US-CERT Vulnerability Summary for the Week of May 8, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
PrimaryVendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
scanservjs_project — scanservjs | OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. | 2023-05-07 | 10 | CVE-2023-2564MISCCONFIRM |
jsreport — jsreport | Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. | 2023-05-08 | 10 | CVE-2023-2583MISCCONFIRM |
siemens — scalance_lpe9403 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user. | 2023-05-09 | 9.9 | CVE-2023-27407MISC |
siemens — multiple_products | A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system. | 2023-05-09 | 9.9 | CVE-2023-30898MISC |
siemens — multiple_products | A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system. | 2023-05-09 | 9.9 | CVE-2023-30899MISC |
php-login_project — php-login | A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability. | 2023-05-06 | 9.8 | CVE-2016-15031MISCMISCMISCMISC |
victor_cms_project — victor_cms | SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. | 2023-05-08 | 9.8 | CVE-2020-23966MISCMISC |
coinmarketstats — bitcoin_\/_altcoin_payment_gateway_for_woocommerce | The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users | 2023-05-08 | 9.8 | CVE-2022-4118MISC |
quantumcloud — ai_chatbot | The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog | 2023-05-08 | 9.8 | CVE-2023-1650MISC |
hp — instantos | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-05-08 | 9.8 | CVE-2023-22779MISC |
hp — instantos | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-05-08 | 9.8 | CVE-2023-22780MISC |
hp — instantos | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-05-08 | 9.8 | CVE-2023-22781MISC |
hp — instantos | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-05-08 | 9.8 | CVE-2023-22782MISC |
hp — instantos | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-05-08 | 9.8 | CVE-2023-22783MISC |
hp — instantos | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-05-08 | 9.8 | CVE-2023-22784MISC |
hp — instantos | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-05-08 | 9.8 | CVE-2023-22785MISC |
hp — instantos | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-05-08 | 9.8 | CVE-2023-22786MISC |
apple — iphone_os | This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper | 2023-05-08 | 9.8 | CVE-2023-23526MISCMISC |
microsoft — multiple_products | Windows Network File System Remote Code Execution Vulnerability | 2023-05-09 | 9.8 | CVE-2023-24941MISC |
microsoft — multiple_products | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 2023-05-09 | 9.8 | CVE-2023-24943MISC |
azuracast — azuracast | Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3. | 2023-05-05 | 9.8 | CVE-2023-2531CONFIRMMISC |
apache — airflow | Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0. | 2023-05-08 | 9.8 | CVE-2023-25754MISCMISCMISC |
online_tours_\&_travels_management_system_project — online_tours_\&_travels_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects the function exec of the file disapprove_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228549 was assigned to this vulnerability. | 2023-05-10 | 9.8 | CVE-2023-2619MISCMISCMISC |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory | 2023-05-08 | 9.8 | CVE-2023-27953MISCMISCMISC |
h3c — gr-1200w_firmware | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad. | 2023-05-08 | 9.8 | CVE-2023-29693MISC |
h3c — gr-1200w_firmware | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set. | 2023-05-08 | 9.8 | CVE-2023-29696MISC |
metersphere — metersphere | Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench | 2023-05-08 | 9.8 | CVE-2023-29944MISCMISC |
totolink — x5000r_firmware | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the “command” parameter. | 2023-05-05 | 9.8 | CVE-2023-30013MISC |
judging_management_system_project — judging_management_system | Judging Management System v1.0 is vulnerable to SQL Injection. via /php-jms/review_se_result.php?mainevent_id=. | 2023-05-08 | 9.8 | CVE-2023-30018MISC |
totolink — a7100ru_firmware | TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | 2023-05-05 | 9.8 | CVE-2023-30053MISC |
totolink — a7100ru_firmware | TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. | 2023-05-05 | 9.8 | CVE-2023-30054MISC |
sem-cms — semcms | Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file. | 2023-05-05 | 9.8 | CVE-2023-30090MISC |
online_pizza_ordering_system_project — online_pizza_ordering_system | SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter. | 2023-05-08 | 9.8 | CVE-2023-30092MISCMISC |
online_food_ordering_system_project — online_food_ordering_system | An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 2023-05-05 | 9.8 | CVE-2023-30122MISC |
tenda — ac18_firmware | Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. | 2023-05-05 | 9.8 | CVE-2023-30135MISC |
crmeb — crmeb | CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php. | 2023-05-08 | 9.8 | CVE-2023-30185MISCMISCMISC |
netentsec — application_security_gateway | NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php. | 2023-05-05 | 9.8 | CVE-2023-30242MISCMISCMISC |
apache — brpc | Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: |
2023-05-08 | 9.8 | CVE-2023-31039MISCMISC |
tortall — yasm | yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. | 2023-05-09 | 9.8 | CVE-2023-31975MISC |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory | 2023-05-08 | 9.1 | CVE-2023-27958MISCMISCMISC |
clanscripts_project — clanscripts | Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5. | 2023-05-08 | 8.8 | CVE-2020-18131MISCMISC |
mingsoft — mcms | File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943. | 2023-05-08 | 8.8 | CVE-2020-22755MISCMISC |
flycms_project — flycms | Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save. | 2023-05-08 | 8.8 | CVE-2020-36065MISCMISC |
apache — ranger | Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0. | 2023-05-05 | 8.8 | CVE-2022-45048MISC |
sloth_logo_customizer_project — sloth_logo_customizer | The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 2023-05-08 | 8.8 | CVE-2023-0603MISC |
avirato — hotels_online_booking_engine | The Avirato hotels online booking engine WordPress plugin through 5.0.5 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. | 2023-05-08 | 8.8 | CVE-2023-0768MISC |
monicahq — monica | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter. | 2023-05-08 | 8.8 | CVE-2023-1094MISCMISC |
arubanetworks — arubaos | Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2023-05-08 | 8.8 | CVE-2023-22788MISC |
arubanetworks — arubaos | Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2023-05-08 | 8.8 | CVE-2023-22789MISC |
arubanetworks — arubaos | Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2023-05-08 | 8.8 | CVE-2023-22790MISC |
apple — iphone_os | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to break out of its sandbox | 2023-05-08 | 8.8 | CVE-2023-23532MISCMISC |
microsoft — multiple_products | Windows Bluetooth Driver Remote Code Execution Vulnerability | 2023-05-09 | 8.8 | CVE-2023-24947MISC |
bumsys_project — bumsys | PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. | 2023-05-05 | 8.8 | CVE-2023-2551MISCCONFIRM |
bumsys_project — bumsys | Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1. | 2023-05-05 | 8.8 | CVE-2023-2552CONFIRMMISC |
advantech — eki-1521_firmware | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request. | 2023-05-08 | 8.8 | CVE-2023-2573MISCMISCMISCMISCMISCMISC |
advantech — eki-1521_firmware | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request. | 2023-05-08 | 8.8 | CVE-2023-2574MISCMISCMISCMISCMISCMISC |
advantech — eki-1521_firmware | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. | 2023-05-08 | 8.8 | CVE-2023-2575MISCMISCMISCMISCMISCMISC |
apple — macos | A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution | 2023-05-08 | 8.8 | CVE-2023-27934MISC |
apple — macos | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected app termination or arbitrary code execution | 2023-05-08 | 8.8 | CVE-2023-27935MISCMISCMISC |
mitrastar — gpt-2741gnac-n2_firmware | MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function. | 2023-05-05 | 8.8 | CVE-2023-30065MISC |
apple — macos | This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to break out of its sandbox | 2023-05-08 | 8.6 | CVE-2023-27944MISCMISCMISC |
apple — xcode | The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges | 2023-05-08 | 8.6 | CVE-2023-27967MISC |
apache — ranger | An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later. |
2023-05-05 | 8.1 | CVE-2021-40331MISC |
microsoft — multiple_products | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 2023-05-09 | 8.1 | CVE-2023-24903MISC |
microsoft — multiple_products | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 2023-05-09 | 8.1 | CVE-2023-28283MISC |
microsoft — multiple_products | Windows OLE Remote Code Execution Vulnerability | 2023-05-09 | 8.1 | CVE-2023-29325MISC |
mblog_project — mblog | OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected. | 2023-05-08 | 7.8 | CVE-2021-27280MISCMISC |
google — android | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | 7.8 | CVE-2022-48243MISC |
google — android | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | 7.8 | CVE-2022-48244MISC |
google — android | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | 7.8 | CVE-2022-48245MISC |
google — android | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | 7.8 | CVE-2022-48246MISC |
google — android | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | 7.8 | CVE-2022-48247MISC |
google — android | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | 7.8 | CVE-2022-48248MISC |
google — android | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | 7.8 | CVE-2022-48249MISC |
google — android | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | 7.8 | CVE-2022-48250MISC |
google — android | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | 7.8 | CVE-2022-48368MISC |
google — android | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | 7.8 | CVE-2022-48369MISC |
google — android | .In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | 7.8 | CVE-2022-48383MISC |
google — android | In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | 7.8 | CVE-2022-48384MISC |
apple — iphone_os | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to gain root privileges | 2023-05-08 | 7.8 | CVE-2023-23525MISCMISCCONFIRM |
apple — macos | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | 2023-05-08 | 7.8 | CVE-2023-23536MISCMISCMISCCONFIRM |
microsoft — multiple_products | Win32k Elevation of Privilege Vulnerability | 2023-05-09 | 7.8 | CVE-2023-24902MISC |
microsoft — multiple_products | Remote Desktop Client Remote Code Execution Vulnerability | 2023-05-09 | 7.8 | CVE-2023-24905MISC |
microsoft — multiple_products | Windows Backup Service Elevation of Privilege Vulnerability | 2023-05-09 | 7.8 | CVE-2023-24946MISC |
microsoft — multiple_products | Windows Kernel Elevation of Privilege Vulnerability | 2023-05-09 | 7.8 | CVE-2023-24949MISC |
microsoft — multiple_products | Microsoft Excel Remote Code Execution Vulnerability | 2023-05-09 | 7.8 | CVE-2023-24953MISC |
vim — vim | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. | 2023-05-09 | 7.8 | CVE-2023-2610MISCCONFIRM |
apple — macos | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to cause unexpected system termination or write kernel memory | 2023-05-08 | 7.8 | CVE-2023-27936MISCMISCMISCMISC |
apple — macos | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution | 2023-05-08 | 7.8 | CVE-2023-27937MISCMISCMISCMISCMISCMISC |
apple — macos | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution | 2023-05-08 | 7.8 | CVE-2023-27938MISC |
apple — macos | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | 2023-05-08 | 7.8 | CVE-2023-27946MISCMISCMISCMISC |
apple — macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | 2023-05-08 | 7.8 | CVE-2023-27949MISCMISCMISC |
apple — macos | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | 2023-05-08 | 7.8 | CVE-2023-27957MISC |
apple — iphone_os | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | 2023-05-08 | 7.8 | CVE-2023-27959MISC |
dell — command_\|_monitor | Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path | 2023-05-05 | 7.8 | CVE-2023-28068MISC |
apple — iphone_os | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | 2023-05-08 | 7.8 | CVE-2023-28181MISCMISCMISCMISC |
adobe – substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 7.8 | CVE-2023-29273MISC |
adobe – substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 7.8 | CVE-2023-29274MISC |
adobe – substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 7.8 | CVE-2023-29275MISC |
adobe – substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 7.8 | CVE-2023-29276MISC |
adobe – substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 7.8 | CVE-2023-29278MISC |
adobe – substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 7.8 | CVE-2023-29280MISC |
adobe – substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 7.8 | CVE-2023-29281MISC |
adobe – substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 7.8 | CVE-2023-29282MISC |
adobe – substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 7.8 | CVE-2023-29283MISC |
adobe – substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 7.8 | CVE-2023-29284MISC |
adobe – substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 7.8 | CVE-2023-29285MISC |
microsoft — multiple_products | Win32k Elevation of Privilege Vulnerability | 2023-05-09 | 7.8 | CVE-2023-29336MISC |
microsoft — av1_video_extension | AV1 Video Extension Remote Code Execution Vulnerability | 2023-05-09 | 7.8 | CVE-2023-29340MISC |
microsoft — av1_video_extension | AV1 Video Extension Remote Code Execution Vulnerability | 2023-05-09 | 7.8 | CVE-2023-29341MISC |
microsoft — windows_sysmon | SysInternals Sysmon for Windows Elevation of Privilege Vulnerability | 2023-05-09 | 7.8 | CVE-2023-29343MISC |
siemens — solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19561) | 2023-05-09 | 7.8 | CVE-2023-30986MISC |
tortall — yasm | yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. | 2023-05-09 | 7.8 | CVE-2023-31972MISC |
tortall — yasm | yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. | 2023-05-09 | 7.8 | CVE-2023-31973MISC |
tortall — yasm | yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. | 2023-05-09 | 7.8 | CVE-2023-31974MISC |
ibm — qradar_data_synchronization | IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370. | 2023-05-06 | 7.5 | CVE-2022-22313MISCMISC |
arubanetworks — arubaos | An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. | 2023-05-08 | 7.5 | CVE-2023-22787MISC |
microsoft — windows_server_2022 | Windows SMB Denial of Service Vulnerability | 2023-05-09 | 7.5 | CVE-2023-24898MISC |
microsoft — multiple_products | Windows NFS Portmapper Information Disclosure Vulnerability | 2023-05-09 | 7.5 | CVE-2023-24901MISC |
microsoft — multiple_products | Server for NFS Denial of Service Vulnerability | 2023-05-09 | 7.5 | CVE-2023-24939MISC |
microsoft — multiple_products | Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability | 2023-05-09 | 7.5 | CVE-2023-24940MISC |
microsoft — multiple_products | Remote Procedure Call Runtime Denial of Service Vulnerability | 2023-05-09 | 7.5 | CVE-2023-24942MISC |
ibm — mq_appliance | IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418. | 2023-05-05 | 7.5 | CVE-2023-26285MISCMISC |
microsoft — multiple_products | Microsoft Word Security Feature Bypass Vulnerability | 2023-05-09 | 7.5 | CVE-2023-29335MISC |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-05-05 | 7.5 | CVE-2023-29350MISC |
netentsec — application_security_gateway | Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information. | 2023-05-05 | 7.5 | CVE-2023-30243MISCMISC |
linuxfoundation — rekor | Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds. | 2023-05-08 | 7.5 | CVE-2023-30551MISCMISCMISC |
pimcore — pimcore | Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with the SQL Injection, the exported data `RESTRICTED DIFFUSION 9 / 9` can be controlled and a webshell can be uploaded. Attackers can use that to execute arbitrary PHP code on the server with the permissions of the webserver. Users may upgrade to version 10.5.18 to receive a patch or, as a workaround, apply the patch manually. | 2023-05-08 | 7.5 | CVE-2023-30855MISCMISCMISC |
wjjsoft — innokb | WJJ Software – InnoKB Server, InnoKB/Console 2.2.1 – CWE-22: Path Traversal | 2023-05-08 | 7.5 | CVE-2023-31181MISC |
ghost — ghost | Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme’s folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. | 2023-05-05 | 7.5 | CVE-2023-32235MISCMISC |
vk.company — mymail | The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server. | 2023-05-07 | 7.5 | CVE-2023-32290MISCMISCMISC |
microsoft — multiple_products | Windows Bluetooth Driver Elevation of Privilege Vulnerability | 2023-05-09 | 7.4 | CVE-2023-24948MISC |
cmsmadesimple — cms_made_simple | File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. | 2023-05-08 | 7.2 | CVE-2021-28998MISCMISC |
fastlinemedia — customizer_export\/import | The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present | 2023-05-08 | 7.2 | CVE-2023-1347MISC |
basixonline — nex-forms | The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query. | 2023-05-08 | 7.2 | CVE-2023-2114MISCMISC |
microsoft — multiple_products | Microsoft SharePoint Server Remote Code Execution Vulnerability | 2023-05-09 | 7.2 | CVE-2023-24955MISC |
bumsys_project — bumsys | External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0. | 2023-05-05 | 7.2 | CVE-2023-2554CONFIRMMISC |
sap — businessobjects_business_intelligence | SAP BusinessObjects Business Intelligence Platform – versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable. | 2023-05-09 | 7.2 | CVE-2023-28762MISCMISC |
siemens — simatic_cloud_connect_7 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. | 2023-05-09 | 7.2 | CVE-2023-28832MISC |
s-cms — s-cms | S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. | 2023-05-05 | 7.2 | CVE-2023-29963MISC |
microsoft — windows_server_2008 | Windows Installer Elevation of Privilege Vulnerability | 2023-05-09 | 7.1 | CVE-2023-24904MISC |
apple — macos | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory | 2023-05-08 | 7.1 | CVE-2023-27968MISC |
microsoft — windows_server_2008 | Windows Graphics Component Elevation of Privilege Vulnerability | 2023-05-09 | 7 | CVE-2023-24899MISC |
Medium Vulnerabilities
PrimaryVendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
esri — portal_for_arcgis | There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. | 2023-05-09 | 6.8 | CVE-2023-25832MISCMISC |
microsoft — multiple_products | Secure Boot Security Feature Bypass Vulnerability | 2023-05-09 | 6.7 | CVE-2023-24932MISC |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges | 2023-05-08 | 6.7 | CVE-2023-27933MISCMISCMISCMISCMISC |
linux — linux_kernel | An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. | 2023-05-05 | 6.7 | CVE-2023-32269MISCMISC |
beescms — beescms | Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php. | 2023-05-08 | 6.5 | CVE-2020-22334MISCMISC |
ibm — mq_appliance | IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354. | 2023-05-05 | 6.5 | CVE-2022-43919MISCMISC |
enable\/disable_auto_login_when_register_project — enable\/disable_auto_login_when_register | The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2023-05-08 | 6.5 | CVE-2023-0522MISC |
google — web_stories | The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the “Author” role can create stories, but don’t have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin’s own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 | 2023-05-08 | 6.5 | CVE-2023-1979MISCMISC |
apple — iphone_os | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory | 2023-05-08 | 6.5 | CVE-2023-23528MISCMISC |
microsoft — multiple_products | Windows Bluetooth Driver Information Disclosure Vulnerability | 2023-05-09 | 6.5 | CVE-2023-24944MISC |
microsoft — sharepoint | Microsoft SharePoint Server Spoofing Vulnerability | 2023-05-09 | 6.5 | CVE-2023-24950MISC |
microsoft — sharepoint | Microsoft SharePoint Server Information Disclosure Vulnerability | 2023-05-09 | 6.5 | CVE-2023-24954MISC |
apple — macos | The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information | 2023-05-08 | 6.5 | CVE-2023-27954MISCMISCMISCMISCMISCMISCMLIST |
apple — macos | A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service | 2023-05-08 | 6.5 | CVE-2023-28180MISC |
microsoft — multiple_products | Windows MSHTML Platform Security Feature Bypass Vulnerability | 2023-05-09 | 6.5 | CVE-2023-29324MISC |
struktur — libheif | A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. | 2023-05-05 | 6.5 | CVE-2023-29659MISCFEDORAFEDORA |
apple — xcode | This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3. A sandboxed app may be able to collect system logs | 2023-05-08 | 6.3 | CVE-2023-27945MISC |
external_media_without_import_project — external_media_without_import | A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability. | 2023-05-05 | 6.1 | CVE-2017-20183MISCMISCMISCMISC |
5none — nonecms | Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature. | 2023-05-08 | 6.1 | CVE-2020-18282MISCMISC |
ipandao — editor.md | Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values. | 2023-05-08 | 6.1 | CVE-2020-19660MISCMISC |
typecho — typecho | Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php. | 2023-05-08 | 6.1 | CVE-2020-21038MISCMISC |
squirrly — seo_plugin | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions. | 2023-05-08 | 6.1 | CVE-2022-45065MISC |
i13websolution — easy_testimonial_slider_and_form | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.15 versions. | 2023-05-08 | 6.1 | CVE-2022-46799MISC |
jazzcash — woocommerce_jazzcash_gateway | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Development Team WooCommerce JazzCash Gateway Plugin plugin <= 2.0 versions. | 2023-05-09 | 6.1 | CVE-2022-46822MISC |
product_specifications_for_woocommerce_project — product_specifications_for_woocommerce | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin <= 0.6.0 versions. | 2023-05-09 | 6.1 | CVE-2022-46858MISC |
woocommerce_custom_checkout_fields_editor_with_drag_\&_drop_project — woocommerce_custom_checkout_fields_editor_with_drag_\&_drop | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin <= 0.1 versions. | 2023-05-09 | 6.1 | CVE-2022-46864MISC |
rocketapps — open_graphite | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions. | 2023-05-08 | 6.1 | CVE-2022-47439MISC |
artisanworkshop — japanized_for_woocommerce | The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | 2023-05-08 | 6.1 | CVE-2023-0948MISC |
quantumcloud — ai_chatbot | The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them. | 2023-05-08 | 6.1 | CVE-2023-1011MISC |
quantumcloud — ai_chatbot | The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard | 2023-05-08 | 6.1 | CVE-2023-1660MISC |
wpinventory — wp_inventory_manager | The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. | 2023-05-08 | 6.1 | CVE-2023-1806MISC |
return_and_warranty_management_system_for_woocommerce_project — return_and_warranty_management_system_for_woocommerce | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions. | 2023-05-08 | 6.1 | CVE-2023-22710MISC |
newbinggogo_project — newbinggogo | A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167. | 2023-05-06 | 6.1 | CVE-2023-2560MISCMISCMISC |
multi_language_hotel_management_software_project — multi_language_hotel_management_software | A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complaint_type with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228172. | 2023-05-07 | 6.1 | CVE-2023-2565MISCMISCMISC |
esri — portal_for_arcgis | There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | 2023-05-09 | 6.1 | CVE-2023-25829MISCMISC |
esri — portal_for_arcgis | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | 2023-05-09 | 6.1 | CVE-2023-25830MISCMISC |
esri — portal_for_arcgis | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | 2023-05-09 | 6.1 | CVE-2023-25831MISCMISC |
wjjsoft — innokb | WJJ Software – InnoKB Server, InnoKB/Console 2.2.1 – Reflected cross-site scripting (RXSS) through an unspecified request. | 2023-05-08 | 6.1 | CVE-2023-31180MISC |
cybonet — pineapp_mail_secure | Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint. | 2023-05-08 | 6.1 | CVE-2023-31183MISC |
chamilo — chamilo_lms | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter. | 2023-05-09 | 6.1 | CVE-2023-31801MISCMISC |
siemens — simatic_cloud_connect_7 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web-based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has write access to, or to download any file the Linux user `ccuser` has read-only access to. | 2023-05-09 | 6 | CVE-2023-29104MISC |
microsoft— multiple_products | Windows NTLM Security Support Provider Information Disclosure Vulnerability | 2023-05-09 | 5.9 | CVE-2023-24900MISC |
sap — businessobjects | SAP BusinessObjects Platform – versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system. | 2023-05-09 | 5.9 | CVE-2023-28764MISCMISC |
siemens — simatic_cloud_connect_7 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS). | 2023-05-09 | 5.9 | CVE-2023-29105MISC |
ibm — cloud_pak_system | IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290. | 2023-05-05 | 5.5 | CVE-2020-4914MISCMISC |
google — android | In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed. | 2023-05-09 | 5.5 | CVE-2022-38685MISC |
ibm — cognos_command_center | IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179. | 2023-05-05 | 5.5 | CVE-2022-38707MISCMISC |
ibm — urbancode_deploy | IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. | 2023-05-06 | 5.5 | CVE-2022-43877MISCMISC |
google — android | In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-44419MISC |
google — android | In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-44420MISC |
google — android | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-47490MISC |
google — android | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-47492MISC |
google — android | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-47493MISC |
google — android | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-48231MISC |
google — android | In FM service, there is a possible missing params check. This could lead to local denial of service in FM service. | 2023-05-09 | 5.5 | CVE-2022-48232MISC |
google — android | In FM service, there is a possible missing params check. This could lead to local denial of service in FM service. | 2023-05-09 | 5.5 | CVE-2022-48233MISC |
google — android | In FM service, there is a possible missing params check. This could lead to local denial of service in FM service. | 2023-05-09 | 5.5 | CVE-2022-48234MISC |
google — android | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-48241MISC |
google — android | In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-48242MISC |
google — android | In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-48370MISC |
google — android | In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-48371MISC |
google — android | In contacts service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-48375MISC |
google — android | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-48376MISC |
google — android | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-48377MISC |
google — android | In engineermode service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-48378MISC |
google — android | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | 2023-05-09 | 5.5 | CVE-2022-48379MISC |
ibm — mq_appliance | IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216. | 2023-05-05 | 5.5 | CVE-2023-22874MISCMISC |
apple — macos | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. A user may gain access to protected parts of the file system | 2023-05-08 | 5.5 | CVE-2023-23527MISCMISCMISCMISCMISCMISC |
apple — macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system | 2023-05-08 | 5.5 | CVE-2023-23533MISCMISC |
apple — macos | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5. Processing a maliciously crafted image may result in disclosure of process memory | 2023-05-08 | 5.5 | CVE-2023-23534MISCMISC |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory | 2023-05-08 | 5.5 | CVE-2023-23535MISCMISCMISCMISCMISCMISC |
apple — macos | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information | 2023-05-08 | 5.5 | CVE-2023-23537MISCMISCMISCMISCMISC |
apple — macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system | 2023-05-08 | 5.5 | CVE-2023-23538MISCMISC |
microsoft— multiple_products | Windows iSCSI Target Service Information Disclosure Vulnerability | 2023-05-09 | 5.5 | CVE-2023-24945MISC |
apple — iphone_os | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory | 2023-05-08 | 5.5 | CVE-2023-27929MISCMISCMISCMISC |
apple — iphone_os | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data | 2023-05-08 | 5.5 | CVE-2023-27931MISCMISCMISCMISCCONFIRMCONFIRM |
apple — iphone_os | This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy | 2023-05-08 | 5.5 | CVE-2023-27932MISCMISCMISCMISCMISCMLIST |
apple — macos | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to disclose kernel memory | 2023-05-08 | 5.5 | CVE-2023-27941MISCMISCCONFIRM |
apple — macos | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data | 2023-05-08 | 5.5 | CVE-2023-27942MISCMISCMISCMISCMISCCONFIRM |
apple — iphone_os | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag applied | 2023-05-08 | 5.5 | CVE-2023-27943MISCMISC |
apple — macos | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper | 2023-05-08 | 5.5 | CVE-2023-27951MISCMISCMISC |
apple — macos | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4. An app may be able to read arbitrary files | 2023-05-08 | 5.5 | CVE-2023-27955MISCMISCMISCMISC |
apple — macos | Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user information | 2023-05-08 | 5.5 | CVE-2023-27961MISCMISCMISCMISCMISCMISC |
apple — macos | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to view sensitive information | 2023-05-08 | 5.5 | CVE-2023-28189MISCCONFIRM |
apple — macos | A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data | 2023-05-08 | 5.5 | CVE-2023-28190MISC |
apple — macos | A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information | 2023-05-08 | 5.5 | CVE-2023-28192MISCMISCMISC |
apple — macos | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory | 2023-05-08 | 5.5 | CVE-2023-28200MISCMISCMISCMISC |
microsoft— multiple_products | Windows Driver Revocation List Security Feature Bypass Vulnerability | 2023-05-09 | 5.5 | CVE-2023-28251MISC |
adobe — substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 5.5 | CVE-2023-29277MISC |
adobe — substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 5.5 | CVE-2023-29279MISC |
adobe — substance_3d_painter | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-05-11 | 5.5 | CVE-2023-29286MISC |
llvm — llvm | llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand. | 2023-05-05 | 5.5 | CVE-2023-29932MISC |
llvm — llvm | llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument. | 2023-05-05 | 5.5 | CVE-2023-29933MISC |
llvm — llvm | llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect(). | 2023-05-05 | 5.5 | CVE-2023-29934MISC |
llvm — llvm | llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && “operation was already replaced. | 2023-05-05 | 5.5 | CVE-2023-29935MISC |
llvm — llvm | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr). | 2023-05-05 | 5.5 | CVE-2023-29939MISC |
llvm — llvm | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp. | 2023-05-05 | 5.5 | CVE-2023-29941MISC |
llvm — llvm | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType. | 2023-05-05 | 5.5 | CVE-2023-29942MISC |
ibm — spectrum_scale | IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. | 2023-05-05 | 5.5 | CVE-2023-30434MISCMISCMISC |
rymera — wholesale_suite | Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions. | 2023-05-09 | 5.4 | CVE-2022-41640MISC |
ibm — maximo_asset_management | IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436. | 2023-05-05 | 5.4 | CVE-2022-43866MISCMISC |
exxp_project — exxp | Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Lees Exxp plugin <= 2.6.8 versions. | 2023-05-08 | 5.4 | CVE-2022-45812MISC |
pixelgrade — pixfields | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions. | 2023-05-09 | 5.4 | CVE-2022-46844MISC |
topdigitaltrends — ultimate_carousel_for_wpbakery_page_builder | The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-05-08 | 5.4 | CVE-2023-0267MISC |
topdigitaltrends — mega_addons_for_wpbakery_page_builder | The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-05-08 | 5.4 | CVE-2023-0268MISC |
topdigitaltrends — ultimate_carousel_for_elementor | The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-05-08 | 5.4 | CVE-2023-0280MISC |
quantumcloud — ai_chatbot | The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS | 2023-05-08 | 5.4 | CVE-2023-1651MISC |
timersys — wp_popups | The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003 | 2023-05-08 | 5.4 | CVE-2023-1905MISC |
convertbox — convertbox_auto_embed | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <= 1.0.19 versions. | 2023-05-09 | 5.4 | CVE-2023-23664MISC |
givewp — givewp | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions. | 2023-05-08 | 5.4 | CVE-2023-23668MISC |
vertical_scroll_recent_post_project — vertical_scroll_recent_post | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <= 14.0 versions. | 2023-05-09 | 5.4 | CVE-2023-23862MISC |
surbma — gdpr_proof_cookie_consent_\&_notice_bar | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions. | 2023-05-08 | 5.4 | CVE-2023-23894MISC |
hu-manity — cookie_notice_\&_compliance_for_gdpr_\/_ccpa | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.4.6 versions. | 2023-05-07 | 5.4 | CVE-2023-24400MISC |
lightspeedhq — ecwid_ecommerce_shopping_cart | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions. | 2023-05-08 | 5.4 | CVE-2023-24408MISC |
teampass — teampass | Cross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | 2023-05-05 | 5.4 | CVE-2023-2516MISCCONFIRM |
bumsys_project — bumsys | Cross-site Scripting (XSS) – Stored in GitHub repository unilogies/bumsys prior to 2.2.0. | 2023-05-05 | 5.4 | CVE-2023-2553CONFIRMMISC |
teampass — teampass | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | 2023-05-09 | 5.4 | CVE-2023-2591CONFIRMMISC |
pimcore — pimcore | Cross-site Scripting (XSS) – Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-05-10 | 5.4 | CVE-2023-2616MISCCONFIRM |
machothemes — newsmag | Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions. | 2023-05-08 | 5.4 | CVE-2023-28493MISC |
sap — customer_relationship_management_webclient_ui | SAP CRM WebClient UI – versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data. | 2023-05-09 | 5.4 | CVE-2023-29188MISCMISC |
apache — airflow | Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0. | 2023-05-08 | 5.4 | CVE-2023-29247MISCMISCMISC |
monicahq — monica | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. | 2023-05-08 | 5.4 | CVE-2023-30787MISCMISC |
monicahq — monica | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter. | 2023-05-08 | 5.4 | CVE-2023-30788MISCMISC |
monicahq — monica | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter. | 2023-05-08 | 5.4 | CVE-2023-30789MISCMISC |
monicahq — monica | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. | 2023-05-08 | 5.4 | CVE-2023-30790MISCMISC |
chamilo — chamilo_lms | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter. | 2023-05-09 | 5.4 | CVE-2023-31800MISCMISC |
chamilo — chamilo_lms | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters. | 2023-05-09 | 5.4 | CVE-2023-31802MISCMISC |
chamilo — chamilo_lms | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. | 2023-05-09 | 5.4 | CVE-2023-31804MISCMISC |
chamilo — chamilo_lms | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. | 2023-05-09 | 5.4 | CVE-2023-31806MISCMISC |
chamilo — chamilo_lms | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. | 2023-05-09 | 5.4 | CVE-2023-31807MISCMISC |
apple — iphone_os | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-service | 2023-05-08 | 5.3 | CVE-2023-23494MISC |
microsoft — remote_desktop | Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability | 2023-05-09 | 5.3 | CVE-2023-28290MISC |
siemens — simatic_cloud_connect_7 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint. | 2023-05-09 | 5.3 | CVE-2023-29106MISC |
siemens — simatic_cloud_connect_7 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources. | 2023-05-09 | 5.3 | CVE-2023-29107MISC |
microsoft — visual_studio_code | Visual Studio Code Information Disclosure Vulnerability | 2023-05-09 | 5 | CVE-2023-29338MISC |
mipcms — mipcms | Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit. | 2023-05-08 | 4.8 | CVE-2020-18132MISCMISC |
wsb_brands_project — wsb_brands | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions. | 2023-05-08 | 4.8 | CVE-2022-47437MISC |
wp_login_box_project — wp_login_box | The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-05-08 | 4.8 | CVE-2023-0544MISC |
byconsole — pickup_\|_delivery_\|_dine-in_date_time | The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-05-08 | 4.8 | CVE-2023-0894MISC |
quantumcloud — ai_chatbot | The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-05-08 | 4.8 | CVE-2023-1649MISC |
arubanetworks — arubaos | A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker. | 2023-05-08 | 4.8 | CVE-2023-22791MISC |
disqus_conditional_load_project — disqus_conditional_load | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <= 11.0.6 versions. | 2023-05-09 | 4.8 | CVE-2023-23732MISC |
lazy_social_comments_project — lazy_social_comments | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Lazy Social Comments plugin <= 2.0.4 versions. | 2023-05-09 | 4.8 | CVE-2023-23733MISC |
userlike — userlike | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin <= 2.2 versions. | 2023-05-09 | 4.8 | CVE-2023-23734MISC |
8web — read_more_without_refresh | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions. | 2023-05-09 | 4.8 | CVE-2023-23793MISC |
blackandwhitedigital — treepress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions. | 2023-05-09 | 4.8 | CVE-2023-23863MISC |
wp_content_filter_-_censor_all_offensive_content_from_your_site_project — wp_content_filter_-_censor_all_offensive_content_from_your_site | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Gwyer WP Content Filter plugin <= 3.0.1 versions. | 2023-05-09 | 4.8 | CVE-2023-23883MISC |
kanbanwp — kanban_boards_for_wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions. | 2023-05-09 | 4.8 | CVE-2023-23884MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | 2023-05-05 | 4.8 | CVE-2023-2427MISCCONFIRM |
usbmemorydirect — simple_custom_author_profiles | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions. | 2023-05-09 | 4.8 | CVE-2023-24372MISC |
wp_simple_events_project — wp_simple_events | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions. | 2023-05-08 | 4.8 | CVE-2023-24376MISC |
fareharbor — fareharbor | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FareHarbor FareHarbor for WordPress plugin <= 3.6.6 versions. | 2023-05-08 | 4.8 | CVE-2023-25021MISC |
te-st — yandex.news_feed_by_teplitsa | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa Yandex.News Feed by Teplitsa plugin <= 1.12.5 versions. | 2023-05-08 | 4.8 | CVE-2023-25052MISC |
cms_press_project — cms_press | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions. | 2023-05-08 | 4.8 | CVE-2023-25452MISC |
jch_optimize_project — jch_optimize | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Samuel Marshall JCH Optimize plugin <= 3.2.2 versions. | 2023-05-06 | 4.8 | CVE-2023-25491MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | 2023-05-05 | 4.8 | CVE-2023-2550MISCCONFIRM |
open-emr — openemr | Cross-site Scripting (XSS) – Stored in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-08 | 4.8 | CVE-2023-2566MISCCONFIRM |
plugin-planet — dashboard_widget_suite | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 versions. | 2023-05-06 | 4.8 | CVE-2023-26517MISC |
publish_to_schedule_project — publish_to_schedule | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.5.4 versions. | 2023-05-06 | 4.8 | CVE-2023-26519MISC |
easy_event_calendar_project — easy_event_calendar | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <= 1.0 versions. | 2023-05-08 | 4.8 | CVE-2023-28169MISC |
chamilo — chamilo_lms | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. | 2023-05-09 | 4.8 | CVE-2023-31799MISCMISC |
chamilo — chamilo_lms | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters. | 2023-05-09 | 4.8 | CVE-2023-31803MISCMISC |
chamilo — chamilo_lms | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function. | 2023-05-09 | 4.8 | CVE-2023-31805MISCMISC |
apple — macos | A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks | 2023-05-08 | 4.7 | CVE-2023-27952MISC |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2023-05-05 | 4.7 | CVE-2023-29354MISC |
esri — portal_arcgis | Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access. | 2023-05-09 | 4.6 | CVE-2023-25834MISCMISC |
google — android | In mlog service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-39089MISC |
google — android | In phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-47334MISC |
google — android | In MP3 encoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-48235MISC |
google — android | In MP3 encoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-48236MISC |
google — android | In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-48237MISC |
google — android | In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-48238MISC |
google — android | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-48239MISC |
google — android | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-48240MISC |
google — android | In bootcp service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-48372MISC |
google — android | In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-48373MISC |
google — android | In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-48374MISC |
google — android | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-48380MISC |
google — android | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-48381MISC |
google — android | In log service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | 4.4 | CVE-2022-48382MISC |
siemens — simatic_cloud_connect_7 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data. | 2023-05-09 | 4.3 | CVE-2023-29103MISC |
esri — portal_for_arcgis | There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). | 2023-05-10 | 4.1 | CVE-2023-25833MISCMISC |
Low Vulnerabilities
PrimaryVendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
siemens — simatic_cloud_connect_7 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web-based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to write any file with the extension `.db`. | 2023-05-09 | 3.8 | CVE-2023-29128MISC |
answer — answer | Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9. | 2023-05-09 | 3.5 | CVE-2023-2590CONFIRMMISC |
apple — iphone_os | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup | 2023-05-08 | 3.3 | CVE-2023-23523MISCMISC |
siemens — scalance_lp9403 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects. | 2023-05-09 | 3.3 | CVE-2023-27408MISC |
microsoft — multiple_products | Microsoft Access Denial of Service Vulnerability | 2023-05-09 | 3.3 | CVE-2023-29333MISC |
siemens — solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426) | 2023-05-09 | 3.3 | CVE-2023-30985MISC |
siemens — scalance_lp9403 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the `edgebox_web_app` binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged attacker to cause a denial of service. | 2023-05-09 | 2.7 | CVE-2023-27410MISC |
siemens — scalance_lp9403 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the `deviceinfo` binary via the `mac` parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file named `address`. | 2023-05-09 | 2.5 | CVE-2023-27409MISC |
Severity Not Yet Assigned
PrimaryVendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
loadbalancer — enterprise_va_max | The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files. | 2023-05-12 | not yet calculated | CVE-2020-13377MISCMISC |
loadbalancer — enterprise_va_max | Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code. | 2023-05-12 | not yet calculated | CVE-2020-13378MISCMISC |
phodal — cmd | Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function. | 2023-05-09 | not yet calculated | CVE-2020-18280MISC |
shop_cms — yershop | Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter. | 2023-05-09 | not yet calculated | CVE-2020-23362MISC |
verytops — verydows | Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script. | 2023-05-09 | not yet calculated | CVE-2020-23363MISC |
amd — multiple_products | Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity. |
2023-05-09 | not yet calculated | CVE-2021-26354MISCMISC |
amd — multiple_products | A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. | 2023-05-09 | not yet calculated | CVE-2021-26356MISCMISC |
amd — multiple_products | Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents. |
2023-05-09 | not yet calculated | CVE-2021-26365MISC |
amd — multiple_products | A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. |
2023-05-09 | not yet calculated | CVE-2021-26371MISCMISC |
amd — multiple_products | Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. |
2023-05-09 | not yet calculated | CVE-2021-26379MISC |
amd — 3rd_gen_amd_epyc | Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability. |
2023-05-09 | not yet calculated | CVE-2021-26397MISC |
amd — multiple_products | Insufficient validation in parsing Owner’s Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service. |
2023-05-09 | not yet calculated | CVE-2021-26406MISCMISC |
cms — made_simple | SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. | 2023-05-08 | not yet calculated | CVE-2021-28999MISCMISC |
sqlite — sqlite3 | An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. | 2023-05-09 | not yet calculated | CVE-2021-31239MISCMISCMISC |
libming — libming | An issue found in libming v.0.4.8 allows a local attacker to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c file. | 2023-05-09 | not yet calculated | CVE-2021-31240MISC |
trippo — responsivefilemanager | Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file. | 2023-05-09 | not yet calculated | CVE-2021-31711MISC |
phpok — phpok | File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. | 2023-05-11 | not yet calculated | CVE-2021-34076MISC |
ibm — cognos_analytics | IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966. | 2023-05-12 | not yet calculated | CVE-2021-39036MISCMISC |
electronics_and_telecommunications_research_institute — shieldstore | A buffer overflow in the component /Enclave.cpp of Electronics and Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc allows attackers to cause an information leak via a crafted structure from an untrusted operating system. | 2023-05-09 | not yet calculated | CVE-2021-44283MISCMISCMISCMISC |
en3rgy — webcamserver | Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file. | 2023-05-10 | not yet calculated | CVE-2021-45345MISCMISCMISC |
amd – multiple_products | Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. |
2023-05-09 | not yet calculated | CVE-2021-46749MISC |
amd – multiple_products | Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity. |
2023-05-09 | not yet calculated | CVE-2021-46753MISC |
amd – multiple_products | Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity. |
2023-05-09 | not yet calculated | CVE-2021-46754MISC |
amd – multiple_products | Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service. |
2023-05-09 | not yet calculated | CVE-2021-46755MISC |
amd – multiple_products | Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity. |
2023-05-09 | not yet calculated | CVE-2021-46756MISCMISC |
amd – multiple_products | Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity. |
2023-05-09 | not yet calculated | CVE-2021-46759MISC |
amd – multiple_products | A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution. | 2023-05-09 | not yet calculated | CVE-2021-46760MISC |
amd – multiple_products | Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service. | 2023-05-09 | not yet calculated | CVE-2021-46762MISC |
amd – multiple_products | Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity. | 2023-05-09 | not yet calculated | CVE-2021-46763MISC |
amd – multiple_products | Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service. | 2023-05-09 | not yet calculated | CVE-2021-46764MISC |
amd – multiple_products | Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service. |
2023-05-09 | not yet calculated | CVE-2021-46765MISC |
amd – multiple_products | Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution. |
2023-05-09 | not yet calculated | CVE-2021-46769MISC |
amd – multiple_products | Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. |
2023-05-09 | not yet calculated | CVE-2021-46773MISC |
amd – multiple_products | Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution. |
2023-05-09 | not yet calculated | CVE-2021-46775MISC |
amd – multiple_products | Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service. | 2023-05-09 | not yet calculated | CVE-2021-46792MISC |
amd – multiple_products | Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. |
2023-05-09 | not yet calculated | CVE-2021-46794MISC |
intel — hdmi_firmware_update_tool | Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-21162MISC |
intel — qat_driver_windows | Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2022-21239MISC |
intel — qat_driver_windows | Out-of-bounds write in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-21804MISC |
amd — 3rd_gen_amd_epyc | Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity. | 2023-05-09 | not yet calculated | CVE-2022-23818MISC |
intel — intel_vroc_software | Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access. | 2023-05-10 | not yet calculated | CVE-2022-25976MISC |
intel — intel_maccpuid_software | Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-27180MISC |
wordpress — wordpress | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atlas Gondal Export All URLs plugin <= 4.1 versions. | 2023-05-10 | not yet calculated | CVE-2022-27856MISC |
intel — nuc_bios | Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-28699MISC |
intel — vroc_software | Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-29508MISC |
western_digital — my_cloud_os_5 | Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server. This issue affects My Cloud OS 5 devices before 5.26.202. | 2023-05-10 | not yet calculated | CVE-2022-29840MISC |
western_digital — my_cloud_os_5 | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices. This issue affects My Cloud OS 5: before 5.26.119. | 2023-05-10 | not yet calculated | CVE-2022-29841MISC |
western_digital — my_cloud_os_5 | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119. | 2023-05-10 | not yet calculated | CVE-2022-29842MISC |
intel — vroc_software | Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-29919MISC |
intel — vroc_software | Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-30338MISC |
intel — nuc_bios | Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2022-31477MISC |
intel — unite_pligin_sdk | Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-32576MISC |
intel — nuc_kits | Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local access | 2023-05-10 | not yet calculated | CVE-2022-32577MISC |
intel — nuc_pro_software_suite | Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-32578MISC |
intel — multiple_products | Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access. | 2023-05-10 | not yet calculated | CVE-2022-32582MISC |
intel — bios_firmware | Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-32766MISC |
wordpress — wordpress | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <= 1.2.4 versions. | 2023-05-10 | not yet calculated | CVE-2022-32970MISC |
intel — bios_firmaware | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-33894MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WaspThemes Visual CSS Style Editor plugin <= 7.5.8 versions. | 2023-05-10 | not yet calculated | CVE-2022-33961MISC |
intel — unite_client_software | Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-33963MISC |
intel — multiple_products | Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-34147MISC |
intel — nuc_pro_software_suite | Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-34848MISC |
intel — nuc_pro_software_suite | Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-34855MISC |
western_digital — multiple_products | An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. | 2023-05-10 | not yet calculated | CVE-2022-36329MISC |
western_digital — multiple_products | A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability.
This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. |
2023-05-10 | not yet calculated | CVE-2022-36330MISC |
intel — multiple_products | Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-36339MISC |
intel — nuc_pro_software | Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-36391MISC |
facebook — hhvm | HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3.
Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected. |
2023-05-10 | not yet calculated | CVE-2022-36937MISCMISC |
intel — multiple_products | Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2022-37327MISC |
intel — ipp_cryptography_software | Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2022-37409MISC |
intel — irocessors | Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2022-38087MISC |
intel — multiple_products | Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-38101MISC |
intel — nuc_software_studio_service_installer | Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access | 2023-05-10 | not yet calculated | CVE-2022-38103MISC |
intel — fpga | Improper input validation in firmware for some Intel(R) FPGA products before version 2.7.0 Hotfix may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-38787MISC |
octopus — deploy | In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | 2023-05-10 | not yet calculated | CVE-2022-4008MISC |
intel — sur_software | Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-40207MISC |
intel — dcm_software | Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-40210MISC |
intel — dcm_software | Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | 2023-05-10 | not yet calculated | CVE-2022-40685MISC |
intel — hdmi_firmware_update_tool | Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-40971MISC |
intel — qat_drivers | Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-40972MISC |
intel — cryptography_software | Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2022-40974MISC |
wordpress — wordpress | Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access. | 2023-05-10 | not yet calculated | CVE-2022-41610MISC |
intel — qat_drivers | Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2022-41621MISC |
intel — nuc_p144e_laptop_element_software | Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-41628MISC |
intel — cryptography_software | Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2022-41646MISC |
intel — vtune_profiler_software | Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-41658MISC |
intel — intel_nuc_p14e_laptop_element_software_for_windows_10 | Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-41687MISC |
intel — intel_retail_edge_mobile_ios_application | Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-41690MISC |
intel — intel_quartus_prime_pro_edition_software | Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-41693MISC |
intel — intel_qat_drivers_for_windows | Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-41699MISC |
intel — intel_connect_m_android_application | Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-41769MISC |
intel — intel_qat_drivers_for_windows | Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2022-41771MISC |
intel — intel_ofu_software | Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access | 2023-05-10 | not yet calculated | CVE-2022-41784MISC |
intel — intel_connect_m_android_application | Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access. | 2023-05-10 | not yet calculated | CVE-2022-41801MISC |
intel — intel_qat_drivers_for_linux | Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access. | 2023-05-10 | not yet calculated | CVE-2022-41808MISC |
intel — intel_dcm_software | Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | 2023-05-10 | not yet calculated | CVE-2022-41979MISC |
intel — intel_vtune_tmprofiler_software | Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-41982MISC |
weston_embedded — uc-ftps | An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | 2023-05-10 | not yet calculated | CVE-2022-41985MISCMISC |
intel — intel_dcm_software | Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-41998MISC |
intel — intel_ofu_software | Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-42465MISC |
intel — intel_trace_analyzer_and_collector_software | Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2022-42878MISC |
intel — intel_scs_software | Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access. | 2023-05-10 | not yet calculated | CVE-2022-43465MISC |
intel — dsp_builder_software_installer_for_intel_fpgas_pro_edition | Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-43474MISC |
intel — intel_dcm_software | Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-43475MISC |
intel — intel_qat_engine_for_openssl | Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access. | 2023-05-10 | not yet calculated | CVE-2022-43507MISC |
unisoc — multiple_products | In phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | not yet calculated | CVE-2022-44433MISC |
intel — intel_dcm_software | Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | 2023-05-10 | not yet calculated | CVE-2022-44610MISC |
intel — intel_dcm_software | Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-44619MISC |
intel — intel_ema_software | Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access. | 2023-05-10 | not yet calculated | CVE-2022-45128MISC |
wordpress — wordpress | The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in. | 2023-05-09 | not yet calculated | CVE-2022-4537MISCMISCMISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro for WordPress – Interactive SVG Image Map Builder plugin < 5.6.9 versions. | 2023-05-10 | not yet calculated | CVE-2022-45846MISC |
intel — intel_retail_edge_android_application | Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2022-46279MISC |
weston_embedded — uc-ftps | An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability. This vulnerability occurs when no IP address argument is provided to the `PORT` command. | 2023-05-10 | not yet calculated | CVE-2022-46377MISCMISC |
weston_embedded — uc-ftps | An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability. This vulnerability occurs when no port argument is provided to the `PORT` command. | 2023-05-10 | not yet calculated | CVE-2022-46378MISCMISC |
intel — intel_smart_campus_android_application | Uncontrolled resource consumption in the Intel(R) Smart Campus Android application before version 9.9 may allow an authenticated user to potentially enable denial of service via local access. | 2023-05-10 | not yet calculated | CVE-2022-46645MISC |
intel — intel_nuc_pro_software_suite | Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2022-46656MISC |
apple — macos | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandbox | 2023-05-08 | not yet calculated | CVE-2022-46720MISCMISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyzoo Flyzoo Chat plugin <= 2.3.3 versions. | 2023-05-10 | not yet calculated | CVE-2022-46817MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Continuous announcement scroller plugin <= 13.0 versions. | 2023-05-10 | not yet calculated | CVE-2022-46819MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia Imtiaz Custom Login Page Styler for WordPress plugin <= 6.2 versions. | 2023-05-10 | not yet calculated | CVE-2022-46861MISC |
yonque — phpok_v6.3 | PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. | 2023-05-11 | not yet calculated | CVE-2022-47129MISCMISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPManageNinja LLC Ninja Tables plugin <= 4.3.4 versions. | 2023-05-10 | not yet calculated | CVE-2022-47137MISC |
unisoc — multiple_products | In h265 codec firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges. | 2023-05-09 | not yet calculated | CVE-2022-47340MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. | 2023-05-10 | not yet calculated | CVE-2022-47423MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MantraBrain Yatra plugin <= 2.1.14 versions. | 2023-05-10 | not yet calculated | CVE-2022-47436MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.10 versions. | 2023-05-10 | not yet calculated | CVE-2022-47441MISC |
unisoc — multiple_products | In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47469MISC |
unisoc — multiple_products | In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47470MISC |
unisoc — multiple_products | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47485MISC |
unisoc — multiple_products | In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47486MISC |
unisoc — multiple_products | In thermal service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service local denial of service with no additional execution privileges. | 2023-05-09 | not yet calculated | CVE-2022-47487MISC |
unisoc — multiple_products | In spipe drive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47488MISC |
unisoc — multiple_products | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47489MISC |
unisoc — multiple_products | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47491MISC |
unisoc — multiple_products | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47494MISC |
unisoc — multiple_products | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47495MISC |
unisoc — multiple_products | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47496MISC |
unisoc — multiple_products | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47497MISC |
unisoc — multiple_products | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47498MISC |
unisoc — multiple_products | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-47499MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.5 versions. | 2023-05-10 | not yet calculated | CVE-2022-47587MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions. | 2023-05-10 | not yet calculated | CVE-2022-47590MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Mass Email To users plugin <= 1.1.4 versions. | 2023-05-10 | not yet calculated | CVE-2022-47600MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Stephenson WP-CORS plugin <= 0.2.1 versions. | 2023-05-10 | not yet calculated | CVE-2022-47606MISC |
jedox — rtn_directory | A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the ‘rtn’ directory and execute its methods. | 2023-05-12 | not yet calculated | CVE-2022-47879MISCMISC |
jedox — test_connection_function | An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections’ cleartext password via the ‘test connection’ function. | 2023-05-12 | not yet calculated | CVE-2022-47880MISCMISC |
vinteo_vcc — conference_parameter | Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user’s browser. | 2023-05-12 | not yet calculated | CVE-2022-48020MISCMISCMISC |
unisoc — multiple_products | In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-48385MISC |
unisoc — multiple_products | the apipe driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-48386MISC |
unisoc — multiple_products | the apipe driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-48387MISC |
unisoc — multiple_products | In powerEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | 2023-05-09 | not yet calculated | CVE-2022-48388MISC |
unisoc — multiple_products | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2023-05-09 | not yet calculated | CVE-2022-48389MISC |
palo_alto_networks — pan_os | A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed. | 2023-05-10 | not yet calculated | CVE-2023-0007MISC |
palo_alto_networks — pan_os | A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. | 2023-05-10 | not yet calculated | CVE-2023-0008MISC |
wordpress — wordpress | The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. | 2023-05-08 | not yet calculated | CVE-2023-0421MISC |
wordpress — wordpress | The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-05-08 | not yet calculated | CVE-2023-0514MISC |
wordpress — wordpress | The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-05-08 | not yet calculated | CVE-2023-0526MISC |
wordpress — wordpress | The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-05-08 | not yet calculated | CVE-2023-0536MISC |
wordpress — wordpress | The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-05-08 | not yet calculated | CVE-2023-0537MISC |
wordpress — wordpress | The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-05-08 | not yet calculated | CVE-2023-0542MISC |
canon — canon_office/small_office_multifunction_printers_and_laser_printers | Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 2023-05-11 | not yet calculated | CVE-2023-0851MISCMISCMISCMISC |
canon — canon_office/small_office_multifunction_printers_and_laser_printers | Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 2023-05-11 | not yet calculated | CVE-2023-0852MISCMISCMISCMISC |
canon — canon_office/small_office_multifunction_printers_and_laser_printers | Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 2023-05-11 | not yet calculated | CVE-2023-0853MISCMISCMISCMISC |
canon — canon_office/small_office_multifunction_printers_and_laser_printers | Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 2023-05-11 | not yet calculated | CVE-2023-0854MISCMISCMISCMISC |
canon — canon_office/small_office_multifunction_printers_and_laser_printers | Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 2023-05-11 | not yet calculated | CVE-2023-0855MISCMISCMISCMISC |
canon — canon_office/small_office_multifunction_printers_and_laser_printers | Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 2023-05-11 | not yet calculated | CVE-2023-0856MISCMISCMISCMISC |
canon — canon_office/small_office_multifunction_printers_and_laser_printers | Unintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office / Small Office Multifunction Printers and Laser Printers(*) may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 2023-05-11 | not yet calculated | CVE-2023-0857MISCMISCMISCMISC |
canon — canon_office/small_office_multifunction_printers_and_laser_printers | Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 2023-05-11 | not yet calculated | CVE-2023-0858MISCMISCMISCMISC |
canon — canon_office/small_office_multifunction_printers_and_laser_printers | Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*). *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 2023-05-11 | not yet calculated | CVE-2023-0859MISCMISCMISCMISC |
monicahq — monicahq | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter. | 2023-05-08 | not yet calculated | CVE-2023-1031MISCMISC |
netapp — snapcenter | SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user. | 2023-05-12 | not yet calculated | CVE-2023-1096MISC |
wordpress — wordpress | The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 2023-05-08 | not yet calculated | CVE-2023-1408MISC |
cloudflare — circl_go | When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.
The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20. |
2023-05-10 | not yet calculated | CVE-2023-1732MISC |
rockwell_automation — kinetix_5500_drives | Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports. | 2023-05-11 | not yet calculated | CVE-2023-1834MISC |
sdg_technologies — pnpscada_system | The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthorized database access exposes compromised systems to potential manipulation or breach of essential infrastructure data, highlighting the severity of this vulnerability. | 2023-05-12 | not yet calculated | CVE-2023-1934MISC |
cisco — asr_5000_series_software | A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user. There are workarounds that address this vulnerability. |
2023-05-09 | not yet calculated | CVE-2023-20046MISCMISC |
cisco — sd-wan_vmanage | A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.
This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root. |
2023-05-09 | not yet calculated | CVE-2023-20098MISCMISC |
amd — amd_epyc | Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. |
2023-05-09 | not yet calculated | CVE-2023-20520MISC |
amd — amd_epyc | An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity. |
2023-05-09 | not yet calculated | CVE-2023-20524MISC |
vmware — aria_operations | VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. | 2023-05-12 | not yet calculated | CVE-2023-20877MISC |
vmware — aria_operations | VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. | 2023-05-12 | not yet calculated | CVE-2023-20878MISC |
vmware — aria_operations | VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. | 2023-05-12 | not yet calculated | CVE-2023-20879MISC |
openstack — openstack | A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality. | 2023-05-12 | not yet calculated | CVE-2023-2088MISC |
vmware — aria_operations | VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to ‘root’. | 2023-05-12 | not yet calculated | CVE-2023-20880MISC |
axis — axis_os | AXIS OS 11.0.X – 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication, nor can it be used to compromise the device or any customer data. | 2023-05-08 | not yet calculated | CVE-2023-21404MISC |
linux — kernel | A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. | 2023-05-09 | not yet calculated | CVE-2023-2156MISCMISC |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI. | 2023-05-12 | not yet calculated | CVE-2023-2181MISCMISCCONFIRM |
intel — server_board_bmc_firmware | Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-22297MISC |
intel — nuc_bios_firmware | Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-22312MISC |
intel — oneapi_toolkit | Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-22355MISC |
seiko_solutions — skybridge_mb-a100/110 | Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product. | 2023-05-10 | not yet calculated | CVE-2023-22361MISCMISCMISCMISCMISCMISC |
intel — server_board_bmc_firmware | Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2023-22379MISC |
intel — scs_add-on | Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-22440MISC |
seiko solutions — skybridge_series | Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier | 2023-05-10 | not yet calculated | CVE-2023-22441MISCMISCMISCMISCMISCMISC |
intel — server_board_bmc_firmware | Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-22442MISC |
intel — server_board_bmc_firmware | Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access. | 2023-05-10 | not yet calculated | CVE-2023-22443MISC |
intel — open_cas_software_for_linux | Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2023-22447MISC |
intel — server_board_bmc_firmware | Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-22661MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.2 versions. | 2023-05-12 | not yet calculated | CVE-2023-22685MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Custom4Web Affiliate Links Lite plugin <= 2.5 versions. | 2023-05-10 | not yet calculated | CVE-2023-22696MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <= 2.6.2 versions. | 2023-05-10 | not yet calculated | CVE-2023-22711MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions. | 2023-05-11 | not yet calculated | CVE-2023-22720MISC |
western_digital — multiple_products |
A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request. This issue affects My Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; MyCloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126; ibi Web App: before 4.26.0-6126. |
2023-05-08 | not yet calculated | CVE-2023-22813MISC |
schweitzer_engineering_laboratories — multiple_products | A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.
See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details. |
2023-05-10 | not yet calculated | CVE-2023-2310MISC |
synapsoft — pdfocus | Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. | 2023-05-12 | not yet calculated | CVE-2023-23169MISCMISC |
sick — flexi_classic | Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets. | 2023-05-12 | not yet calculated | CVE-2023-23444MISCMISCMISC |
apple — macos/ios/ipados | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | 2023-05-08 | not yet calculated | CVE-2023-23540MISCMISCMISC |
apple — ios/ipados | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts | 2023-05-08 | not yet calculated | CVE-2023-23541MISCMISC |
apple — macos | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive data | 2023-05-08 | not yet calculated | CVE-2023-23542MISCMISCMISC |
apple — macos/ios/ipados | The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A sandboxed app may be able to determine which app is currently using the camera | 2023-05-08 | not yet calculated | CVE-2023-23543MISCMISCMISC |
intel — trace_analyzer_collector_software | Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-23569MISC |
intel — unite_android | Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2023-23573MISC |
seiko_solutions — mb-a200_firmware | Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product’s ADB port. | 2023-05-10 | not yet calculated | CVE-2023-23578MISCMISCMISCMISCMISCMISC |
intel — trace_analyzer_collector_software | Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-23580MISC |
wordpress — wordpress | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Team Member – Team with Slider plugin <= 4.4 versions. | 2023-05-09 | not yet calculated | CVE-2023-23647MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <= 3.4.1 versions. | 2023-05-10 | not yet calculated | CVE-2023-23701MISC |
wordpress — wordpress | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions. | 2023-05-10 | not yet calculated | CVE-2023-23786MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Florin Arjocu Custom More Link Complete plugin <= 1.4.1 versions. | 2023-05-10 | not yet calculated | CVE-2023-23788MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions. | 2023-05-10 | not yet calculated | CVE-2023-23789MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss Semalt Blocker plugin <= 1.1.3 versions. | 2023-05-10 | not yet calculated | CVE-2023-23794MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin <= 1.5 versions. | 2023-05-12 | not yet calculated | CVE-2023-23810MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joost de Valk Enhanced WP Contact Form plugin <= 2.2.3 versions. | 2023-05-10 | not yet calculated | CVE-2023-23812MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gautam Thapar Button Builder – Buttons X plugin <= 0.8.6 versions. | 2023-05-12 | not yet calculated | CVE-2023-23867MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flector BBSpoiler plugin <= 2.01 versions. | 2023-05-10 | not yet calculated | CVE-2023-23873MISC |
seiko_solutions — skybridge_mb-a200_firmware_basic | Improper following of a certificate’s chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product. | 2023-05-10 | not yet calculated | CVE-2023-23901MISCMISCMISCMISCMISCMISC |
seiko_solutions — skybirdge_mb-4100/110_firmware | Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product. | 2023-05-10 | not yet calculated | CVE-2023-23906MISCMISCMISCMISCMISCMISC |
intel — trace_analyzer_collector_software | Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2023-23909MISC |
intel — trace_analyzer_collector_software | Out-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-23910MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <= 1.1.7 versions. | 2023-05-10 | not yet calculated | CVE-2023-24392MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <= 1.8.6 versions. | 2023-05-10 | not yet calculated | CVE-2023-24406MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions. | 2023-05-10 | not yet calculated | CVE-2023-24418MISC |
rockwell_automation — thinmanager | Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API. | 2023-05-11 | not yet calculated | CVE-2023-2443MISC |
rockwell_automation — factorytalk_vantagepoint | A cross site request forgery vulnerability exists in Rockwell Automation’s FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well. | 2023-05-11 | not yet calculated | CVE-2023-2444MISC |
intel — server_board_bmc_firmware | Out of bounds read in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2023-24475MISC |
milesight — ncr/camera | Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive information through an unspecified request. | 2023-05-08 | not yet calculated | CVE-2023-24505MISC |
milesight — ncr/camera |
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. |
2023-05-08 | not yet calculated | CVE-2023-24506MISC |
agilepoint — nx |
AgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload – Vulnerability allows insecure file upload, by an unspecified request. |
2023-05-08 | not yet calculated | CVE-2023-24507MISC |
go — html/template | Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a ‘/’ character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. | 2023-05-11 | not yet calculated | CVE-2023-24539MISCMISCMISCMISC |
go — html/template | Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set “\t\n\f\r\u0020\u2028\u2029” in JavaScript contexts that also contain actions may not be properly sanitized during execution. | 2023-05-11 | not yet calculated | CVE-2023-24540MISCMISCMISCMISC |
google — chromeos_audio_server | Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High) | 2023-05-12 | not yet calculated | CVE-2023-2457MISCMISC |
google — chromeos_camera | Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High) | 2023-05-12 | not yet calculated | CVE-2023-2458MISCMISC |
seiko_solutions — skybridge_mb-a100/110_firmware | Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product. | 2023-05-10 | not yet calculated | CVE-2023-24586MISCMISCMISCMISCMISCMISC |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project. | 2023-05-08 | not yet calculated | CVE-2023-2478MISCMISCCONFIRM |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fernando Briano UserAgent-Spy plugin <= 1.3.1 versions. | 2023-05-11 | not yet calculated | CVE-2023-2490MISC |
ibm — business_automation_workflow | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115. | 2023-05-06 | not yet calculated | CVE-2023-24957MISCMISC |
autodesk — 3ds_max_usd_plugin | A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability. | 2023-05-12 | not yet calculated | CVE-2023-25005MISC |
autodesk — 3ds_max_usd_plugin | A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution. | 2023-05-12 | not yet calculated | CVE-2023-25006MISC |
autodesk — 3ds_max_usd_plugin | A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution. | 2023-05-12 | not yet calculated | CVE-2023-25007MISC |
autodesk — 3ds_max_usd_plugin | A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution. | 2023-05-12 | not yet calculated | CVE-2023-25008MISC |
autodesk — 3ds_max_usd_plugin | A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution. | 2023-05-12 | not yet calculated | CVE-2023-25009MISC |
seiko_solutions — skybridge_mb-a100/110 | Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator’s communication to the product. | 2023-05-10 | not yet calculated | CVE-2023-25070MISCMISCMISCMISCMISCMISC |
seiko_solutions — skybridge_mb-a100/110 | Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. | 2023-05-10 | not yet calculated | CVE-2023-25072MISCMISCMISCMISCMISCMISC |
cloudflare — workerd | Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements. This would most likely lead to a segmentation fault, but could theoretically allow arbitrary undefined behavior.
In order for the bug to be exploitable, the process would need to be able to allocate 160GB of RAM. Due to this, the bug was never exploitable on the Cloudflare Workers platform, but could theoretically be exploitable on deployments of workerd running on machines with a huge amount of memory. Moreover, in order to be remotely exploited, an attacker would have to upload a single form-encoded HTTP request of at least tens of gigabytes in size. The application code would then have to use request.formData() to parse the request and formData.forEach() to iterate over this data. Due to these limitations, the exploitation likelihood was considered Low. A fix that addresses this vulnerability has been released in version v1.20230419.0 and users are encouraged to update to the latest version available. |
2023-05-12 | not yet calculated | CVE-2023-2512MISCMISC |
linux — kernel | A use-after-free vulnerability was found in the Linux kernel’s ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. | 2023-05-08 | not yet calculated | CVE-2023-2513MISCMISCMISC |
mattermost — mattermost | Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. | 2023-05-12 | not yet calculated | CVE-2023-2514MISC |
mattermost — mattermost | Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin | 2023-05-12 | not yet calculated | CVE-2023-2515MISC |
intel — intel_server_board_bmc_firmware | Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2023-25175MISC |
intel — intel_unite_android_application | Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access. | 2023-05-10 | not yet calculated | CVE-2023-25179MISC |
seiko_solutions — multiple_products | Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier. | 2023-05-10 | not yet calculated | CVE-2023-25184MISCMISCMISCMISCMISCMISC |
fetlife — rollout-ui | Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality. | 2023-05-11 | not yet calculated | CVE-2023-25309MISCMISCMISCMISC |
otrs_ag — otrs | Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation and the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32. | 2023-05-08 | not yet calculated | CVE-2023-2534MISC |
soft-o — free_password_manager | A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution. | 2023-05-12 | not yet calculated | CVE-2023-25428MISCMISC |
codesolz — easy_ad_manager | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin <= 1.0.0 versions. | 2023-05-12 | not yet calculated | CVE-2023-25460MISC |
intel — intel_server_board_bmc_firmware | Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-25545MISC |
ipfs — boxo | Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users accepting untrusted connections with the Bitswap server and also affects users using the old API stubs at `github.com/ipfs/go-libipfs/bitswap` because users then transitively import `github.com/ipfs/go-libipfs/bitswap/server`. Boxo versions 0.6.0 and 0.4.1 contain a patch for this issue. As a workaround, those who are using the stub object at `github.com/ipfs/go-libipfs/bitswap` not taking advantage of the features provided by the server can refactor their code to use the new split API that will allow them to run in a client only mode: `github.com/ipfs/go-libipfs/bitswap/client`. | 2023-05-10 | not yet calculated | CVE-2023-25568CONFIRMMISCMISCMISC |
intel — intel_nuc_bios_firmware | Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | 2023-05-10 | not yet calculated | CVE-2023-25771MISC |
intel — intel_retail_edge_mobile_android_application | Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local access. | 2023-05-10 | not yet calculated | CVE-2023-25772MISC |
intel — intel_server_board_bmc_firmware | Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2023-25776MISC |
strikingly — strickingly_cms | A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the __proto__ or constructor properties and the Object prototype. By leveraging an embedded gadget like jQuery, an attacker who convinces a victim to visit a specially crafted link could achieve arbitrary javascript execution in the context of the user’s browser. | 2023-05-08 | not yet calculated | CVE-2023-2582MISC |
ibm — security_verify_access | IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635. | 2023-05-12 | not yet calculated | CVE-2023-25927MISCMISC |
sourcecodester — food_ordering_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the component Registration. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228396. | 2023-05-09 | not yet calculated | CVE-2023-2594MISCMISC |
sourcecodester — billing_management_system | A vulnerability has been found in SourceCodester Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax_service.php of the component POST Parameter Handler. The manipulation of the argument drop_services leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228397 was assigned to this vulnerability. | 2023-05-09 | not yet calculated | CVE-2023-2595MISCMISCMISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <= 2.1.4 versions. | 2023-05-12 | not yet calculated | CVE-2023-25958MISC |
sourcecodester — online_reviewer_system | A vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /reviewer/system/system/admins/manage/users/user-update.php of the component GET Parameter Handler. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228398 is the identifier assigned to this vulnerability. | 2023-05-09 | not yet calculated | CVE-2023-2596MISCMISCMISC |
vim — vim | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. | 2023-05-09 | not yet calculated | CVE-2023-2609MISCCONFIRM |
m_static — m_static | All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function. | 2023-05-10 | not yet calculated | CVE-2023-26126MISCMISC |
pimcore — pimcore | Cross-site Scripting (XSS) – DOM in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-05-10 | not yet calculated | CVE-2023-2614MISCCONFIRM |
pimcore — pimcore | Cross-site Scripting (XSS) – Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-05-10 | not yet calculated | CVE-2023-2615CONFIRMMISC |
opencv — we_qrcode_module | A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547. | 2023-05-10 | not yet calculated | CVE-2023-2617MISCMISCMISCMISC |
opencv — we_qrcode_module | A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548. | 2023-05-10 | not yet calculated | CVE-2023-2618MISCMISCMISCMISC |
pimcore — customer_data_framework | Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9. | 2023-05-10 | not yet calculated | CVE-2023-2629CONFIRMMISC |
pimcore — pimcore | Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-05-10 | not yet calculated | CVE-2023-2630MISCCONFIRM |
sourcecodester — online_internship_management_system | A vulnerability was found in SourceCodester Online Internship Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/login.php of the component POST Parameter Handler. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228770 is the identifier assigned to this vulnerability. | 2023-05-11 | not yet calculated | CVE-2023-2641MISCMISCMISC |
sourcecodester — online_exam_system | A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. This affects an unknown part of the file adminpanel/admin/facebox_modal/updateCourse.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228771. | 2023-05-11 | not yet calculated | CVE-2023-2642MISCMISCMISC |
sourcecodester — file_tracker_manager_system | A vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0. This vulnerability affects unknown code of the file register/update_password.php of the component POST Parameter Handler. The manipulation of the argument new_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228772. | 2023-05-11 | not yet calculated | CVE-2023-2643MISCMISCMISC |
digitalpersona — fpsensor | A vulnerability, which was classified as problematic, has been found in DigitalPersona FPSensor 1.0.0.1. This issue affects some unknown processing of the file C:\Program Files (x86)\FPSensor\bin\DpHost.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-228773 was assigned to this vulnerability. | 2023-05-11 | not yet calculated | CVE-2023-2644MISCMISC |
usr — usr-g806 | A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-11 | not yet calculated | CVE-2023-2645MISCMISCMISC |
tp-link — archer_c7v2 | A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-11 | not yet calculated | CVE-2023-2646MISCMISC |
weaver — e-office | A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utility_all.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-11 | not yet calculated | CVE-2023-2647MISCMISCMISC |
weaver — e-office | A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-11 | not yet calculated | CVE-2023-2648MISCMISCMISC |
tenda — ac23 | A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-11 | not yet calculated | CVE-2023-2649MISCMISCMISC |
sourcecodester — lost_and_found_information_system | A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_item. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228780. | 2023-05-11 | not yet calculated | CVE-2023-2652MISCMISCMISC |
sourcecodester — lost_and_found_information_system | A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability. | 2023-05-11 | not yet calculated | CVE-2023-2653MISCMISCMISC |
sourcecodester — ac_repair_and_services_system | A vulnerability classified as critical has been found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228798 is the identifier assigned to this vulnerability. | 2023-05-11 | not yet calculated | CVE-2023-2656MISCMISCMISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228799. | 2023-05-11 | not yet calculated | CVE-2023-2657MISCMISCMISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228800. | 2023-05-11 | not yet calculated | CVE-2023-2658MISCMISCMISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228801 was assigned to this vulnerability. | 2023-05-11 | not yet calculated | CVE-2023-2659MISCMISCMISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_categories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228802 is the identifier assigned to this vulnerability. | 2023-05-11 | not yet calculated | CVE-2023-2660MISCMISCMISC |
sourcecodester — online_computer_and_laptop_store | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803. | 2023-05-11 | not yet calculated | CVE-2023-2661MISCMISCMISC |
xpdf — xpdf | In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. | 2023-05-11 | not yet calculated | CVE-2023-2662MISC |
xpdf — xpdf | In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. | 2023-05-11 | not yet calculated | CVE-2023-2663MISC |
xpdf — xpdf | In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. | 2023-05-11 | not yet calculated | CVE-2023-2664MISC |
francoisjacquet — rosariosis | Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | 2023-05-12 | not yet calculated | CVE-2023-2665CONFIRMMISC |
froxlor — froxlor | Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16. | 2023-05-12 | not yet calculated | CVE-2023-2666CONFIRMMISC |
sourcecodester — lost_and_found_information_system | A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-228883. | 2023-05-12 | not yet calculated | CVE-2023-2667MISCMISC |
sourcecodester — lost_and_found_information_system | A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-228884. | 2023-05-12 | not yet calculated | CVE-2023-2668MISCMISC |
sourcecodester — lost_and_found_information_system | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-228885 was assigned to this vulnerability. | 2023-05-12 | not yet calculated | CVE-2023-2669MISCMISC |
sourcecodester — lost_and_found_information_system | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. VDB-228886 is the identifier assigned to this vulnerability. | 2023-05-12 | not yet calculated | CVE-2023-2670MISCMISC |
sourcecodester — lost_and_found_information_system | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228887. | 2023-05-12 | not yet calculated | CVE-2023-2671MISCMISC |
sourcecodester — lost_and_found_information_system | A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228888. | 2023-05-12 | not yet calculated | CVE-2023-2672MISCMISC |
openemr — openemr | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | 2023-05-12 | not yet calculated | CVE-2023-2674CONFIRMMISC |
h3c — r160 | A vulnerability, which was classified as critical, has been found in H3C R160 V1004004. Affected by this issue is some unknown functionality of the file /goForm/aspForm. The manipulation of the argument go leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-228890 is the identifier assigned to this vulnerability. | 2023-05-12 | not yet calculated | CVE-2023-2676MISCMISCMISC |
sourcecodester — covid-19_contact_tracing_system | A vulnerability, which was classified as critical, was found in SourceCodester Covid-19 Contact Tracing System 1.0. This affects an unknown part of the file admin/establishment/manage.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228891. | 2023-05-12 | not yet calculated | CVE-2023-2677MISCMISCMISC |
sourcecodester — file_tracker_manager_system | A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /file_manager/admin/save_user.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228892. | 2023-05-12 | not yet calculated | CVE-2023-2678MISCMISCMISC |
caton — live | A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component Mini_HTTPD. The manipulation of the argument address with the input ;id;uname${IFS}-a leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-05-12 | not yet calculated | CVE-2023-2682MISCMISC |
lavalite — cms | LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. | 2023-05-12 | not yet calculated | CVE-2023-27237MISCMISCMISCMISCMISC |
lavalite — cms | LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. | 2023-05-12 | not yet calculated | CVE-2023-27238MISCMISC |
intel — wake_up_latency_tracer | Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2023-05-10 | not yet calculated | CVE-2023-27298MISC |
intel — nuc_p14e_laptop_element_software | Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-27382MISC |
omron — cx-drive | Heap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed. | 2023-05-10 | not yet calculated | CVE-2023-27385MISCMISC |
intel — pathfinder | Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-27386MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Viable Blog theme <= 1.1.4 versions. | 2023-05-10 | not yet calculated | CVE-2023-27419MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Marketing Update Image Tag Alt Attribute plugin <= 2.4.5 versions. | 2023-05-10 | not yet calculated | CVE-2023-27455MISC |
jubei_inc — jb_inquiry_form | JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry form versions 0.6.1 and 0.6.0, JB Inquiry form versions 0.5.2, 0.5.1 and 0.5.0, and JB Inquiry form version 0.40. | 2023-05-10 | not yet calculated | CVE-2023-27510MISCMISC |
ministry_of_justice_japan — shinseiyo_sogo_soft | Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. | 2023-05-10 | not yet calculated | CVE-2023-27527MISCMISC |
ibm — websphere_application_server | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. | 2023-05-11 | not yet calculated | CVE-2023-27554MISCMISC |
node.js — n8n | The n8n package 0.218.0 for Node.js allows Directory Traversal. | 2023-05-10 | not yet calculated | CVE-2023-27562MISCMISC |
node.js — n8n | The n8n package 0.218.0 for Node.js allows Escalation of Privileges. | 2023-05-10 | not yet calculated | CVE-2023-27563MISCMISC |
node.js — n8n | The n8n package 0.218.0 for Node.js allows Information Disclosure. | 2023-05-10 | not yet calculated | CVE-2023-27564MISCMISC |
optoma — 1080pstx_c02 | An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials. | 2023-05-12 | not yet calculated | CVE-2023-27823MISCMISC |
ibm — spectrum_protect_plus_server | IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325. | 2023-05-12 | not yet calculated | CVE-2023-27863MISCMISC |
ibm — spectrum_protect_plus_server | IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518. | 2023-05-11 | not yet calculated | CVE-2023-27870MISCMISC |
wordpress — wordpress | Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product. | 2023-05-10 | not yet calculated | CVE-2023-27888MISCMISC |
wordpress — wordpress | Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page. | 2023-05-10 | not yet calculated | CVE-2023-27889MISCMISC |
wordpress — wordpress | Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress – Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL. | 2023-05-10 | not yet calculated | CVE-2023-27918MISCMISC |
next_engine — ec-cube | Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system. | 2023-05-10 | not yet calculated | CVE-2023-27919MISCMISC |
apple — multiple_products | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts | 2023-05-08 | not yet calculated | CVE-2023-27928MISCMISCMISCMISCMISCMISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory | 2023-05-08 | not yet calculated | CVE-2023-27956MISCMISCMISCMISCMISC |
apple — macos | This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand | 2023-05-08 | not yet calculated | CVE-2023-27960MISC |
apple — macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to modify protected parts of the file system | 2023-05-08 | not yet calculated | CVE-2023-27962MISCMISCMISC |
apple — multiple_products | The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the user | 2023-05-08 | not yet calculated | CVE-2023-27963MISCMISCMISCMISCMISC |
apple — macos | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Studio Display Firmware Update 16.4. An app may be able to execute arbitrary code with kernel privileges | 2023-05-08 | not yet calculated | CVE-2023-27965MISCMISC |
apple — macos | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to break out of its sandbox | 2023-05-08 | not yet calculated | CVE-2023-27966MISC |
apple — multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | 2023-05-08 | not yet calculated | CVE-2023-27969MISCMISCMISCMISCMISC |
apple — ios/ipados | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | 2023-05-08 | not yet calculated | CVE-2023-27970MISC |
ivanti — avalanche | An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass. | 2023-05-09 | not yet calculated | CVE-2023-28125MISC |
ivanti — avalanche | An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message. | 2023-05-09 | not yet calculated | CVE-2023-28126MISC |
ivanti — avalanche | A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. | 2023-05-09 | not yet calculated | CVE-2023-28127MISC |
apple — macos | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | 2023-05-09 | not yet calculated | CVE-2023-28128MISC |
apple — multiple_products | A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to bypass Privacy preferences | 2023-05-08 | not yet calculated | CVE-2023-28178MISCMISCMISC |
apple — multiple_products | The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device | 2023-05-08 | not yet calculated | CVE-2023-28182MISCMISCMISCMISCMISC |
apple — ios/ipados | The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen | 2023-05-08 | not yet calculated | CVE-2023-28194MISC |
apple — multiple_products | This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution | 2023-05-08 | not yet calculated | CVE-2023-28201MISCMISCMISCMISC |
rocket.chat — rocket.chat | A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled. | 2023-05-09 | not yet calculated | CVE-2023-28316MISC |
rocket.chat — rocket.chat | A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order. | 2023-05-09 | not yet calculated | CVE-2023-28317MISC |
rocket.chat — rocket.chat | A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices. | 2023-05-09 | not yet calculated | CVE-2023-28318MISC |
rocket.chat — rocket.chat | An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room. | 2023-05-11 | not yet calculated | CVE-2023-28325MISC |
rocket.chat — rocket.chat | A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive. | 2023-05-11 | not yet calculated | CVE-2023-28356MISC |
rocket.chat — rocket.chat | A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to. | 2023-05-11 | not yet calculated | CVE-2023-28357MISC |
rocket.chat — rocket.chat | A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the “Search Messages” feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover. | 2023-05-11 | not yet calculated | CVE-2023-28358MISC |
rocket.chat — rocket.chat | A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact. | 2023-05-11 | not yet calculated | CVE-2023-28359MISC |
brave — brave | An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user. | 2023-05-11 | not yet calculated | CVE-2023-28360MISC |
ubiquiti — unifi | A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later. | 2023-05-11 | not yet calculated | CVE-2023-28361MISC |
intel — i915_graphics_drivers_for_linux | Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-10 | not yet calculated | CVE-2023-28410MISC |
intel — server_board_bmc | Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | 2023-05-10 | not yet calculated | CVE-2023-28411MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ApexChat plugin <= 1.3.1 versions. | 2023-05-12 | not yet calculated | CVE-2023-28414MISC |
ibm — planning_analytics_local | IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454. | 2023-05-12 | not yet calculated | CVE-2023-28520MISCMISC |
ibm — api_connect | IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585. | 2023-05-12 | not yet calculated | CVE-2023-28522MISCMISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.20 versions. | 2023-05-10 | not yet calculated | CVE-2023-28932MISC |
oracle — apache | Attacker can access arbitrary recording/room
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 |
2023-05-12 | not yet calculated | CVE-2023-28936MISC |
rockwell_automation — armorstart_st | A cross site scripting vulnerability was discovered in Rockwell Automation’s ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | 2023-05-11 | not yet calculated | CVE-2023-29022MISC |
rockwell_automation — armorstart_st | A cross site scripting vulnerability was discovered in Rockwell Automation’s ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | 2023-05-11 | not yet calculated | CVE-2023-29023MISC |
rockwell_automation — armorstart_st | A cross site scripting vulnerability was discovered in Rockwell Automation’s ArmorStart ST product. A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | 2023-05-11 | not yet calculated | CVE-2023-29024MISC |
rockwell_automation — armorstart_st | A cross site scripting vulnerability was discovered in Rockwell Automation’s ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | 2023-05-11 | not yet calculated | CVE-2023-29025MISC |
rockwell_automation — armorstart_st | A cross site scripting vulnerability was discovered in Rockwell Automation’s ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | 2023-05-11 | not yet calculated | CVE-2023-29026MISC |
rockwell_automation — armorstart_st | A cross site scripting vulnerability was discovered in Rockwell Automation’s ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | 2023-05-11 | not yet calculated | CVE-2023-29027MISC |
rockwell_automation — armorstart_st | A cross site scripting vulnerability was discovered in Rockwell Automation’s ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | 2023-05-11 | not yet calculated | CVE-2023-29028MISC |
rockwell_automation — armorstart_st | A cross site scripting vulnerability was discovered in Rockwell Automation’s ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | 2023-05-11 | not yet calculated | CVE-2023-29029MISC |
rockwell_automation — armorstart_st | A cross site scripting vulnerability was discovered in Rockwell Automation’s ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | 2023-05-11 | not yet calculated | CVE-2023-29030MISC |
rockwell_automation — armorstart_st | A cross site scripting vulnerability was discovered in Rockwell Automation’s ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability. | 2023-05-11 | not yet calculated | CVE-2023-29031MISC |
oracle — apache | An attacker that has gained access to certain private information can use this to act as other user.
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0 |
2023-05-12 | not yet calculated | CVE-2023-29032MISC |
samsung — exynos_modems | An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080. Binding of a wrong resource can occur due to improper handling of parameters while binding a network interface. | 2023-05-09 | not yet calculated | CVE-2023-29092MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingroup Betheme theme <= 26.7.5 versions. | 2023-05-10 | not yet calculated | CVE-2023-29101MISC |
vitess — vitess | Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server. | 2023-05-11 | not yet calculated | CVE-2023-29195MISCMISCMISCMISCMISCMISC |
intel — oneapi_toolkits | Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-12 | not yet calculated | CVE-2023-29242MISC |
oracle — apache | An attacker who has gained access to an admin account can perform RCE via null-byte injection
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 |
2023-05-12 | not yet calculated | CVE-2023-29246MISC |
go — html/template | Templates containing actions in unquoted HTML attributes (e.g. “attr={{.}}”) executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. | 2023-05-11 | not yet calculated | CVE-2023-29400MISCMISCMISCMISC |
rockwell_automation — arena_simulation | An arbitrary code execution vulnerability contained in Rockwell Automation’s Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability. | 2023-05-09 | not yet calculated | CVE-2023-29460MISC |
rockwell_automation — arena_simulation | An arbitrary code execution vulnerability contained in Rockwell Automation’s Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap.
potentially resulting in a complete loss of confidentiality, integrity, and availability. |
2023-05-09 | not yet calculated | CVE-2023-29461MISC |
rockwell_automation — arena_simulation | An arbitrary code execution vulnerability contained in Rockwell Automation’s Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap.
potentially resulting in a complete loss of confidentiality, integrity, and availability. |
2023-05-09 | not yet calculated | CVE-2023-29462MISC |
extplorer — extplorer | eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions. | 2023-05-12 | not yet calculated | CVE-2023-29657MISCMISC |
kodbox — kodbox | kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. | 2023-05-12 | not yet calculated | CVE-2023-29790MISC |
kodbox — kodbox | kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. | 2023-05-11 | not yet calculated | CVE-2023-29791MISC |
vogtmh — cmaps | Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code. | 2023-05-12 | not yet calculated | CVE-2023-29808MISCMISCMISC |
maximilian_vogt — companymaps | SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request. | 2023-05-12 | not yet calculated | CVE-2023-29809MISCMISCMISCMISC |
webroot — secureanywhere | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin. | 2023-05-12 | not yet calculated | CVE-2023-29818MISCMISCMISC |
webroot — secureanywhere | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. | 2023-05-12 | not yet calculated | CVE-2023-29819MISCMISCMISC |
webroot — secureanywhere | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. | 2023-05-12 | not yet calculated | CVE-2023-29820MISCMISCMISC |
medical_systems — medisys_weblab | Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files. | 2023-05-11 | not yet calculated | CVE-2023-29863MISCMISCMISC |
genesys — cic_polycom_phone | An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page. | 2023-05-10 | not yet calculated | CVE-2023-29930MISCMISC |
maximilian_vogt — cmaps | Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel. | 2023-05-12 | not yet calculated | CVE-2023-29983MISCMISCMISCMISC |
spring_boot_actuator — logview | spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view. | 2023-05-11 | not yet calculated | CVE-2023-29986MISC |
imgproxy — imgproxy | imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter. | 2023-05-08 | not yet calculated | CVE-2023-30019MISCMISC |
fico_origination_manager — decision_module | A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie. | 2023-05-09 | not yet calculated | CVE-2023-30056MISCMISCMISC |
fico_origination_manager — decision_module | Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-05-09 | not yet calculated | CVE-2023-30057MISCMISCMISC |
libming — swftophp | Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the newVar_N in util/decompile.c. | 2023-05-09 | not yet calculated | CVE-2023-30083MISC |
libming — swftophp | An issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the stackVal function in util/decompile.c. | 2023-05-09 | not yet calculated | CVE-2023-30084MISC |
libming — swftophp | Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c. | 2023-05-09 | not yet calculated | CVE-2023-30085MISC |
libtiff — libtiff | Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. | 2023-05-09 | not yet calculated | CVE-2023-30086MISCMISCMISC |
cesanta — mjs | Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c. | 2023-05-09 | not yet calculated | CVE-2023-30087MISC |
cesanta — mjs | An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c. | 2023-05-09 | not yet calculated | CVE-2023-30088MISC |
craftcms — craftcms | An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. | 2023-05-12 | not yet calculated | CVE-2023-30130MISCMISC |
mlflow — mlflow | A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. | 2023-05-11 | not yet calculated | CVE-2023-30172MISCMISC |
prestashop — possearchproducts | Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find(). | 2023-05-12 | not yet calculated | CVE-2023-30192MISCMISC |
prestashop — posstaticfooter | Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook(). | 2023-05-10 | not yet calculated | CVE-2023-30194MISCMISC |
cyberghostvpn — window_client | CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe. | 2023-05-09 | not yet calculated | CVE-2023-30237MISCMISCMISC |
judging_management_system — judging_management_system | SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter. | 2023-05-12 | not yet calculated | CVE-2023-30246MISCMISC |
oretnom23 — storage_unit_rental_management_system | File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. | 2023-05-12 | not yet calculated | CVE-2023-30247MISCMISC |
webkil — qloapps | Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file. | 2023-05-11 | not yet calculated | CVE-2023-30256MISCMISCMISC |
fiio_m6 — build_number | A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root. | 2023-05-08 | not yet calculated | CVE-2023-30257MISCMISC |
softexpert — excellence_suite | SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php. | 2023-05-12 | not yet calculated | CVE-2023-30330MISCMISC |
asmbb — multiple_products | AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries. | 2023-05-08 | not yet calculated | CVE-2023-30334MISCMISCMISCMISCMISC |
shenzen_tenda_technology — ip_camera_cp3 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials. | 2023-05-10 | not yet calculated | CVE-2023-30351MISCMISC |
shenzen_tenda_technology — ip_camera_cp3 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed. | 2023-05-10 | not yet calculated | CVE-2023-30352MISC |
shenzen_tenda_technology — ip_camera_cp3 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document. | 2023-05-10 | not yet calculated | CVE-2023-30353MISC |
shenzen_tenda_technology — ip_camera_cp3 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access. | 2023-05-10 | not yet calculated | CVE-2023-30354MISCMISC |
shenzen_tenda_technology — ip_camera_cp3 | Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows attackers to update the device with crafted firmware | 2023-05-10 | not yet calculated | CVE-2023-30356MISC |
moveit — moveit | MoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function. | 2023-05-11 | not yet calculated | CVE-2023-30394MISCMISCMISCMISCMISC |
sap_se — sap_businessobjects_business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform – versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limited impact on integrity and availability of the application. | 2023-05-09 | not yet calculated | CVE-2023-30740MISCMISC |
sap_se — sap_businessobjects_business_intelligence_platform | Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform – versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | 2023-05-09 | not yet calculated | CVE-2023-30741MISCMISC |
sap_se — sap_crm_webclient_ui | SAP CRM (WebClient UI) – versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user’s session. The information from the victim’s session could then be modified or read by the attacker. | 2023-05-09 | not yet calculated | CVE-2023-30742MISCMISC |
sap_se — sapui5 | Due to improper neutralization of input in SAPUI5 – versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack. | 2023-05-09 | not yet calculated | CVE-2023-30743MISCMISC |
sap_se — sap_as_netweaver_java | In SAP AS NetWeaver JAVA – versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication. A subsequent call to one of these methods can read or change the state of existing services without any effect on availability. | 2023-05-09 | not yet calculated | CVE-2023-30744MISCMISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booqable Rental Software Booqable Rental plugin <= 2.4.15 versions. | 2023-05-10 | not yet calculated | CVE-2023-30746MISC |
intel — soc_watch_based_software | Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-05-12 | not yet calculated | CVE-2023-30763MISC |
intel — intel_server_board_s2600wtt | Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-05-12 | not yet calculated | CVE-2023-30768MISC |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions. | 2023-05-10 | not yet calculated | CVE-2023-30777MISCMISCMISC |
vyper — vyper | Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8. | 2023-05-08 | not yet calculated | CVE-2023-30837MISCMISC |
fluid-cloudnative — fluid | Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod (controlled by the `csi-nodeplugin-fluid` node-daemonset), they can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks `list node` permissions, the attacker may need to use other techniques to identify vulnerable nodes.
Once the attacker identifies and modifies the node specs, they can manipulate system-level-privileged components to access all secrets in the cluster or execute pods on other nodes. This allows them to elevate privileges beyond the compromised node and potentially gain full privileged access to the whole cluster. To exploit this vulnerability, the attacker can make all other nodes unschedulable (for example, patch node with taints) and wait for system-critical components with high privilege to appear on the compromised node. However, this attack requires two prerequisites: a compromised node and identifying all vulnerable nodes through other means. Version 0.8.6 contains a patch for this issue. As a workaround, delete the `csi-nodeplugin-fluid` daemonset in `fluid-system` namespace and avoid using CSI mode to mount FUSE file systems. Alternatively, using sidecar mode to mount FUSE file systems is recommended. |
2023-05-08 | not yet calculated | CVE-2023-30840MISCMISCMISCMISC |
mutagen-io — mutagen | Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in `mutagen` and prior to version 0.17.1 in `mutagen-compose`, Mutagen `list` and `monitor` commands are susceptible to control characters that could be provided by remote endpoints. This could cause terminal corruption, either intentional or unintentional, if these characters were present in error messages or file paths/names. This could be used as an attack vector if synchronizing with an untrusted remote endpoint, synchronizing files not under control of the user, or forwarding to/from an untrusted remote endpoint. On very old systems with terminals susceptible to issues such as CVE-2003-0069, the issue could theoretically cause code execution. The problem has been patched in Mutagen v0.16.6 and v0.17.1. Earlier versions of Mutagen are no longer supported and will not be patched. Versions of Mutagen after v0.18.0 will also have the patch merged. As a workaround, avoiding synchronization of untrusted files or interaction with untrusted remote endpoints should mitigate any risk. | 2023-05-08 | not yet calculated | CVE-2023-30844MISCMISCMISC |
wwbn — avideo | WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue. | 2023-05-08 | not yet calculated | CVE-2023-30860MISCMISC |
oracle — apache | SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0(released 2003-08-06)
Note that Log4cxx is a C++ framework, so only C++ applications are affected. Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library. As of version 1.1.0, this must be both explicitly enabled in order to be compiled in. Three preconditions must be met for this vulnerability to be possible: 1. Log4cxx compiled with ODBC support(before version 1.1.0, this was auto-detected at compile time) 2. ODBCAppender enabled for logging messages to, generally done via a config file 3. User input is logged at some point. If your application does not have user input, it is unlikely to be affected. Users are recommended to upgrade to version 1.1.0 which properly binds the parameters to the SQL statement, or migrate to the new DBAppender class which supports an ODBC connection in addition to other databases. Example of old configuration snippet: <appender name=”SqlODBCAppender” class=”ODBCAppender”> <param name=”sql” value=”INSERT INTO logs (message) VALUES (‘%m’)” /> … other params here … </appender> The migrated configuration snippet with new ColumnMapping parameters: <appender name=”SqlODBCAppender” class=”ODBCAppender”> <param name=”sql” value=”INSERT INTO logs (message) VALUES (?)” /> <param name=”ColumnMapping” value=”message”/> </appender> |
2023-05-08 | not yet calculated | CVE-2023-31038MISC |
django — django | In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django’s “Uploading multiple files” documentation suggested otherwise. | 2023-05-07 | not yet calculated | CVE-2023-31047CONFIRMMISCMISCFEDORA |
effectindex — tripreporter | `effectindex/tripreporter` is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of `effectindex/tripreporter`, e.g. `subjective.report`, may be affected by an improper password verification vulnerability. The vulnerability allows any user with a password matching the password requirements to log in as any user. This allows access to accounts / data loss of the user. This issue is patched in commit bd80ba833b9023d39ca22e29874296c8729dd53b. No action necessary for users of `subjective.report`, and anyone running their own instance should update to this commit or newer as soon as possible. As a workaround, someone running their own instance may apply the patch manually. | 2023-05-08 | not yet calculated | CVE-2023-31123MISCMISC |
socketio — engineio | Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are not impacted. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package, including those who use depending packages like `socket.io`. This issue was fixed in version 6.4.2 of Engine.IO. There is no known workaround except upgrading to a safe version. | 2023-05-08 | not yet calculated | CVE-2023-31125MISCMISCMISC |
xwiki — xwiki-commons | `org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect restricted cleaning in HTMLCleaner as there attributes are cleaned and thus characters like `/` and `>` are removed in all attribute names. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by making sure that data attributes only contain allowed characters. There are no known workarounds apart from upgrading to a version including the fix. | 2023-05-09 | not yet calculated | CVE-2023-31126MISCMISCMISC |
dmtf — libspdm | libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establish the session with `KEY_EXCHANGE` and `PSK_FINISH` to bypass the mutual authentication. This is most likely to happen when the Requester begins a session using one method (DHE, for example) and then uses the other method’s finish (PSK_FINISH in this example) to establish the session. The session hashes would be expected to fail in this case, but the condition was not detected. This issue only impacts the SPDM responder, which supports `KEY_EX_CAP=1 and `PSK_CAP=10b` at same time with mutual authentication requirement. The SPDM requester is not impacted. The SPDM responder is not impacted if `KEY_EX_CAP=0` or `PSK_CAP=0` or `PSK_CAP=01b`. The SPDM responder is not impacted if mutual authentication is not required. libspdm 1.0, 2.0, 2.1, 2.2, 2.3 are all impacted. Older branches are not maintained, but users of the 2.3 branch may receive a patch in version 2.3.2. The SPDM specification (DSP0274) does not contain this vulnerability. |
2023-05-08 | not yet calculated | CVE-2023-31127MISCMISCMISC |
contiki-ng — contiki-ng | The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND protocol includes a message type called Router Solicitation (RS), which is used to locate routers and update their address information via the SLLAO (Source Link-Layer Address Option). If the indicated source address changes, a given neighbor entry is set to the STALE state.
The message handler does not check for RS messages with an SLLAO that indicates a link-layer address change that a neighbor entry can actually be created for the indicated address. The resulting pointer is used without a check, leading to the dereference of a NULL pointer of type `uip_ds6_nbr_t`. The problem has been patched in the `develop` branch of Contiki-NG, and will be included in the upcoming 4.9 release. As a workaround, users can apply Contiki-NG pull request #2271 to patch the problem directly. |
2023-05-08 | not yet calculated | CVE-2023-31129MISCMISC |
ghost — ghost | Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.
Ghost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below v5.46.1. v5.46.1 contains a fix for this issue. As a workaround, add a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`. |
2023-05-08 | not yet calculated | CVE-2023-31133MISCMISCMISC |
tauri — tauri | Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit arbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC. |
2023-05-09 | not yet calculated | CVE-2023-31134MISCMISCMISCMISCMISCMISC |
postgresnio –postgresnio | PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client’s first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users. | 2023-05-09 | not yet calculated | CVE-2023-31136MISCMISCMISCMISCMISCMISCMISCMISC |
maradns — maradns | MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination.
The vulnerability exists in the `decomp_get_rddata` function within the `Decompress.c` file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the `rdlength` is smaller than `rdata`, the result of the line `Decompress.c:886` is a negative number `len = rdlength – total;`. This value is then passed to the `decomp_append_bytes` function without proper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate. Consequently, the program exits with an error code of 64, causing a Denial of Service. One proposed fix for this vulnerability is to patch `Decompress.c:887` by breaking `if(len <= 0)`, which has been incorporated in version 3.5.0036 via commit bab062bde40b2ae8a91eecd522e84d8b993bab58. |
2023-05-09 | not yet calculated | CVE-2023-31137MISCMISCMISC |
dhis2 — dhis2_core | DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an object may be able to modify related objects that they should not have access to. DHIS2 implementers should upgrade to a supported version of DHIS2 to receive a patch: 2.37.9.1, 2.38.3.1, or 2.39.1.2. It is possible to work around this issue by blocking all PATCH requests on a reverse proxy, but this may cause some issues with the functionality of built-in applications using legacy PATCH requests. | 2023-05-09 | not yet calculated | CVE-2023-31138MISCMISCMISCMISC |
dhis2 — dhis2_core | DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens (PATs) generate unrestricted session cookies. This may lead to a bypass of other access restrictions (for example, based on allowed IP addresses or HTTP methods). DHIS2 implementers should upgrade to a supported version of DHIS2: 2.37.9.1, 2.38.3.1, or 2.39.1.2. Implementers can work around this issue by adding extra access control validations on a reverse proxy. | 2023-05-09 | not yet calculated | CVE-2023-31139MISCMISCMISCMISC |
openproject — openproject | OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication (2FA) device for an account, existing logged in sessions for that user account are not terminated. Likewise, if an administrators creates a mobile phone 2FA device on behalf of a user, their existing sessions are not terminated. The issue has been resolved in OpenProject version 12.5.4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround, users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround. | 2023-05-08 | not yet calculated | CVE-2023-31140MISCMISCMISCMISC |
opensearch — opensearch | OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue. | 2023-05-08 | not yet calculated | CVE-2023-31141MISC |
mage-ai — mage-ai | mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue. | 2023-05-09 | not yet calculated | CVE-2023-31143MISCMISC |
craft_cms — cms | Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4. | 2023-05-09 | not yet calculated | CVE-2023-31144MISCMISC |
vyper — vyper | Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue. | 2023-05-11 | not yet calculated | CVE-2023-31146MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Input Validation vulnerability
in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. |
2023-05-10 | not yet calculated | CVE-2023-31148MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Input Validation vulnerability
in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. |
2023-05-10 | not yet calculated | CVE-2023-31149MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31150MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Certificate Validation vulnerability
in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. |
2023-05-10 | not yet calculated | CVE-2023-31151MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31152MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details. | 2023-05-10 | not yet calculated | CVE-2023-31153MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31154MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31155MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31156MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31157MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31158MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31159MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31160MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31161MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31162MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31163MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31164MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31165MISCMISC |
schweitzer_engineering_laboratories — real-time_automation_controller_database_system | An Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.
See SEL Service Bulletin dated 2022-11-15 for more details. |
2023-05-10 | not yet calculated | CVE-2023-31166MISCMISC |
agilepoint — nx | AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request. | 2023-05-08 | not yet calculated | CVE-2023-31178MISC |
agilepoint — nx | AgilePoint NX v8.0 SU2.2 & SU2.3 – Path traversal – Vulnerability allows path traversal and downloading files from the server, by an unspecified request. | 2023-05-08 | not yet calculated | CVE-2023-31179MISC |
easytor — easytor | EasyTor Applications – Authorization Bypass – EasyTor Applications may allow authorization bypass via unspecified method. | 2023-05-08 | not yet calculated | CVE-2023-31182MISC |
intel — trace_analyzer_collector | Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-05-12 | not yet calculated | CVE-2023-31197MISC |
intel — solid_state_drive_toolbox | Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-05-12 | not yet calculated | CVE-2023-31199MISC |
sap — businessobjects_business_intelligence_platform | Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) – versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted. | 2023-05-09 | not yet calculated | CVE-2023-31404MISCMISC |
sap — businessobjects_business_intelligence_platform | Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform – versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | 2023-05-09 | not yet calculated | CVE-2023-31406MISCMISC |
sap — business_planning_and_consolidation | SAP Business Planning and Consolidation – versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. | 2023-05-09 | not yet calculated | CVE-2023-31407MISCMISC |
lightbend_akka — lightbend_akka | In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not validate (e.g., via TLS) the authenticity of the discovered service, this may result in exfiltration of application data (e.g., persistence events may be published to an unintended Kafka broker). If such validation is performed, then the poisoning constitutes a denial of access to the intended service. This affects Akka 2.5.14 through 2.8.0, and Akka Discovery through 2.8.0. | 2023-05-11 | not yet calculated | CVE-2023-31442MISCMISC |
cassia — access_controller | Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users. | 2023-05-11 | not yet calculated | CVE-2023-31445MISCMISC |
glinet — glinet | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL. | 2023-05-10 | not yet calculated | CVE-2023-31471MISCMISC |
glinet — glinet | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. | 2023-05-09 | not yet calculated | CVE-2023-31472MISCMISC |
glinet — glinet | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file. | 2023-05-11 | not yet calculated | CVE-2023-31473MISCMISC |
glinet — glinet | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name. | 2023-05-09 | not yet calculated | CVE-2023-31474MISCMISC |
glinet — glinet | An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer. | 2023-05-11 | not yet calculated | CVE-2023-31475MISCMISC |
glinet — glinet | An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www). | 2023-05-09 | not yet calculated | CVE-2023-31476MISCMISC |
glinet — glinet | A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path. | 2023-05-11 | not yet calculated | CVE-2023-31477MISCMISC |
glinet — glinet | An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. | 2023-05-09 | not yet calculated | CVE-2023-31478MISCMISC |
frrouting — bgpd | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. | 2023-05-09 | not yet calculated | CVE-2023-31489MISC |
frrouting — bgpd | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. | 2023-05-09 | not yet calculated | CVE-2023-31490MISC |
quick_heal_technologies — limited_seqrite_endpoint_security | Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to the target system. | 2023-05-11 | not yet calculated | CVE-2023-31497MISC |
php_gurukul — hospital_management_system | A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. | 2023-05-11 | not yet calculated | CVE-2023-31498MISCMISCMISC |
altenergy — power_control_software | Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php. | 2023-05-11 | not yet calculated | CVE-2023-31502MISC |
prestashop — prestashop | A cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter in /contactform/contactform.php. | 2023-05-11 | not yet calculated | CVE-2023-31508MISC |
motorola — cx2l_router | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter. | 2023-05-11 | not yet calculated | CVE-2023-31528MISC |
motorola — cx2l_router | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter. | 2023-05-11 | not yet calculated | CVE-2023-31529MISC |
motorola — cx2l_router | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter. | 2023-05-11 | not yet calculated | CVE-2023-31530MISC |
motorola — cx2l_router | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter. | 2023-05-11 | not yet calculated | CVE-2023-31531MISC |
xpdf — xpdfimages | xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readPageLabelTree2(Object*). This vulnerability allows attackers to cause a Denial of Service (DoS). | 2023-05-10 | not yet calculated | CVE-2023-31554MISC |
podofo — podofoinfo | podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad. | 2023-05-10 | not yet calculated | CVE-2023-31555MISC |
podofo — podofoinfo | podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent. | 2023-05-10 | not yet calculated | CVE-2023-31556MISC |
xpdf — xpdfimages | xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readEmbeddedFileTree(Object*). This vulnerability allows attackers to cause a Denial of Service (DoS). | 2023-05-10 | not yet calculated | CVE-2023-31557MISC |
podofo — podofo | Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). | 2023-05-10 | not yet calculated | CVE-2023-31566MISC |
podofo — podofo | Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. | 2023-05-10 | not yet calculated | CVE-2023-31567MISC |
podofo — podofo | Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4. | 2023-05-10 | not yet calculated | CVE-2023-31568MISC |
jerryscript-project — jerryscript | Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c. | 2023-05-10 | not yet calculated | CVE-2023-31906MISC |
jerryscript-project — jerryscript | Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c. | 2023-05-10 | not yet calculated | CVE-2023-31907MISC |
jerryscript-project — jerryscript | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort. | 2023-05-10 | not yet calculated | CVE-2023-31908MISC |
jerryscript-project — jerryscript | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c. | 2023-05-10 | not yet calculated | CVE-2023-31910MISC |
jerryscript-project — jerryscript | Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. | 2023-05-12 | not yet calculated | CVE-2023-31913MISC |
jerryscript-project — jerryscript | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. | 2023-05-12 | not yet calculated | CVE-2023-31914MISC |
jerryscript-project — jerryscript | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. | 2023-05-12 | not yet calculated | CVE-2023-31916MISC |
jerryscript-project — jerryscript | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. | 2023-05-12 | not yet calculated | CVE-2023-31918MISC |
jerryscript-project — jerryscript | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. | 2023-05-12 | not yet calculated | CVE-2023-31919MISC |
jerryscript-project — jerryscript | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. | 2023-05-12 | not yet calculated | CVE-2023-31920MISC |
jerryscript-project — jerryscript | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. | 2023-05-12 | not yet calculated | CVE-2023-31921MISC |
quickjs — commit | QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c. | 2023-05-12 | not yet calculated | CVE-2023-31922MISC |
libming — libming | libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c. | 2023-05-09 | not yet calculated | CVE-2023-31976MISC |
catdoc — catdoc | Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c. | 2023-05-09 | not yet calculated | CVE-2023-31979MISC |
sngrep — sngrep | Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c. | 2023-05-09 | not yet calculated | CVE-2023-31981MISC |
sngrep — sngrep | Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c. | 2023-05-09 | not yet calculated | CVE-2023-31982MISC |
edimax — wireless_router_n300_firmware_br-6428ns | A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations. | 2023-05-12 | not yet calculated | CVE-2023-31983MISC |
edimax — wireless_router_n300_firmware_br-6428ns | A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations. | 2023-05-12 | not yet calculated | CVE-2023-31985MISC |
vyper — vyper | Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8. | 2023-05-11 | not yet calculated | CVE-2023-32058MISCMISC |
vyper — vyper | Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8. | 2023-05-11 | not yet calculated | CVE-2023-32059MISCMISC |
dhis2 — core | DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker program events or program stages, the `/trackedEntityInstances` and `/events` API endpoints may include all events regardless of the sharing settings applied to the category option combinations. When this specific configuration is present, users may have access to events which they should not be able to see based on the sharing settings of the category options. The events will not appear in the user interface for web-based Tracker Capture or Capture applications, but if the Android Capture App is used they will be displayed to the user. Versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0 contain a fix for this issue. No workaround is known. | 2023-05-09 | not yet calculated | CVE-2023-32060MISC |
time_tracker — time_tracker | Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then be executed in user browser on subsequent requests to week view. This issue is fixed in version 1.22.12.5783. As a workaround, use `htmlspecialchars` when calling `$field->setTitle` on line #245 in the `week.php` file, as happens in version 1.22.12.5783. | 2023-05-09 | not yet calculated | CVE-2023-32066MISCMISC |
xwiki — platform | XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it’s possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds. | 2023-05-09 | not yet calculated | CVE-2023-32069MISCMISCMISC |
xwiki — platform | XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn’t check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version. | 2023-05-10 | not yet calculated | CVE-2023-32070MISCMISCMISC |
xwiki — platform | XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it’s possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. The easiest possible workaround is to edit file `<xwiki app>/templates/importinline.vm` and apply the modification described in commit 28905f7f518cc6f21ea61fe37e9e1ed97ef36f01. | 2023-05-09 | not yet calculated | CVE-2023-32071MISCMISCMISCMISC |
wwbn — avideo | WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3. | 2023-05-12 | not yet calculated | CVE-2023-32073MISCMISC |
pimcore — customer_managemenr_framework | The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually. | 2023-05-11 | not yet calculated | CVE-2023-32075MISCMISCMISCMISC |
in-toto — in-toto | in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the files read is `.in_totorc` which is a hidden file in the directory in which in-toto is run. If an attacker controls the inputs to a supply chain step, they can mask their activities by also passing in an `.in_totorc` file that includes the necessary exclude patterns and settings. RC files are widely used in other systems and security issues have been discovered in their implementations as well. Maintainers found in their conversations with in-toto adopters that `in_totorc` is not their preferred way to configure in-toto. As none of the options supported in `in_totorc` is unique, and can be set elsewhere using API parameters or CLI arguments, the maintainers decided to drop support for `in_totorc`. in-toto’s `user_settings` module has been dropped altogether in commit 3a21d84f40811b7d191fa7bd17265c1f99599afd. Users may also sandbox functionary code as a security measure. | 2023-05-10 | not yet calculated | CVE-2023-32076MISCMISCMISCMISC |
pterodactyl — wings | Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to modify an server’s install script or the install script executes code supplied by the user (either through environment variables, or commands that execute commands based off of user data). This vulnerability has been resolved in version `v1.11.6` of Wings, and has been back-ported to the 1.7 release series in `v1.7.5`. Anyone running `v1.11.x` should upgrade to `v1.11.6` and anyone running `v1.7.x` should upgrade to `v1.7.5`.
There are no workarounds aside from upgrading. Running Wings with a rootless container runtime may mitigate the severity of any attacks, however the majority of users are using container runtimes that run as root as per the Wings documentation. SELinux may prevent attackers from performing certain operations against the host system, however privileged containers have a lot of freedom even on systems with SELinux enabled. It should be noted that this was a known attack vector, for attackers to easily exploit this attack it would require compromising an administrator account on a Panel. However, certain eggs (the data structure that holds the install scripts that get passed to Wings) have an issue where they are unknowingly executing shell commands with escalated privileges provided by untrusted user data. |
2023-05-10 | not yet calculated | CVE-2023-32080MISCMISCMISC |
vertx — stomp | Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched in Vert.x 3.9.16 and 4.4.2. There are no trivial workarounds. | 2023-05-12 | not yet calculated | CVE-2023-32081MISCMISC |
etcd-io — etcd | etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn’t have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds. | 2023-05-11 | not yet calculated | CVE-2023-32082MISCMISCMISCMISC |
sap_se — powerdesigner_proxy | In SAP PowerDesigner (Proxy) – version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application. | 2023-05-09 | not yet calculated | CVE-2023-32111MISCMISC |
sap_se — vendor_master_hierarchy | Vendor Master Hierarchy – versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system. | 2023-05-09 | not yet calculated | CVE-2023-32112MISCMISC |
sap_se — gui_for_windows | SAP GUI for Windows – version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation. | 2023-05-09 | not yet calculated | CVE-2023-32113MISCMISC |
linux — kernel | In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. | 2023-05-08 | not yet calculated | CVE-2023-32233MISCMISCMISCMISCMISCDEBIAN |
wordpress — wordpress | Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. | 2023-05-12 | not yet calculated | CVE-2023-32243MISCMISC |
planetlabs — planet_client_python | Planet is software that provides satellite data. The secret file stores the user’s Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user’s group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand. | 2023-05-12 | not yet calculated | CVE-2023-32303MISCMISCMISC |
aiven — extras | aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9. | 2023-05-12 | not yet calculated | CVE-2023-32305MISCMISC |
time_tracker — time_tracker | Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in `ttReportHelper.class.php` from version 1.22.13.5792. | 2023-05-12 | not yet calculated | CVE-2023-32306MISC |
veritas — infoscale_operations_manager | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration. | 2023-05-10 | not yet calculated | CVE-2023-32568MISC |
veritas — infoscale_operations_manager | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database. | 2023-05-10 | not yet calculated | CVE-2023-32569MISC |
videolan — dav1d | VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. | 2023-05-10 | not yet calculated | CVE-2023-32570MISCMISC |
qt-project — qt-project | In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. | 2023-05-10 | not yet calculated | CVE-2023-32573MISC |
luatex — luatex | LuaTeX before 1.17.0 enables the socket library by default. | 2023-05-11 | not yet calculated | CVE-2023-32668MISCMISCMISC |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.