | 2023-05-24 | 9.8 | CVE-2023-2045MISC |
minova_technology — etrace | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Minova Technology eTrace allows SQL Injection.This issue affects eTrace: before 23.05.20. | 2023-05-24 | 9.8 | CVE-2023-2064MISC |
wclovers — wcfm_membership | The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. | 2023-05-20 | 9.8 | CVE-2023-2276MISCMISCMISC |
vibethemes — bp_social_connect | The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | 2023-05-19 | 9.8 | CVE-2023-2704MISCMISCMISCMISC |
rental_module_project — rental_module | Unrestricted Upload of File with Dangerous Type vulnerability in “Rental Module” developed by third-party for Ideasoft’s E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15. | 2023-05-20 | 9.8 | CVE-2023-2712MISC |
rental_module_project — rental_module | Authorization Bypass Through User-Controlled Key vulnerability in “Rental Module” developed by third-party for Ideasoft’s E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15. | 2023-05-20 | 9.8 | CVE-2023-2713MISC |
cityboss — e-municipality | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05. | 2023-05-24 | 9.8 | CVE-2023-2750MISC |
sourcecodester — online_jewelry_store | A vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Affected by this vulnerability is an unknown functionality of the file supplier.php of the component POST Parameter Handler. The manipulation of the argument suppid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229429 was assigned to this vulnerability. | 2023-05-19 | 9.8 | CVE-2023-2815MISCMISCMISC |
sourcecodester — class_scheduling_system | A vulnerability was found in SourceCodester Class Scheduling System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_subject.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229597 was assigned to this vulnerability. | 2023-05-20 | 9.8 | CVE-2023-2823MISCMISCMISC |
snapone — orvc |
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution. |
2023-05-22 | 9.8 | CVE-2023-28386MISCMISC |
gpac — gpac | NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. | 2023-05-22 | 9.8 | CVE-2023-2840CONFIRMMISCDEBIAN |
sourcecodester — theme_park_ticketing_system | A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file print_ticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229821 was assigned to this vulnerability. | 2023-05-24 | 9.8 | CVE-2023-2865MISCMISCMISC |
apache — inlong | Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. |
2023-05-22 | 9.8 | CVE-2023-31062MISC |
wcms — wcms | In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution. | 2023-05-22 | 9.8 | CVE-2023-31689MISC |
sem-cms — semcms | SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. | 2023-05-19 | 9.8 | CVE-2023-31707MISC |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. | 2023-05-22 | 9.8 | CVE-2023-32336MISCMISC |
linux — linux_kernel | The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c. | 2023-05-21 | 9.8 | CVE-2023-33250MISCMISC |
old_age_home_management_system_project — old_age_home_management_system | Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. | 2023-05-23 | 9.8 | CVE-2023-33338MISC |
gpac — gpac | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | 2023-05-22 | 9.1 | CVE-2023-2838MISCCONFIRMDEBIAN |
cbot — chatbot | Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 2023-05-25 | 9.1 | CVE-2023-2887MISC |
apache — inlong | Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.
An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it. |
2023-05-22 | 9.1 | CVE-2023-31065MISC |
apache — inlong | Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others’ sources! Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it. | 2023-05-22 | 9.1 | CVE-2023-31066MISC |
netbox_project — netbox | ** DISPUTED ** A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter’s only query was for the schema of the API, which is public; queries for database objects would have been denied. | 2023-05-24 | 9.1 | CVE-2023-33796MISCMISC |
asgaros — asgaros_forum | Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions. | 2023-05-22 | 8.8 | CVE-2022-41608MISC |
webmat — flexible_elementor_panel | Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Elementor Panel plugin <= 2.3.8 versions. | 2023-05-22 | 8.8 | CVE-2022-45076MISC |
loginizer — loginizer | Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | 2023-05-22 | 8.8 | CVE-2022-45079MISC |
xootix — side_cart_woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Woocommerce (Ajax) < 2.1 versions. | 2023-05-22 | 8.8 | CVE-2022-45376MISC |
brainstormforce — starter_templates | Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions. | 2023-05-23 | 8.8 | CVE-2022-46851MISC |
radiustheme — post_grid | Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions. | 2023-05-23 | 8.8 | CVE-2022-46853MISC |
gallery_metabox_project — gallery_metabox | Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions. | 2023-05-20 | 8.8 | CVE-2022-47134MISC |
mediamatic — media_library_folders | Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions. | 2023-05-22 | 8.8 | CVE-2022-47142MISC |
crayon_syntax_highlighter_project — crayon_syntax_highlighter | Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin <= 2.8.4 versions. | 2023-05-22 | 8.8 | CVE-2022-47167MISC |
stylist_project — stylist | Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions. | 2023-05-22 | 8.8 | CVE-2022-47183MISC |
nicearma — dnui-delete-not-used-image | Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions. | 2023-05-22 | 8.8 | CVE-2022-47609MISC |
hover_image_project — hover_image | Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions. | 2023-05-22 | 8.8 | CVE-2022-47611MISC |
armoli_technology — cargo_tracking_system | Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass.This issue affects Cargo Tracking System: before 3558f28 . | 2023-05-24 | 8.8 | CVE-2023-2065MISC |
wp_tabs_slides_project — wp_tabs_slides | Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions. | 2023-05-22 | 8.8 | CVE-2023-22688MISC |
autoaffiliatelinks — auto_affiliate_links | Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. | 2023-05-20 | 8.8 | CVE-2023-22689MISC |
name_directory_project — name_directory | Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions. | 2023-05-22 | 8.8 | CVE-2023-22692MISC |
srs_simple_hits_counter_project — srs_simple_hits_counter | Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <= 1.1.0 versions. | 2023-05-22 | 8.8 | CVE-2023-22709MISC |
supsystic — coming_soon | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions. | 2023-05-22 | 8.8 | CVE-2023-22714MISC |
wp_topbar_project — wp_topbar | Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin <= 5.36 versions. | 2023-05-22 | 8.8 | CVE-2023-23680MISC |
hmplugin — wordpress_books_gallery | Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions. | 2023-05-23 | 8.8 | CVE-2023-23705MISC |
miniorange — wordpress_social_login_and_register_\(discord\,_google\,_twitter\,_linkedin\) | Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions. | 2023-05-23 | 8.8 | CVE-2023-23706MISC |
user-meta — user_meta_manager | Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions. | 2023-05-22 | 8.8 | CVE-2023-23712MISC |
theme_tweaker_project — theme_tweaker | Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Theme Tweaker plugin <= 5.20 versions. | 2023-05-23 | 8.8 | CVE-2023-23713MISC |
winwar — wp_email_capture | Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions. | 2023-05-23 | 8.8 | CVE-2023-23724MISC |
secondlinethemes — auto_youtube_importer | Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions. | 2023-05-22 | 8.8 | CVE-2023-23797MISC |
my_calendar_project — my_calendar | Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions. | 2023-05-22 | 8.8 | CVE-2023-23813MISC |
ljapps — wp_airbnb_review_slider | Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions. | 2023-05-20 | 8.8 | CVE-2023-23890MISC |
robosoft — robogallery | Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions. | 2023-05-20 | 8.8 | CVE-2023-24414MISC |
slickremix — feed_them_social | Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin <= 3.0.2 versions. | 2023-05-23 | 8.8 | CVE-2023-25056MISC |
inkthemes — colorway | Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions. | 2023-05-22 | 8.8 | CVE-2023-25447MISC |
archivist_project — archivist | Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions. | 2023-05-22 | 8.8 | CVE-2023-25448MISC |
podlove — podlove_podcast_publisher | Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions. | 2023-05-23 | 8.8 | CVE-2023-25472MISC |
podlove — podlove_subscribe_button | Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions. | 2023-05-23 | 8.8 | CVE-2023-25481MISC |
vikwp — vikbooking_hotel_booking_engine_\&_pms | Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.12 versions. | 2023-05-23 | 8.8 | CVE-2023-25707MISC |
finex_media — competition_management_system | Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass.This issue affects Competition Management System: before 23.07. | 2023-05-23 | 8.8 | CVE-2023-2702MISC |
weaver — e-cology | A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-19 | 8.8 | CVE-2023-2806MISCMISCMISC |
cbot — chatbot | Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 2023-05-25 | 8.8 | CVE-2023-2883MISC |
pingonline — dyslexiefont_free | Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions. | 2023-05-20 | 8.8 | CVE-2023-32589MISC |
mitsubishielectric — melsec_ws0-geth00200_firmware | Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module’s configuration or rewrite the firmware. | 2023-05-19 | 8.6 | CVE-2023-1618MISCMISCMISC |
teltonika — remote_management_system | Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices. | 2023-05-22 | 8.3 | CVE-2023-2587MISC |
obsidian — obsidian | Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page. | 2023-05-20 | 8.2 | CVE-2023-33244MISCMISC |
cloudfoundry — cf-deployment | Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they’re aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection. | 2023-05-19 | 8.1 | CVE-2023-20881MISC |
groundhogg — groundhogg | The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the ‘ajax_edit_contact’ function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-05-20 | 8 | CVE-2023-2736MISCMISCMISCMISC |
wireshark — wireshark | BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 7.8 | CVE-2023-2854MISCCONFIRMMISC |
wireshark — wireshark | Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 7.8 | CVE-2023-2855CONFIRMMISCMISC |
wireshark — wireshark | BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 7.8 | CVE-2023-2857MISCMISCCONFIRM |
wireshark — wireshark | NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 7.8 | CVE-2023-2858MISCMISCCONFIRM |
allwaysync — allwaysync | Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. | 2023-05-22 | 7.8 | CVE-2023-29838MISCMISC |
luatex_project — luatex | LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. | 2023-05-20 | 7.8 | CVE-2023-32700MISCMISCMISCMISC |
foxit — pdf_editor | Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2. | 2023-05-19 | 7.8 | CVE-2023-33240MISC |
finex_media — competition_management_system | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07. | 2023-05-23 | 7.6 | CVE-2023-2703MISC |
cbot — chatbot | Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 2023-05-25 | 7.6 | CVE-2023-2886MISC |
huawei — emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46881MISC |
huawei — emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46882MISC |
huawei — emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46883MISC |
huawei — emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46884MISC |
huawei — emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46885MISC |
huawei — emui | The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2021-46886MISC |
fastweb — fastgate_vdsl2_dga4131fwb_firmware | A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS. | 2023-05-19 | 7.5 | CVE-2022-30114MISCMISCMISC |
huawei — emui | Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-05-26 | 7.5 | CVE-2022-48480MISC |
huawei — emui | The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. | 2023-05-26 | 7.5 | CVE-2023-0116MISC |
huawei — harmonyos | The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. | 2023-05-20 | 7.5 | CVE-2023-1692MISCMISC |
huawei — emui | The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | 2023-05-20 | 7.5 | CVE-2023-1693MISCMISC |
huawei — emui | The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | 2023-05-20 | 7.5 | CVE-2023-1694MISCMISC |
huawei — harmonyos | The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability. | 2023-05-20 | 7.5 | CVE-2023-1696MISCMISC |
sitecore — experience_platform | Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx | 2023-05-22 | 7.5 | CVE-2023-27067MISCMISC |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. | 2023-05-26 | 7.5 | CVE-2023-2825MISCMISCCONFIRM |
gpac — gpac | Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2. | 2023-05-22 | 7.5 | CVE-2023-2839CONFIRMMISCDEBIAN |
apache — tomcat | The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. | 2023-05-22 | 7.5 | CVE-2023-28709MISCMISCMISC |
wireshark — wireshark | GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file | 2023-05-26 | 7.5 | CVE-2023-2879MISCCONFIRMMISC |
webbax — customexporter | Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php. | 2023-05-19 | 7.5 | CVE-2023-30199MISCMISC |
apache — inlong | Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the ‘autoDeserialize’ option filtering by adding blanks. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 to solve it. |
2023-05-22 | 7.5 | CVE-2023-31058MISC |
apache — inlong | Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn’t belongs to it. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it. | 2023-05-22 | 7.5 | CVE-2023-31064MISC |
apache — inlong | Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it. |
2023-05-22 | 7.5 | CVE-2023-31103MISC |
apache — inlong | Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others’ subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949 |
2023-05-22 | 7.5 | CVE-2023-31453MISC |
apache — inlong | Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.
The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947 |
2023-05-22 | 7.5 | CVE-2023-31454MISC |
icecms_project — icecms | IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information. | 2023-05-25 | 7.5 | CVE-2023-33355MISC |
bumsys_project — bumsys | SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0. | 2023-05-22 | 7.2 | CVE-2023-2832MISCMISC |
craftcms — craft_cms | Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string(”) in the View.php’s doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-05-19 | 7.2 | CVE-2023-32679MISC |
sourcecodester — faculty_evaluation_system | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. | 2023-05-26 | 7.2 | CVE-2023-33439MISC |
sourcecodester — faculty_evaluation_system | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. | 2023-05-26 | 7.2 | CVE-2023-33440MISC |
dell — cloudiq_collector | Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data. | 2023-05-19 | 7.1 | CVE-2023-28045MISC |
Medium Vulnerabilities
PrimaryVendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
tp-link — archer_vr1600v_firmware | A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the ‘X_TP_IfName’ parameter. | 2023-05-19 | 6.7 | CVE-2023-31756MISC |
sitecore — experience_platform | Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. | 2023-05-22 | 6.5 | CVE-2023-27066MISCMISC |
apache — inlong | Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users’ data. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. | 2023-05-22 | 6.5 | CVE-2023-31101MISC |
quest — kace_systems_deployment_appliance | There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials. | 2023-05-21 | 6.5 | CVE-2023-33254MISC |
nissan — sylphy_classic_2021_firmware | The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. | 2023-05-22 | 6.5 | CVE-2023-33281MISCMISCMISC |
cbot — chatbot | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 2023-05-25 | 6.4 | CVE-2023-2884MISC |
3ds — 3dexperience | A reflected Cross-site Scripting (XSS) vulnerability in 3DEXPERIENCE R2018x through R2023x allows an attacker to execute arbitrary script code. | 2023-05-19 | 6.1 | CVE-2023-1996MISC |
sourcecodester — class_scheduling_system | A vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Affected is an unknown function of the file /admin/save_teacher.php of the component POST Parameter Handler. The manipulation of the argument Academic_Rank leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229428. | 2023-05-19 | 6.1 | CVE-2023-2814MISCMISCMISC |
ellucian — ethos_identity | A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596. | 2023-05-20 | 6.1 | CVE-2023-2822MISCMISCMISCMISC |
sourcecodester — dental_clinic_appointment_reservation_system | A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/service.php of the component POST Parameter Handler. The manipulation of the argument service leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229598 is the identifier assigned to this vulnerability. | 2023-05-20 | 6.1 | CVE-2023-2824MISCMISCMISC |
mybb — mybb | In MyBB before 1.8.34, there is XSS in the User CP module via the user email field. | 2023-05-22 | 6.1 | CVE-2023-28467MISCMISC |
sourcecodester — online_jewelry_store | A vulnerability was found in SourceCodester Online Jewelry Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file customer.php of the component POST Parameter Handler. The manipulation of the argument Custid leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229820. | 2023-05-24 | 6.1 | CVE-2023-2864MISCMISCMISC |
silicon_project — silicon | GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field. | 2023-05-22 | 6.1 | CVE-2023-31584MISCMISC |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. | 2023-05-19 | 5.5 | CVE-2023-22878MISCMISC |
telegram — telegram | Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. | 2023-05-19 | 5.5 | CVE-2023-26818MISCMISC |
gpac — gpac | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. | 2023-05-22 | 5.5 | CVE-2023-2837MISCCONFIRMDEBIAN |
ibm — mq | IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398. | 2023-05-19 | 5.5 | CVE-2023-28514MISCMISC |
wireshark — wireshark | VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 2023-05-26 | 5.5 | CVE-2023-2856CONFIRMMISCMISC |
ibm — mq | IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. | 2023-05-19 | 5.5 | CVE-2023-28950MISCMISC |
libtiff — libtiff | A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. | 2023-05-19 | 5.5 | CVE-2023-30774MISCMISCMISC |
libtiff — libtiff | A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. | 2023-05-19 | 5.5 | CVE-2023-30775MISCMISCMISC |
hledger — hledger | An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function. | 2023-05-21 | 5.4 | CVE-2021-46888MISCMISCMISCMISC |
groundhogg — groundhogg | The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the ‘ajax_upload_file’ function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact. | 2023-05-20 | 5.4 | CVE-2023-2716MISCMISCMISC |
groundhogg — groundhogg | The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gh_form’ shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms. | 2023-05-20 | 5.4 | CVE-2023-2735MISCMISCMISCMISC |
sourcecodester — class_scheduling_system | A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612. | 2023-05-21 | 5.4 | CVE-2023-2826MISCMISCMISC |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. | 2023-05-19 | 5.4 | CVE-2023-28529MISCMISC |
dedecms — dedecms | DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters ‘edit___cfg_powerby’ and ‘edit___cfg_beian’ | 2023-05-19 | 5.4 | CVE-2023-31757MISC |
jizhicms — jizhicms | jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package. | 2023-05-19 | 5.4 | CVE-2023-31862MISC |
icecms_project — icecms | IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS). | 2023-05-25 | 5.4 | CVE-2023-33356MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33785MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33786MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33787MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33788MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33789MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33790MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33791MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33792MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33793MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33794MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33795MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33797MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33798MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33799MISC |
netbox_project — netbox | A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-05-24 | 5.4 | CVE-2023-33800MISC |
huawei — emui | The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime. | 2023-05-26 | 5.3 | CVE-2023-0117MISC |
vyper_project — vyper | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions. | 2023-05-19 | 5.3 | CVE-2023-32675MISCMISC |
linux — linux_kernel | An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition. | 2023-05-22 | 4.7 | CVE-2023-33288MISCMISCMISCMISCMISC |
groundhogg — groundhogg | The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘check_license’ functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key. | 2023-05-20 | 4.3 | CVE-2023-2714MISCMISCMISCMISC |
groundhogg — groundhogg | The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘submit_ticket’ function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website’s data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license. | 2023-05-20 | 4.3 | CVE-2023-2715MISCMISCMISC |
groundhogg — groundhogg | The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the ‘enable_safe_mode’ function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled. | 2023-05-20 | 4.3 | CVE-2023-2717MISCMISCMISC |
eyoucms — eyoucms | A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. | 2023-05-23 | 4.3 | CVE-2023-31708MISC |
hazelcast — hazelcast | In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don’t mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets. | 2023-05-22 | 4.3 | CVE-2023-33264MISC |
Low Vulnerabilities
PrimaryVendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
zulip — zulip | Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in `AUTHENTICATION_BACKENDS` in `/etc/zulip/settings.py` and 2: The organization permissions don’t require invitations to join. An attacker can create a new account in the organization with an arbitrary email address in their control that’s not in the organization’s LDAP directory. The impact is limited to installations which have this specific combination of authentication backends as described above in addition to having `Invitations are required for joining this organization` organization permission disabled. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may enable the `Invitations are required for joining this organization` organization permission to prevent this issue. | 2023-05-19 | 3.7 | CVE-2023-28623MISCMISC |
zulip — zulip | Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to — even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams. | 2023-05-19 | 3.1 | CVE-2023-32677MISCMISCMISCMISC |
Severity Not Yet Assigned
PrimaryVendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ruby-saml — ruby-saml | xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. | 2023-05-27 | not yet calculated | CVE-2015-20108MISCMISCMISCMISC |
webplus_pro — webplus_pro | WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. | 2023-05-23 | not yet calculated | CVE-2020-20012MISCMISC |
ingress-nginx — ingress-nginx | A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | 2023-05-24 | not yet calculated | CVE-2021-25748MISCMISC |
kubernetes — kubernetes | Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | 2023-05-24 | not yet calculated | CVE-2021-25749MISC |
abb — multiple_products | Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.
An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0. |
2023-05-22 | not yet calculated | CVE-2022-0010MISC |
bitdefender — multiple_products | Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.
This issue affects: Bitdefender Total Security |
2023-05-24 | not yet calculated | CVE-2022-0357MISC |
credence_analytics — ideal_wealth_and_funds | SQL injection in “/Framewrk/Home.jsp” file (POST method) in tCredence Analytics iDEAL Wealth and Funds – 1.0 iallows authenticated remote attackers to inject payload via “v” parameter. | 2023-05-24 | not yet calculated | CVE-2022-30025MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions. | 2023-05-25 | not yet calculated | CVE-2022-38356MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions. | 2023-05-25 | not yet calculated | CVE-2022-38716MISC |
matrix-org — synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade. | 2023-05-26 | not yet calculated | CVE-2022-39335MISCMISCMISC |
matrix-org — synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0 | 2023-05-26 | not yet calculated | CVE-2022-39374MISCMISC |
opentext — archive_center_administration | The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it. | 2023-05-24 | not yet calculated | CVE-2022-41221MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Shipment Tracking for WooCommerce plugin <= 3.5.2 versions. | 2023-05-25 | not yet calculated | CVE-2022-41635MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes BadgeOS plugin <= 3.7.1.6 versions. | 2023-05-25 | not yet calculated | CVE-2022-41987MISC |
jumpserver — jumpserver | Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin’s permission. | 2023-05-24 | not yet calculated | CVE-2022-42225MISCMISCMISCMISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions. | 2023-05-25 | not yet calculated | CVE-2022-43490MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.6.5 versions. | 2023-05-24 | not yet calculated | CVE-2022-45364MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.4 versions. | 2023-05-25 | not yet calculated | CVE-2022-45366MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Custom Order Numbers for WooCommerce plugin <= 1.4.0 versions. | 2023-05-25 | not yet calculated | CVE-2022-45367MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine plugin <= 4.1.1 versions. | 2023-05-25 | not yet calculated | CVE-2022-45371MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR Compliance & Cookie Consent plugin <= 1.2 versions. | 2023-05-25 | not yet calculated | CVE-2022-45815MISC |
dataprobe — iboot-pdu_fw | The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution. | 2023-05-22 | not yet calculated | CVE-2022-46658MISCMISC |
dataprobe — iboot-pdu_fw | The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin. | 2023-05-22 | not yet calculated | CVE-2022-46738MISCMISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin <= 5.4.1 versions. | 2023-05-24 | not yet calculated | CVE-2022-46794MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions. | 2023-05-25 | not yet calculated | CVE-2022-46800MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. | 2023-05-25 | not yet calculated | CVE-2022-46810MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. | 2023-05-25 | not yet calculated | CVE-2022-46812MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions. | 2023-05-23 | not yet calculated | CVE-2022-46813MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lebedel Kodex Posts likes plugin <= 2.4.3 versions. | 2023-05-25 | not yet calculated | CVE-2022-46814MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.4 versions. | 2023-05-24 | not yet calculated | CVE-2022-46816MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table Of Contents plugin <= 1.3.9 versions. | 2023-05-25 | not yet calculated | CVE-2022-46820MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce Products Designer plugin <= 4.3.3 versions. | 2023-05-25 | not yet calculated | CVE-2022-46856MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk Resize Media plugin <= 1.1 versions. | 2023-05-25 | not yet calculated | CVE-2022-46865MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Import External Images plugin <= 1.4 versions. | 2023-05-25 | not yet calculated | CVE-2022-46866MISC |
oracle — apache | A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later. | 2023-05-25 | not yet calculated | CVE-2022-46907MISCMISC |
nagvis — nagvis | Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. | 2023-05-26 | not yet calculated | CVE-2022-46945CONFIRMMISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin <= 7.0.9 versions. | 2023-05-25 | not yet calculated | CVE-2022-47135MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions. | 2023-05-25 | not yet calculated | CVE-2022-47136MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin <= 2.1 versions. | 2023-05-25 | not yet calculated | CVE-2022-47138MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin <= 5.2.15 versions. | 2023-05-25 | not yet calculated | CVE-2022-47139MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions. | 2023-05-25 | not yet calculated | CVE-2022-47144MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 1.4 versions. | 2023-05-25 | not yet calculated | CVE-2022-47149MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFunnels plugin <= 3.1.1 versions. | 2023-05-24 | not yet calculated | CVE-2022-47152MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster Logo Generator plugin <= 1.3 versions. | 2023-05-25 | not yet calculated | CVE-2022-47159MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions. | 2023-05-25 | not yet calculated | CVE-2022-47161MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions. | 2023-05-25 | not yet calculated | CVE-2022-47164MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions. | 2023-05-25 | not yet calculated | CVE-2022-47165MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions. | 2023-05-25 | not yet calculated | CVE-2022-47174MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions. | 2023-05-25 | not yet calculated | CVE-2022-47177MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin <= 8.4.7 versions. | 2023-05-25 | not yet calculated | CVE-2022-47178MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions. | 2023-05-24 | not yet calculated | CVE-2022-47180MISC |
dataprobe — iboot_devices | A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection. | 2023-05-22 | not yet calculated | CVE-2022-47311MISCMISC |
dataprobe — iboot_devices | The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes. | 2023-05-22 | not yet calculated | CVE-2022-47320MISCMISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps – LotsOfLocales plugin <= 3.98.7 versions. | 2023-05-24 | not yet calculated | CVE-2022-47446MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions. | 2023-05-24 | not yet calculated | CVE-2022-47447MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com – MS plugin <= 1.12.03 versions. | 2023-05-24 | not yet calculated | CVE-2022-47448MISC |
hitachi_vantara — pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. | 2023-05-24 | not yet calculated | CVE-2022-4815MISC |
dataprobe — multiple_products | The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user’s cloud. | 2023-05-22 | not yet calculated | CVE-2022-4945MISCMISC |
linux — kernel | Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the “access_ok” check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 | 2023-05-25 | not yet calculated | CVE-2023-0459MISCMISC |
the_document_foundation — libreoffice | Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. | 2023-05-25 | not yet calculated | CVE-2023-0950MISCDEBIAN |
hitachi_vantara — pentaho_business_analytics_server | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. | 2023-05-24 | not yet calculated | CVE-2023-1158MISC |
minikube_for_macos — minikube_for_macos | This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. | 2023-05-24 | not yet calculated | CVE-2023-1174MISC |
servicenow — servicenow | Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts. | 2023-05-23 | not yet calculated | CVE-2023-1209MISCMISC |
mitsubishi_electric_corporation — melsec_iq-f | Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution. | 2023-05-24 | not yet calculated | CVE-2023-1424MISCMISCMISCMISC |
keycloak — keycloak | A flaw was found in Keycloak. This flaw depends on a non-default configuration “Revalidate Client Certificate” to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of “Cannot validate client certificate trust: Truststore not available”. This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use “Revalidate Client Certificate” this flaw is avoidable. | 2023-05-26 | not yet calculated | CVE-2023-1664MISC |
libssh — libssh | A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. | 2023-05-26 | not yet calculated | CVE-2023-1667MISCMISCMISCFEDORAMLIST |
hypr_server — hypr_server | Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) | 2023-05-23 | not yet calculated | CVE-2023-1837MISC |
minikube — minikube | This vulnerability enables ssh access to minikube container using a default password. | 2023-05-24 | not yet calculated | CVE-2023-1944MISC |
avahi– avahi | A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. | 2023-05-26 | not yet calculated | CVE-2023-1981MISCMISCMISC |
linux — kernel | A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. | 2023-05-26 | not yet calculated | CVE-2023-2002MISC |
nsx-t — nsx-t | NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. | 2023-05-26 | not yet calculated | CVE-2023-20868MISC |
cloud_foundry_routing_release — cloud_foundry_routing_release | In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool. | 2023-05-26 | not yet calculated | CVE-2023-20882MISC |
spring_boot — spring_boot | In Spring Boot versions 3.0.0 – 3.0.6, 2.7.0 – 2.7.11, 2.6.0 – 2.6.14, 2.5.0 – 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. | 2023-05-26 | not yet calculated | CVE-2023-20883MISC |
samsung_mobile — galaxy_store | Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | 2023-05-26 | not yet calculated | CVE-2023-21514MISC |
samsung_mobile — galaxy_store | InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | 2023-05-26 | not yet calculated | CVE-2023-21515MISC |
samsung_mobile — galaxy_store | XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | 2023-05-26 | not yet calculated | CVE-2023-21516MISC |
atlassian — confluence_data_center | Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.
The affected versions are before version 7.19.9. This vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team. |
2023-05-25 | not yet calculated | CVE-2023-22504MISC |
the_document_foundation — libreoffice | Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used “floating frames” linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3. | 2023-05-25 | not yet calculated | CVE-2023-2255MISCDEBIAN |
t&d_corporation_and_espec_mic_corp. — t&d_corporation_and_espec_mic_corp._data_logger_products | Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user’s web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | 2023-05-23 | not yet calculated | CVE-2023-22654MISCMISCMISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin <= 1.1 versions. | 2023-05-26 | not yet calculated | CVE-2023-22693MISC |
libssh — libssh | A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. | 2023-05-26 | not yet calculated | CVE-2023-2283MISCMISCMISCFEDORA |
bottles/yaml — bottles/yaml | Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file. | 2023-05-26 | not yet calculated | CVE-2023-22970MISCFEDORAFEDORA |
garmin — connect_iq | The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device’s firmware. | 2023-05-23 | not yet calculated | CVE-2023-23298MISCMISCMISC |
garmin — connect_iq | The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others. | 2023-05-23 | not yet calculated | CVE-2023-23299MISCMISC |
garmin — connect_iq | The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device’s firmware. | 2023-05-23 | not yet calculated | CVE-2023-23300MISCMISC |
garmin — connect_iq | The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory. | 2023-05-23 | not yet calculated | CVE-2023-23301MISC |
garmin — connect_iq | The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device’s firmware. | 2023-05-23 | not yet calculated | CVE-2023-23302MISCMISC |
garmin — connect_iq | The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device’s firmware. | 2023-05-23 | not yet calculated | CVE-2023-23303MISCMISC |
garmin — connect_iq | The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user’s consent and disclose potentially private or sensitive information. | 2023-05-23 | not yet calculated | CVE-2023-23304MISCMISC |
garmin — connect_iq | The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device’s firmware. | 2023-05-23 | not yet calculated | CVE-2023-23305MISC |
garmin — connect_iq | The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device’s firmware. | 2023-05-23 | not yet calculated | CVE-2023-23306MISCMISC |
t&d_corporation_and_espec_mic_corp. — t&d_corporation_and_espec_mic_corp._data_logger_products | Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | 2023-05-23 | not yet calculated | CVE-2023-23545MISCMISCMISC |
dell — vxrail | Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | 2023-05-23 | not yet calculated | CVE-2023-23693MISC |
dell — vxrail | Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | 2023-05-23 | not yet calculated | CVE-2023-23694MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions. | 2023-05-26 | not yet calculated | CVE-2023-23714MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero – Tom Skroza Admin Block Country plugin <= 7.1.4 versions. | 2023-05-26 | not yet calculated | CVE-2023-24007MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin <= 0.7.8 versions. | 2023-05-26 | not yet calculated | CVE-2023-24008MISC |
m-files — client | Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege via UI extension applications | 2023-05-25 | not yet calculated | CVE-2023-2480MISC |
wordpress — wordpress | The Go Pricing – WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘process_postdata’ function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator’s privilege. | 2023-05-24 | not yet calculated | CVE-2023-2494MISCMISC |
wordpress — wordpress | The Go Pricing – WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the ‘validate_upload’ function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2023-05-24 | not yet calculated | CVE-2023-2496MISCMISC |
wordpress — wordpress | The Go Pricing – WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-05-24 | not yet calculated | CVE-2023-2498MISCMISC |
wordpress — wordpress | The Go Pricing – WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the ‘go_pricing’ shortcode ‘data’ parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2023-05-25 | not yet calculated | CVE-2023-2500MISCMISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuyencode CC Custom Taxonomy plugin <= 1.0.1 versions. | 2023-05-24 | not yet calculated | CVE-2023-25028MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <= 2.0.7 versions. | 2023-05-26 | not yet calculated | CVE-2023-25029MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean Up plugin <= 1.2.3 versions. | 2023-05-26 | not yet calculated | CVE-2023-25034MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <= 0.58 versions. | 2023-05-26 | not yet calculated | CVE-2023-25038MISC |
birddog — multiple_products |
Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials. |
2023-05-22 | not yet calculated | CVE-2023-2504MISCMISC |
birddog — multiple_products | The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files. | 2023-05-22 | not yet calculated | CVE-2023-2505MISCMISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions. | 2023-05-26 | not yet calculated | CVE-2023-25058MISC |
snap_one — ovrc_pro |
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device. |
2023-05-22 | not yet calculated | CVE-2023-25183MISCMISC |
square_pig_llc — fusioninvoice | Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details. | 2023-05-25 | not yet calculated | CVE-2023-25439MISC |
civicrm — civicrm | Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. | 2023-05-23 | not yet calculated | CVE-2023-25440MISCMISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions. | 2023-05-26 | not yet calculated | CVE-2023-25467MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin <= 0.3 versions. | 2023-05-26 | not yet calculated | CVE-2023-25470MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin <= 2.2.6 versions. | 2023-05-23 | not yet calculated | CVE-2023-25474MISC |
dell — poweredge_14g_bios/precision_bios | Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege. | 2023-05-22 | not yet calculated | CVE-2023-25537MISC |
mitel — mivoice_connect | A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | 2023-05-24 | not yet calculated | CVE-2023-25598MISCMISC |
mitel — mivoice_connect | A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | 2023-05-24 | not yet calculated | CVE-2023-25599MISCMISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions. | 2023-05-26 | not yet calculated | CVE-2023-25781MISC |
teltonika — remote_management_system | Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the “RMS management feature” enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user’s devices, including remote code execution with ‘root’ privileges (using the ‘Task Manager’ feature on RMS). | 2023-05-22 | not yet calculated | CVE-2023-2586MISC |
teltonika — remote_management_system | Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL could be shared with others without Remote Management System authentication . An attacker could exploit this vulnerability to create a malicious webpage that uses a trusted and certified domain. An attacker could initiate a reverse shell when a victim connects to the malicious webpage, achieving remote code execution on the victim device. | 2023-05-22 | not yet calculated | CVE-2023-2588MISC |
qrio,_inc. — qrio_lock_(q-sl2) | Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product’s communication data and conduct an arbitrary operation under certain conditions. | 2023-05-23 | not yet calculated | CVE-2023-25946MISCMISC |
works_mobile_japan_corp. — drive_explorer_for_macos | Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges. | 2023-05-23 | not yet calculated | CVE-2023-25953MISCMISC |
eclipse — openj9 | In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. | 2023-05-22 | not yet calculated | CVE-2023-2597CONFIRM |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugin <= 1.4.1 versions. | 2023-05-26 | not yet calculated | CVE-2023-25971MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions. | 2023-05-26 | not yet calculated | CVE-2023-25976MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More Excerpt Link plugin <= 1.6 versions. | 2023-05-23 | not yet calculated | CVE-2023-26011MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HTML plugin <= 2.1.7 vulnerability. | 2023-05-23 | not yet calculated | CVE-2023-26014MISC |
n158 — n158 | All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the ‘module.exports’ function.
**Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. |
2023-05-27 | not yet calculated | CVE-2023-26127MISCMISC |
keep-module-latest — keep-module-latest | All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function.
**Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. |
2023-05-27 | not yet calculated | CVE-2023-26128MISCMISC |
bmw-ng — bmw-ng | All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the ‘check’ function in the bwm-ng.js file.
**Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment. |
2023-05-27 | not yet calculated | CVE-2023-26129MISC |
tibco_software_inc. — tibco_ebx | The server component of TIBCO Software Inc.’s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.’s TIBCO EBX Add-ons: versions 4.5.16 and below. | 2023-05-25 | not yet calculated | CVE-2023-26215MISC |
tibco_software_inc. — tibco_ebx | The server component of TIBCO Software Inc.’s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.’s TIBCO EBX Add-ons: versions 4.5.16 and below. | 2023-05-25 | not yet calculated | CVE-2023-26216MISC |
cybozu,_inc. — cybozu_garoon | Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. | 2023-05-23 | not yet calculated | CVE-2023-26595MISCMISC |
sitecore — experience_platform/sitecore_xp | Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. | 2023-05-23 | not yet calculated | CVE-2023-27068MISCMISCMISC |
cybozu,_inc. — cybozu_garoon | Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. | 2023-05-23 | not yet calculated | CVE-2023-27304MISCMISC |
netapp — bluexp_connector | NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue – obtaining the fix requires redeploying a fresh Connector. | 2023-05-26 | not yet calculated | CVE-2023-27311MISC |
wordpress — wordpress | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. | 2023-05-25 | not yet calculated | CVE-2023-2732MISCMISCMISC |
wordpress — wordpress | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. | 2023-05-25 | not yet calculated | CVE-2023-2733MISCMISCMISC |
wordpress — wordpress | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. | 2023-05-25 | not yet calculated | CVE-2023-2734MISCMISCMISC |
cybozu,_inc. — cybozu_garoon | Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. | 2023-05-23 | not yet calculated | CVE-2023-27384MISCMISC |
t&d_corporation_and_espec_mic_corp. — t&d_corporation_and_espec_mic_corp._data_logger_products | Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | 2023-05-23 | not yet calculated | CVE-2023-27387MISCMISCMISC |
t&d_corporation_and_espec_mic_corp. — t&d_corporation_and_espec_mic_corp._data_logger_products | Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | 2023-05-23 | not yet calculated | CVE-2023-27388MISCMISCMISC |
microengine — mailform | Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product’s file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | 2023-05-23 | not yet calculated | CVE-2023-27397MISCMISC |
microengine — mailform | MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product’s file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | 2023-05-23 | not yet calculated | CVE-2023-27507MISCMISC |
contec_co_ltd. — solarview_compact_sv-cpt-mc310 | Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation. | 2023-05-23 | not yet calculated | CVE-2023-27512MISCMISCMISC |
contec_co_ltd. — solarview_compact_sv-cpt-mc310 | OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command. | 2023-05-23 | not yet calculated | CVE-2023-27514MISCMISCMISC |
contec_co_ltd. — solarview_compact_sv-cpt-mc310 | Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code. | 2023-05-23 | not yet calculated | CVE-2023-27518MISCMISCMISC |
contec_co_ltd. — solarview_compact_sv-cpt-mc310 | OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command. | 2023-05-23 | not yet calculated | CVE-2023-27521MISCMISCMISC |
wacom — wacom_tablet_driver_installer | Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege. | 2023-05-25 | not yet calculated | CVE-2023-27529MISCMISC |
contec_co_ltd. — solarview_compact_sv-cpt-mc310 | Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product. | 2023-05-23 | not yet calculated | CVE-2023-27920MISCMISCMISC |
jins — meme_core | JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker. | 2023-05-23 | not yet calculated | CVE-2023-27921MISCMISC |
wordpress — wordpress | Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script. | 2023-05-23 | not yet calculated | CVE-2023-27922MISCMISC |
wordpress — wordpress | Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | 2023-05-23 | not yet calculated | CVE-2023-27923MISCMISC |
wordpress — wordpress | Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | 2023-05-23 | not yet calculated | CVE-2023-27925MISCMISC |
wordpress — wordpress | Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. | 2023-05-23 | not yet calculated | CVE-2023-27926MISCMISC |
htmlunit — htmlunit | Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0. | 2023-05-25 | not yet calculated | CVE-2023-2798MISCMISC |
hclsoftware — domino_appdeck_pack | The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users. | 2023-05-23 | not yet calculated | CVE-2023-28015MISC |
libjpeg-turbo — libjpeg-turbo | A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. | 2023-05-25 | not yet calculated | CVE-2023-2804MISCMISCMISCMISCMISC |
craft_cms — craft_cms | A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively. | 2023-05-26 | not yet calculated | CVE-2023-2817MISCMISC |
curl/curl — libcurl | A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server’s public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. | 2023-05-26 | not yet calculated | CVE-2023-28319MISC |
curl/curl — libcurl | A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. | 2023-05-26 | not yet calculated | CVE-2023-28320MISC |
curl/curl — libcurl | An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as “Subject Alternative Name” in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. | 2023-05-26 | not yet calculated | CVE-2023-28321MISC |
curl/curl — libcurl | An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. | 2023-05-26 | not yet calculated | CVE-2023-28322MISC |
wordpress — wordpress | Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. | 2023-05-23 | not yet calculated | CVE-2023-28367MISCMISC |
tornadoweb — tornado | Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. | 2023-05-25 | not yet calculated | CVE-2023-28370MISCMISC |
encourage_technologies_co.,ltd. — ess_rec_agent_server_edition_series | Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1 | 2023-05-26 | not yet calculated | CVE-2023-28382MISCMISC |
icom_inc. — sr-7100vn | Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed. | 2023-05-23 | not yet calculated | CVE-2023-28390MISCMISC |
inaba_denki_sangyo_co.,_ltd. — wi-fi_ap_unit | Wi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | 2023-05-23 | not yet calculated | CVE-2023-28392MISCMISC |
beekeeper_studio,_inc. — beekeeper_studio | Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well. | 2023-05-23 | not yet calculated | CVE-2023-28394MISCMISCMISC |
wordpress — wordpress | Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings. | 2023-05-23 | not yet calculated | CVE-2023-28408MISCMISC |
wordpress — wordpress | Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. | 2023-05-23 | not yet calculated | CVE-2023-28409MISCMISC |
snap_one — ovrc_pro |
When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information. |
2023-05-22 | not yet calculated | CVE-2023-28412MISCMISC |
wordpress — wordpress | Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition. | 2023-05-23 | not yet calculated | CVE-2023-28413MISCMISC |
cloudexplorer-dev — cloudexplorer-dev/cloudexplorer-lite | Missing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. | 2023-05-23 | not yet calculated | CVE-2023-2844CONFIRMMISC |
cloudexplorer-dev — cloudexplorer-dev/cloudexplorer-lite | Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. | 2023-05-23 | not yet calculated | CVE-2023-2845CONFIRMMISC |
nilsteampassnet — nilsteampassnet/teampass | Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | 2023-05-24 | not yet calculated | CVE-2023-2859CONFIRMMISC |
siteserver — cms | A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability. | 2023-05-24 | not yet calculated | CVE-2023-2862MISCMISCMISC |
simple_design — daily_journal | A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819. | 2023-05-24 | not yet calculated | CVE-2023-2863MISCMISCMISC |
snap_one — ovrc_pro | The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user. | 2023-05-22 | not yet calculated | CVE-2023-28649MISCMISC |
barracuda_networks — email_security_gateway | A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances. | 2023-05-24 | not yet calculated | CVE-2023-2868MISCMISC |
entech — monitor_asset_manager | A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-229849 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-24 | not yet calculated | CVE-2023-2870MISCMISCMISCMISC |
fabulatech — usb_for_remote_desktop | A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-229850 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-24 | not yet calculated | CVE-2023-2871MISCMISCMISCMISC |
flexihub — flexihub | A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. This affects the function 0x220088 in the library fusbhub.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229851. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-24 | not yet calculated | CVE-2023-2872MISCMISCMISCMISC |
twister — antivirus | A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-24 | not yet calculated | CVE-2023-2873MISCMISCMISCMISC |
twister — antivirus | A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-24 | not yet calculated | CVE-2023-2874MISCMISCMISCMISC |
escan — antivirus | A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-24 | not yet calculated | CVE-2023-2875MISCMISCMISCMISC |
pimcore — pimcore/customer-data-framework | Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | 2023-05-25 | not yet calculated | CVE-2023-2881CONFIRMMISC |
phpok — phpok | A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability. | 2023-05-25 | not yet calculated | CVE-2023-2888MISCMISCMISC |
linux — kernel | There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. | 2023-05-26 | not yet calculated | CVE-2023-2898MISC |
nfine — rapid_development_platform | A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-229974 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-25 | not yet calculated | CVE-2023-2900MISCMISCMISC |
nfine — rapid_development_platform | A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229975. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-25 | not yet calculated | CVE-2023-2901MISCMISCMISC |
nfine — rapid_development_platform | A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-25 | not yet calculated | CVE-2023-2902MISCMISCMISC |
nfine — rapid_development_platform | A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-25 | not yet calculated | CVE-2023-2903MISCMISCMISC |
artistscope — copysafe_pdf_reader | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <= 3.13 versions. | 2023-05-26 | not yet calculated | CVE-2023-29098MISC |
sourcecodester — comment_system | A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076. | 2023-05-27 | not yet calculated | CVE-2023-2922MISCMISCMISC |
tenda — ac6 | A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-27 | not yet calculated | CVE-2023-2923MISCMISCMISC |
supcon — simfield | A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-27 | not yet calculated | CVE-2023-2924MISCMISCMISC |
webkul — krayin_crm | A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230079. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-27 | not yet calculated | CVE-2023-2925MISCMISCMISC |
seacms — seacms | A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230081 was assigned to this vulnerability. | 2023-05-27 | not yet calculated | CVE-2023-2926MISCMISCMISC |
jizhicms — jizhicms | A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability. | 2023-05-27 | not yet calculated | CVE-2023-2927MISCMISCMISC |
dedecms — dedecms | A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083. | 2023-05-27 | not yet calculated | CVE-2023-2928MISCMISCMISC |
openemr — openemr/openemr | Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | not yet calculated | CVE-2023-2942MISCCONFIRM |
openemr — openemr/openemr | Code Injection in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | not yet calculated | CVE-2023-2943MISCCONFIRM |
openemr — openemr/openemr | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | not yet calculated | CVE-2023-2944MISCCONFIRM |
openemr — openemr/openemr | Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | not yet calculated | CVE-2023-2945CONFIRMMISC |
openemr — openemr/openemr | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | not yet calculated | CVE-2023-2946CONFIRMMISC |
openemr — openemr/openemr | Cross-site Scripting (XSS) – Stored in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-27 | not yet calculated | CVE-2023-2947MISCCONFIRM |
sofawiki_cms — sofawiki_cms | SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution. | 2023-05-24 | not yet calculated | CVE-2023-29721MISCMISC |
contec_co_ltd. — solarview_compact | SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. | 2023-05-23 | not yet calculated | CVE-2023-29919MISCMISC |
camaleon_cms — camaleon_cms | Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. | 2023-05-26 | not yet calculated | CVE-2023-30145MISCMISCMISCMISCMISC |
valve — half-life | A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. | 2023-05-23 | not yet calculated | CVE-2023-30382MISC |
ibm — powervm_hypervisor | IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175. | 2023-05-23 | not yet calculated | CVE-2023-30440MISCMISC |
hitachi — ops_center_analyzier | Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00. | 2023-05-23 | not yet calculated | CVE-2023-30469MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Accessibility plugin <= 1.4 versions. | 2023-05-25 | not yet calculated | CVE-2023-30484MISC |
iris_software_inc. — iris | Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web. | 2023-05-25 | not yet calculated | CVE-2023-30615MISCMISC |
cilium — cilium | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies. This issue has been patched in Cilium 1.11.16, 1.12.9, and 1.13.2. | 2023-05-25 | not yet calculated | CVE-2023-30851MISCMISCMISCMISC |
oracle — apache_inlong | Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0.
When users change their password to a simple password (with any character or Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it. |
2023-05-22 | not yet calculated | CVE-2023-31098MISC |
c-ares — c-ares | c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. | 2023-05-25 | not yet calculated | CVE-2023-31124MISCMISCMISCMISC |
nextcloud — cookbook | NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch, the `pull-checks.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz”;echo${IFS}”hello”;#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. This issue is fixed in commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch. There is no risk for the user of the app within the NextCloud server. This only affects the main repository and possible forks of it. Those who have forked the NextCloud Cookbook repository should make sure their forks are on the latest version to prevent code injection attacks and similar. | 2023-05-26 | not yet calculated | CVE-2023-31128MISCMISCMISCMISCMISC |
c-ares — c-ares | c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular “0::00:00:00/2” was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. | 2023-05-25 | not yet calculated | CVE-2023-31130MISCMISCMISCMISC |
c-ares — c-ares | c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. | 2023-05-25 | not yet calculated | CVE-2023-31147MISCMISCMISCMISC |
snap_one — ovrc_pro |
Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation. |
2023-05-22 | not yet calculated | CVE-2023-31193MISCMISC |
oracle — apache_inlong | Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick [1] to solve it.
[1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 |
2023-05-22 | not yet calculated | CVE-2023-31206MISC |
huawei — harmonyos | The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. | 2023-05-26 | not yet calculated | CVE-2023-31225MISC |
huawei — harmonyos | The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality. | 2023-05-26 | not yet calculated | CVE-2023-31226MISC |
huawei — harmonyos | The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality. | 2023-05-26 | not yet calculated | CVE-2023-31227MISC |
snap_one — ovrc_pro |
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials. |
2023-05-22 | not yet calculated | CVE-2023-31240MISCMISC |
snap_one — ovrc_pro |
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright. |
2023-05-22 | not yet calculated | CVE-2023-31241MISC |
snap_one — ovrc_pro |
Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web. |
2023-05-22 | not yet calculated | CVE-2023-31245MISCMISC |
mitel — mivoice_connect | A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. | 2023-05-24 | not yet calculated | CVE-2023-31457MISCMISC |
mitel — mivoice_connect | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. | 2023-05-24 | not yet calculated | CVE-2023-31458MISCMISC |
mitel — mivoice_connect | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. | 2023-05-24 | not yet calculated | CVE-2023-31459MISCMISC |
mitel — mivoice_connect | A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters. | 2023-05-24 | not yet calculated | CVE-2023-31460MISCMISC |
teeworlds — teeworlds | Teeworlds v0.7.5 was discovered to contain memory leaks. | 2023-05-23 | not yet calculated | CVE-2023-31517MISCMISC |
teeworlds — teeworlds | A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file. | 2023-05-23 | not yet calculated | CVE-2023-31518MISCMISCMISC |
ic_realtime — icip-p2012t | IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. | 2023-05-25 | not yet calculated | CVE-2023-31594MISCMISC |
ic_realtime — icip-p2012t | IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access. | 2023-05-24 | not yet calculated | CVE-2023-31595MISCMISC |
wso2 — api_manager | A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter. | 2023-05-23 | not yet calculated | CVE-2023-31664CONFIRMCONFIRMMISC |
webassembly — wat2wasm | WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting ‘@’ before a quote (“). | 2023-05-23 | not yet calculated | CVE-2023-31669MISC |
webassembly — webassembly | An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. | 2023-05-23 | not yet calculated | CVE-2023-31670MISC |
alist_3.15.1 — alist_3.15.1 | AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. | 2023-05-23 | not yet calculated | CVE-2023-31726MISCMISC |
linksys — e2000 | There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. | 2023-05-23 | not yet calculated | CVE-2023-31740MISCMISC |
linksys — e2000 | There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | 2023-05-23 | not yet calculated | CVE-2023-31741MISCMISC |
linksys — wrt54gl | There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | 2023-05-22 | not yet calculated | CVE-2023-31742MISCMISC |
wondershare — filmora_12 | Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges. | 2023-05-23 | not yet calculated | CVE-2023-31747MISCMISCMISC |
wondershare — mobiletrans | Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. | 2023-05-24 | not yet calculated | CVE-2023-31748MISCMISC |
sourcecodester — employee_and_visitor_gate_pass_logging_system | SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. | 2023-05-23 | not yet calculated | CVE-2023-31752MISC |
kerui — w18_alarm_system | Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack. | 2023-05-24 | not yet calculated | CVE-2023-31759MISC |
blitzwolf — bw-is22_smart_home_security_alarm | Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | 2023-05-24 | not yet calculated | CVE-2023-31761MISC |
digoo — dg-hamb_smart_home_security_system | Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack. | 2023-05-24 | not yet calculated | CVE-2023-31762MISC |
agshome — smart_alarm | Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | 2023-05-24 | not yet calculated | CVE-2023-31763MISC |
wekan — wekan | Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in “Reaction to comment” feature. | 2023-05-22 | not yet calculated | CVE-2023-31779MISCMISC |
d-link — dir-300 | D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. | 2023-05-23 | not yet calculated | CVE-2023-31814MISCMISC |
it_sourcecode — content_management_system | IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php. | 2023-05-22 | not yet calculated | CVE-2023-31816MISC |
skyscreamer/nevado — skyscreamer/nevado | Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data. | 2023-05-23 | not yet calculated | CVE-2023-31826MISCMISCMISCMISC |
wuzhi_cms — wuzhi_cms | Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. | 2023-05-23 | not yet calculated | CVE-2023-31860MISC |
zlmediakit — zlmediakit | ZLMediaKit 4.0 is vulnerable to Directory Traversal. | 2023-05-25 | not yet calculated | CVE-2023-31861MISCMISC |
suprema_inc. — biostar_2 | Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with “User Operator” privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system. | 2023-05-22 | not yet calculated | CVE-2023-31923MISC |
hanwha — multiple_products | Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02. | 2023-05-23 | not yet calculated | CVE-2023-31994MISCMISC |
hanwha — ip_camera_ane-l7012r | Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). | 2023-05-23 | not yet calculated | CVE-2023-31995MISC |
hanwha — ip_camera_ane-l7012r | Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. | 2023-05-23 | not yet calculated | CVE-2023-31996MISCMISC |
c-ares — c-ares | c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. | 2023-05-25 | not yet calculated | CVE-2023-32067MISCMISCMISCMISC |
nextcloud — user_oidc_app | user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2 | 2023-05-25 | not yet calculated | CVE-2023-32074MISCMISCMISC |
sofia-sip — sofia-sip | Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade. |
2023-05-26 | not yet calculated | CVE-2023-32307MISC |
cloudexplorer_lite — cloudexplorer_lite | CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-05-26 | not yet calculated | CVE-2023-32311MISC |
openfire — openfire | Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice. | 2023-05-26 | not yet calculated | CVE-2023-32315MISC |
cloudexplorer_lite — cloudexplorer_lite | CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability. | 2023-05-26 | not yet calculated | CVE-2023-32316MISC |
autolab_project — autolab_project | Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both “Base File Tar” and “Additional file archive” can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade. | 2023-05-26 | not yet calculated | CVE-2023-32317MISCMISC |
nextcloud — nextcloud_server | Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1. | 2023-05-26 | not yet calculated | CVE-2023-32318MISCMISC |
nextcloud — nextcloud_server | Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-05-26 | not yet calculated | CVE-2023-32319MISCMISC |
ckan — ckan | CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker’s session store when configured to use the file session store backend. Potential DOS due to lack of a length check on the resource id. Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don’t have access to it. Resource overwrite: A user with permission to create a resource can overwrite any resource if they know the id, even if they don’t have access to it. A user with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded file in an arbitrary location. This can be leveraged to Remote Code Execution via Beaker’s insecure pickle loading. All the above listed vulnerabilities have been fixed in CKAN 2.9.9 and CKAN 2.10.1. Users are advised to upgrade. There are no known workarounds for these issues. | 2023-05-26 | not yet calculated | CVE-2023-32321MISC |
matrix-org — synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently. | 2023-05-26 | not yet calculated | CVE-2023-32323MISCMISCMISC |
posthog-js — posthog-js | PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place. | 2023-05-27 | not yet calculated | CVE-2023-32325MISCMISC |
teltonika — remote_management_system | Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System. | 2023-05-22 | not yet calculated | CVE-2023-32346MISC |
teltonika — remote_management_system | Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices. | 2023-05-22 | not yet calculated | CVE-2023-32347MISC |
teltonika — remote_management_system | Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN. | 2023-05-22 | not yet calculated | CVE-2023-32348MISC |
teltonika — rut | Versions 00.07.00 through 00.07.03.4 of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. | 2023-05-22 | not yet calculated | CVE-2023-32349MISC |
teltonika — rut | Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload. | 2023-05-22 | not yet calculated | CVE-2023-32350MISC |
autolab_project — autolab_project | Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade. | 2023-05-26 | not yet calculated | CVE-2023-32676MISCMISC |
psf/requests — psf/requests | Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. | 2023-05-26 | not yet calculated | CVE-2023-32681MISCMISCMISCMISC |
kiwi_tcms — kiwi_tcms | Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. This issue has been patched in version 12.3. | 2023-05-27 | not yet calculated | CVE-2023-32686MISCMISC |
parse-server-push-adapter — parse-server-push-adapter | parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3. | 2023-05-27 | not yet calculated | CVE-2023-32688MISCMISCMISC |
saleor — core | Saleor Core is a composable, headless commerce API. Saleor’s `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16. | 2023-05-25 | not yet calculated | CVE-2023-32694MISCMISC |
socket.io — socket.io | socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. | 2023-05-27 | not yet calculated | CVE-2023-32695MISCMISCMISCMISC |
sqlite — jdbc | SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. | 2023-05-23 | not yet calculated | CVE-2023-32697MISCMISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions. | 2023-05-26 | not yet calculated | CVE-2023-32964MISC |
zyxel — atp_series | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. | 2023-05-24 | not yet calculated | CVE-2023-33009CONFIRM |
zyxel — atp_series | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. | 2023-05-24 | not yet calculated | CVE-2023-33010CONFIRM |
nextcloud — nextcloud_mail | Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3. | 2023-05-27 | not yet calculated | CVE-2023-33184MISCMISCMISC |
django — django-ses | Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0. | 2023-05-26 | not yet calculated | CVE-2023-33185MISCMISCMISC |
highlight.io — highlight.io | Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type=”text”` via a javascript “Show Password” button. This differs from the expected behavior which always obfuscates `type=”password”` inputs. A customer may assume that switching to `type=”text”` would also not record this input; hence, they would not add additional `highlight-mask` css-class obfuscation to this part of the DOM, resulting in unintentional recording of a password value when a `Show Password` button is used. This issue was patched in version 6.0.0. This patch tracks changes to the `type` attribute of an input to ensure an input that used to be a `type=”password”` continues to be obfuscated. |
2023-05-26 | not yet calculated | CVE-2023-33187MISCMISC |
omni-notes — omni-notes | Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note’s attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability. | 2023-05-27 | not yet calculated | CVE-2023-33188MISC |
rust — ntpd-rs | ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3. | 2023-05-27 | not yet calculated | CVE-2023-33192MISCMISC |
craft_cms — craft_cms | Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6. | 2023-05-26 | not yet calculated | CVE-2023-33194MISCMISCMISC |
craft_cms — craft_cms | Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6. | 2023-05-27 | not yet calculated | CVE-2023-33195MISCMISC |
craft_cms — craft_cms | Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7. | 2023-05-26 | not yet calculated | CVE-2023-33196MISCMISCMISC |
craft_cms — craft_cms | Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6. | 2023-05-26 | not yet calculated | CVE-2023-33197MISCMISCMISC |
rekor — rekor | Rekor’s goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-05-26 | not yet calculated | CVE-2023-33199MISCMISC |
moxa — mxsecurity | MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. | 2023-05-22 | not yet calculated | CVE-2023-33235MISC |
moxa — mxsecurity | MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. | 2023-05-22 | not yet calculated | CVE-2023-33236MISC |
oracle — apache_rocketmq | For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.
Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x . |
2023-05-24 | not yet calculated | CVE-2023-33246MISC |
talend — data_catalog | Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.) | 2023-05-26 | not yet calculated | CVE-2023-33247MISC |
amazon — alexa | Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful. | 2023-05-24 | not yet calculated | CVE-2023-33248MISCMISCMISCMISCMISCMISC |
akka_http — akka_http | When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. | 2023-05-21 | not yet calculated | CVE-2023-33251CONFIRM |
iden3_snarkjs — iden3_snarkjs | iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus. | 2023-05-21 | not yet calculated | CVE-2023-33252MISCMISC |
papaya_viewer — papaya_viewer | An issue was discovered in Papaya Viewer 4a42701. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application | 2023-05-26 | not yet calculated | CVE-2023-33255MISCMISC |
softonic — wftpd_server | In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006. | 2023-05-25 | not yet calculated | CVE-2023-33263MISC |
prestashop — prestashop | In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | 2023-05-25 | not yet calculated | CVE-2023-33278MISCMISC |
prestashop — prestashop | In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | 2023-05-25 | not yet calculated | CVE-2023-33279MISC |
prestashop — prestashop | In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. | 2023-05-25 | not yet calculated | CVE-2023-33280MISCMISC |
qt-project — qt | An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. | 2023-05-22 | not yet calculated | CVE-2023-33285MISC |
kaios — kaios | An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version. | 2023-05-22 | not yet calculated | CVE-2023-33293MISC |
kaios — kaios | An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns proper CORS headers, it’s accessible to all websites via the browser. At a bare minimum, this allows an attacker to retrieve a list of the user’s installed apps, notifications, and downloads. It also allows an attacker to delete local files and modify system properties including the boolean persist.moz.killswitch property (which would render the device inoperable). This vulnerability is partially mitigated by SELinux which prevents reads, writes, or modifications to files or permissions within protected partitions. | 2023-05-22 | not yet calculated | CVE-2023-33294MISC |
bitcoin_core — bitcoin_core | Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023. | 2023-05-22 | not yet calculated | CVE-2023-33297MISCMISCMISCMISCMISC |
piwigo — piwigo | Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the “add tags” function. | 2023-05-23 | not yet calculated | CVE-2023-33359MISC |
piwigo — piwigo | Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. | 2023-05-23 | not yet calculated | CVE-2023-33361MISC |
piwigo — piwigo | Piwigo 13.6.0 is vulnerable to SQL Injection via in the “profile” function. | 2023-05-23 | not yet calculated | CVE-2023-33362MISC |
skycaiji — skycaiji | skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data. | 2023-05-26 | not yet calculated | CVE-2023-33394MISC |
easyimages2.0 — easyimages2.0 | EasyImages2.0 ? 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php. | 2023-05-23 | not yet calculated | CVE-2023-33599MISC |
parks — fiberlinks_210 | An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter. | 2023-05-23 | not yet calculated | CVE-2023-33617MISC |
mp4v2 — mp4v2 | mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. | 2023-05-26 | not yet calculated | CVE-2023-33720MISC |
mipjz — mipjz | A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd. | 2023-05-25 | not yet calculated | CVE-2023-33750MISC |
mipjz — mipjz | A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php. | 2023-05-25 | not yet calculated | CVE-2023-33751MISC |
xxl-job — xxl-job | A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user’s account via a crafted POST request to the component /jobinfo/. | 2023-05-26 | not yet calculated | CVE-2023-33779MISCMISCMISC |
tfdi_design — smartcars | A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article. | 2023-05-26 | not yet calculated | CVE-2023-33780MISC |
cloudogu_gmbh_scm_manager — cloudogu_gmbh_scm_manager | A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. | 2023-05-24 | not yet calculated | CVE-2023-33829MISCMISCMISC |
liferay — portal/dxp | Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form’s `name` field. | 2023-05-24 | not yet calculated | CVE-2023-33937MISC |
liferay — portal/dxp | Cross-site scripting (XSS) vulnerability in the App Builder module’s custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object’s `Name` field. | 2023-05-24 | not yet calculated | CVE-2023-33938MISC |
liferay — portal/dxp | Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label. | 2023-05-24 | not yet calculated | CVE-2023-33939MISC |
liferay — portal/dxp | Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App’s IFrame URL. | 2023-05-24 | not yet calculated | CVE-2023-33940MISC |
liferay — portal/dxp | Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module’s OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. | 2023-05-24 | not yet calculated | CVE-2023-33941MISC |
liferay — portal/dxp | Cross-site scripting (XSS) vulnerability in the Web Content Display widget’s article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article’s `Title` field. | 2023-05-24 | not yet calculated | CVE-2023-33942MISC |
liferay — portal/dxp | Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field. | 2023-05-24 | not yet calculated | CVE-2023-33943MISC |
liferay — portal/dxp | Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment’s `URL` text field. | 2023-05-24 | not yet calculated | CVE-2023-33944MISC |
liferay — portal/dxp | SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table’s primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded. | 2023-05-24 | not yet calculated | CVE-2023-33945MISC |
liferay — portal/dxp | The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page. | 2023-05-24 | not yet calculated | CVE-2023-33946MISC |
liferay — portal/dxp | The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition. | 2023-05-24 | not yet calculated | CVE-2023-33947MISC |
liferay — portal/dxp | The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL. | 2023-05-24 | not yet calculated | CVE-2023-33948MISC |
liferay — portal/dxp | In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don’t control. The portal property `company.security.strangers.verify` should be set to true. | 2023-05-24 | not yet calculated | CVE-2023-33949MISC |
liferay — portal/dxp | Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs. | 2023-05-24 | not yet calculated | CVE-2023-33950MISC |
briar_project — briar | Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact. | 2023-05-24 | not yet calculated | CVE-2023-33980MISCMISC |
briar_project — briar | Briar before 1.4.22 allows attackers to spoof other users’ messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one. | 2023-05-24 | not yet calculated | CVE-2023-33981MISCMISC |
briar_project — briar | Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol. | 2023-05-24 | not yet calculated | CVE-2023-33982MISCMISC |
briar_project — briar | The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties. | 2023-05-24 | not yet calculated | CVE-2023-33983MISC |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.