Vulnerability Summary for the Week of June 19, 2023

Posted by:

|

On:

|

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
zyxel — nas326_firmware The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request. 2023-06-19 9.8 CVE-2023-27992
MISC
marksoft — marksoft Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605. 2023-06-19 9.8 CVE-2023-2907
MISC
wordpress — wordpress The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the ‘id’ parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2023-06-24 9.8 CVE-2023-3197
MISC
MISC
simple_customer_relationship_management — simple_customer_relationship_management Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter. 2023-06-16 9.8 CVE-2023-34548
MISC
jeecg_boot — jeecg_boot jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. 2023-06-16 9.8 CVE-2023-34659
MISC
tp-link — archer_ax10_firmware TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 – 0x132B4. 2023-06-16 9.8 CVE-2023-34832
MISC
MISC
MISC
MISC
progress — moveit_transfer In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3). 2023-06-16 9.8 CVE-2023-35708
MISC
MISC
MISC
wordpress — wordpress The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the ‘cmsc_add_site’ function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the ‘_cmsc_public_key’ in the plugin config, providing access to the plugin’s remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe. 2023-06-20 8.1 CVE-2023-3325
MISC
MISC
MISC
microsoft — sql_server Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability 2023-06-16 7.8 CVE-2023-32027
MISC
microsoft — sql_server Microsoft OLE DB Remote Code Execution Vulnerability 2023-06-16 7.8 CVE-2023-32028
MISC
linux — kernel An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. 2023-06-16 7.8 CVE-2023-35788
MISC
MISC
MISC
MLIST
juniper_networks — junos_os/junos_os_evolved An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This issue affects: Juniper Networks Junos OS 15.1R1 and later versions prior to 20.4R3-S8; 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5; 21.4 versions prior to 21.4R3-S4; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S2; 22.3 versions prior to 22.2R3-S2; 22.4 versions prior to 22.4R2-S1, 22.4R3; 23.1 versions prior to 23.1R1-S1, 23.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S8-EVO; 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO; 21.3 versions prior to 21.3R3-S5-EVO; 21.4 versions prior to 21.4R3-S4-EVO; 22.1 versions prior to 22.1R3-S4-EVO; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO. 2023-06-21 7.5 CVE-2023-0026
CONFIRM
MISC
isc — bind_9 Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. 2023-06-21 7.5 CVE-2023-2828
MISC
MISC
MISC
MISC
isc — bind_9 A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1. 2023-06-21 7.5 CVE-2023-2829
MISC
isc — bind_9 If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. 2023-06-21 7.5 CVE-2023-2911
MISC
MISC
MISC
MISC
microsoft — yarp Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability 2023-06-23 7.5 CVE-2023-33141
MISC
jfinal_cms — jfinal_cms jfinal CMS 5.1.0 has an arbitrary file read vulnerability. 2023-06-16 7.5 CVE-2023-34645
MISC
wordpress — wordpress The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard. 2023-06-22 7.2 CVE-2019-25152
MISC
MISC
MISC
MISC
wordpress — wordpress The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nsc_bar_content_href’ parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2. 2023-06-24 7.2 CVE-2023-3388
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
mattermost — mattermost Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. 2023-06-16 6.5 CVE-2023-2784
MISC
fortinet — fortios A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter. 2023-06-16 6.5 CVE-2023-33306
MISC
fortinet — fortios A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter. 2023-06-16 6.5 CVE-2023-33307
MISC
MISC
jeecg_boot — jeecg_boot jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. 2023-06-16 6.5 CVE-2023-34660
MISC
wordpress — wordpress The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘lana_text_to_image’ and ‘lana_text_to_img’ shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-06-24 6.4 CVE-2023-3387
MISC
MISC
MISC
everestthemes — arya_multipurpose Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose theme <= 1.0.5 versions. 2023-06-16 6.1 CVE-2023-27420
MISC
react-storefront — react-storefront Cross-site Scripting (XSS) – DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7. 2023-06-16 6.1 CVE-2023-3294
MISC
CONFIRM
wordpress — wordpress The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-06-20 6.1 CVE-2023-3320
MISC
MISC
MISC
apple — macos A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system 2023-06-23 6 CVE-2023-32369
MISC
MISC
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions. 2023-06-16 5.4 CVE-2023-26013
MISC
wolterskluwer — teammate+ A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML. 2023-06-16 5.4 CVE-2023-33438
MISC
MISC
bludit — bludit Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. 2023-06-16 5.4 CVE-2023-34845
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions. 2023-06-16 4.8 CVE-2023-25963
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psicosi448 wp2syslog plugin <= 1.0.5 versions. 2023-06-16 4.8 CVE-2023-25974
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko Takagi Simple Slug Translate plugin <= 2.7.2 versions. 2023-06-16 4.8 CVE-2023-26515
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions. 2023-06-16 4.8 CVE-2023-26527
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <= 1.0.2 versions. 2023-06-16 4.8 CVE-2023-26537
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions. 2023-06-16 4.8 CVE-2023-26541
MISC
suitecrm — suitecrm Cross-site Scripting (XSS) – Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0. 2023-06-16 4.8 CVE-2023-3293
CONFIRM
MISC
mattermost — mattermost Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. 2023-06-16 4.3 CVE-2023-2783
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
nanopb — nanopb Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string. 2023-06-17 not yet calculated CVE-2014-125106
MISC
MISC
MISC
mozilla — firefox
 
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. 2023-06-19 not yet calculated CVE-2019-25136
MISC
MISC
ebcms — ebcms File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter. 2023-06-20 not yet calculated CVE-2020-20067
MISC
dwsurvey — dwsurvey Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file. 2023-06-20 not yet calculated CVE-2020-20070
MISC
kilo — kilo Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8520c5b04d261616098cebf742f5a23 allows a remote attacker to cause a denial of service via the editorUpdateRow function in kilo.c. 2023-06-20 not yet calculated CVE-2020-20335
MISC
wuzhicms — wuzhicms SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. 2023-06-20 not yet calculated CVE-2020-20413
MISC
opencart — opencart SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. 2023-06-20 not yet calculated CVE-2020-20491
MISC
yzcms — yzcms Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function. 2023-06-20 not yet calculated CVE-2020-20502
MISC
MISC
joyplus-cms — joyplus-cms SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. 2023-06-20 not yet calculated CVE-2020-20636
MISC
nodcms — nodcms Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter. 2023-06-20 not yet calculated CVE-2020-20697
MISC
vim — vim Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. 2023-06-20 not yet calculated CVE-2020-20703
MISC
pluckcms — pluckcms File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter. 2023-06-20 not yet calculated CVE-2020-20718
MISC
taocms — taocms Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. 2023-06-20 not yet calculated CVE-2020-20725
MISC
gilacms — gilacms Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter. 2023-06-20 not yet calculated CVE-2020-20726
MISC
ljcms — ljcms File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter. 2023-06-20 not yet calculated CVE-2020-20735
MISC
pluckcms — pluckcms An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page. 2023-06-20 not yet calculated CVE-2020-20918
MISC
pluckcms — pluckcms File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file. 2023-06-20 not yet calculated CVE-2020-20919
MISC
pluckcms — pluckcms File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file. 2023-06-20 not yet calculated CVE-2020-20969
MISC
zrlog — zrlog Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function. 2023-06-20 not yet calculated CVE-2020-21052
MISC
typora — typora Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax. 2023-06-20 not yet calculated CVE-2020-21058
MISC
liufee_cms — liufee_cms File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function. 2023-06-20 not yet calculated CVE-2020-21174
MISC
yiicms — yiicms Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function. 2023-06-20 not yet calculated CVE-2020-21246
MISC
hongcms — hongcms Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. 2023-06-20 not yet calculated CVE-2020-21252
MISC
easysoft — zentaopms Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter. 2023-06-20 not yet calculated CVE-2020-21268
MISC
wuzhicms — wuzhicms
 
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the functioncommon.func.php file. 2023-06-20 not yet calculated CVE-2020-21325
MISC
greencms — greencms Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php. 2023-06-20 not yet calculated CVE-2020-21366
MISC
phpmywind — phpmywind SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function. 2023-06-20 not yet calculated CVE-2020-21400
MISC
nucleuscms — nucleuscms File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter. 2023-06-20 not yet calculated CVE-2020-21474
MISC
alluxio — alluxio Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component. 2023-06-20 not yet calculated CVE-2020-21485
MISC
phpok — phpok SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file. 2023-06-20 not yet calculated CVE-2020-21486
MISC
feehicms — feehicms File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component. 2023-06-20 not yet calculated CVE-2020-21489
MISC
apple — macos
 
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution 2023-06-23 not yet calculated CVE-2022-22630
MISC
MISC
MISC
semver — semver Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. 2023-06-21 not yet calculated CVE-2022-25883
MISC
MISC
MISC
MISC
MISC
MISC
riello ups — netman-204 There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations. 2023-06-21 not yet calculated CVE-2022-3372
MISC
apple — ios_and_ipados
 
This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information 2023-06-23 not yet calculated CVE-2022-42792
MISC
apple — macos
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key 2023-06-23 not yet calculated CVE-2022-42807
MISC
apple — macos
 
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression 2023-06-23 not yet calculated CVE-2022-42834
MISC
MISC
MISC
apple — macos
 
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system 2023-06-23 not yet calculated CVE-2022-42860
MISC
MISC
MISC
temenos_cwx — temenos_cwx An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. 2023-06-21 not yet calculated CVE-2022-45287
MISC
MISC
MISC
apple — ios_and_ipados
 
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences 2023-06-23 not yet calculated CVE-2022-46715
MISC
apple — macos
 
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information 2023-06-23 not yet calculated CVE-2022-46718
MISC
MISC
MISC
MISC
wordpress — wordpress Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions. 2023-06-19 not yet calculated CVE-2022-46850
MISC
wordpress — wordpress Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.1.23 versions. 2023-06-19 not yet calculated CVE-2022-47586
MISC
wordpress — wordpress Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 versions. 2023-06-22 not yet calculated CVE-2022-47593
MISC
wordpress — wordpress Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions. 2023-06-23 not yet calculated CVE-2022-47614
MISC
huawei — emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. 2023-06-19 not yet calculated CVE-2022-48486
MISC
huawei — emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. 2023-06-19 not yet calculated CVE-2022-48487
MISC
huawei — harmonyos
 
Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop. 2023-06-19 not yet calculated CVE-2022-48488
MISC
huawei — emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. 2023-06-19 not yet calculated CVE-2022-48489
MISC
huawei — emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. 2023-06-19 not yet calculated CVE-2022-48490
MISC
huawei — harmonyos
 
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time. 2023-06-19 not yet calculated CVE-2022-48491
MISC
huawei — emui Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. 2023-06-19 not yet calculated CVE-2022-48492
MISC
huawei — emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. 2023-06-19 not yet calculated CVE-2022-48493
MISC
huawei — harmonyos
 
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized. 2023-06-19 not yet calculated CVE-2022-48494
MISC
huawei — harmonyos
 
Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained. 2023-06-19 not yet calculated CVE-2022-48495
MISC
huawei — harmonyos
 
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized. 2023-06-19 not yet calculated CVE-2022-48496
MISC
huawei — emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. 2023-06-19 not yet calculated CVE-2022-48497
MISC
huawei — emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. 2023-06-19 not yet calculated CVE-2022-48498
MISC
huawei — emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. 2023-06-19 not yet calculated CVE-2022-48499
MISC
huawei — emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. 2023-06-19 not yet calculated CVE-2022-48500
MISC
huawei — harmonyos
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. 2023-06-19 not yet calculated CVE-2022-48501
MISC
dominion_voting_systems — imagecast_precinct/imagecast_evolution A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions “Improved pseudo random number algorithm,” which may be relevant. 2023-06-19 not yet calculated CVE-2022-48506
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-06-19 not yet calculated CVE-2023-0368
MISC
wordpress — wordpress
 
The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-06-19 not yet calculated CVE-2023-0489
MISC
silicon_labs — z/ip_gateway A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. 2023-06-21 not yet calculated CVE-2023-0969
MISC
silicon_labs — z/ip_gateway Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code. 2023-06-21 not yet calculated CVE-2023-0970
MISC
silicon_labs — z/ip_gateway A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. 2023-06-21 not yet calculated CVE-2023-0971
MISC
silicon_labs — z/ip_gateway Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. 2023-06-21 not yet calculated CVE-2023-0972
MISC
yoga_class_registration_system — yoga_class_registration_system Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. 2023-06-24 not yet calculated CVE-2023-1721
MISC
MISC
yoga_class_registration_system — yoga_class_registration_system Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. 2023-06-24 not yet calculated CVE-2023-1722
MISC
MISC
ladybirdweb — faveo_helpdesk_for_linux Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS. 2023-06-24 not yet calculated CVE-2023-1724
MISC
MISC
orangescrum — orangescrum_for_linux OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF. 2023-06-23 not yet calculated CVE-2023-1783
MISC
MISC
cloudflare — warp_client_for_windows Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target’s device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target’s device must’ve been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target’s credentials. 2023-06-20 not yet calculated CVE-2023-1862
MISC
MISC
MISC
chromium — libwebp There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.  2023-06-20 not yet calculated CVE-2023-1999
MISC
vmware — vcenter_server The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. 2023-06-22 not yet calculated CVE-2023-20892
MISC
vmware — vcenter_server The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. 2023-06-22 not yet calculated CVE-2023-20893
MISC
vmware — vcenter_server The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. 2023-06-22 not yet calculated CVE-2023-20894
MISC
vmware — vcenter_server The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. 2023-06-22 not yet calculated CVE-2023-20895
MISC
vmware — vcenter_server The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). 2023-06-22 not yet calculated CVE-2023-20896
MISC
wordpress — wordpress
 
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. 2023-06-19 not yet calculated CVE-2023-2221
MISC
hcl_software — bigfix_osd_bare_metal_server A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain. 2023-06-22 not yet calculated CVE-2023-23343
MISC
hcl_software — bigfix_webui_insights A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. 2023-06-23 not yet calculated CVE-2023-23344
MISC
apple — macos
 
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Big Sur 11.7.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges 2023-06-23 not yet calculated CVE-2023-23516
MISC
MISC
MISC
apple — macos
 
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution 2023-06-23 not yet calculated CVE-2023-23539
MISC
wordpress — wordpress
 
The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. 2023-06-19 not yet calculated CVE-2023-2359
MISC
js_help_desk — js_help_desk Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7. 2023-06-23 not yet calculated CVE-2023-23679
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions. 2023-06-22 not yet calculated CVE-2023-23795
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumos MojoPlug Slide Panel plugin <= 1.1.2 versions. 2023-06-22 not yet calculated CVE-2023-23807
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neil Gee Smoothscroller plugin <= 1.0.0 versions. 2023-06-22 not yet calculated CVE-2023-23811
MISC
wordpress — wordpress
 
The QuBot WordPress plugin before 1.1.6 doesn’t filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. 2023-06-19 not yet calculated CVE-2023-2399
MISC
devolutions — server
 
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access. 2023-06-20 not yet calculated CVE-2023-2400
MISC
wordpress — wordpress
 
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2023-06-19 not yet calculated CVE-2023-2401
MISC
gl.inet — gl-e750_mudi A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request. 2023-06-21 not yet calculated CVE-2023-24261
MISC
wordpress — wordpress
 
The QueryWall: Plug’n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. 2023-06-19 not yet calculated CVE-2023-2492
MISC
autodesk — autocad/maya A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution. 2023-06-23 not yet calculated CVE-2023-25003
MISC
nokia — airscale_asika_single_ran_devices An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don’t give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities. 2023-06-16 not yet calculated CVE-2023-25187
MISC
MISC
MISC
wordpress — wordpress
 
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-06-19 not yet calculated CVE-2023-2527
MISC
papercut — ng/mf A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes. 2023-06-20 not yet calculated CVE-2023-2533
MISC
MISC
libtiff — libtiff libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. 2023-06-21 not yet calculated CVE-2023-25435
MISC
vaadin — vaadin When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure. 2023-06-22 not yet calculated CVE-2023-25499
MISC
MISC
vaadin — vaadin Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests. 2023-06-22 not yet calculated CVE-2023-25500
MISC
MISC
nvidia — jetson_agx_xavier_series/jetson_xavier_nx NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity. 2023-06-23 not yet calculated CVE-2023-25515
MISC
nvidia — jetson_agx_xavier_series/jetson_xavier_nx NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity. 2023-06-23 not yet calculated CVE-2023-25518
MISC
nvidia — multiple_products NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service. 2023-06-23 not yet calculated CVE-2023-25520
MISC
mozilla — firefox
 
The return value from `gfx::SourceSurfaceSkia::Map()` wasn’t being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110. 2023-06-19 not yet calculated CVE-2023-25733
MISC
MISC
mozilla — firefox
 
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110. 2023-06-19 not yet calculated CVE-2023-25736
MISC
MISC
mozilla — firefox_for_android
 
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0. 2023-06-19 not yet calculated CVE-2023-25747
MISC
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-25936
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-25937
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-25938
MISC
wordpress — wordpress
 
The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-06-19 not yet calculated CVE-2023-2600
MISC
advantech — r-seenet Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. 2023-06-22 not yet calculated CVE-2023-2611
MISC
sync — word-wrap All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable. 2023-06-22 not yet calculated CVE-2023-26115
MISC
MISC
MISC
open-xchange_ software_gmbh — ox_app_suite Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known. 2023-06-20 not yet calculated CVE-2023-26427
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh — ox_app_suite Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known. 2023-06-20 not yet calculated CVE-2023-26428
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh — ox_app_suite Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known. 2023-06-20 not yet calculated CVE-2023-26429
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh — ox_app_suite IPv4-mapped IPv6 addresses did not get recognized as “local” by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known. 2023-06-20 not yet calculated CVE-2023-26431
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh — ox_app_suite When adding an external mail account, processing of SMTP “capabilities” responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known. 2023-06-20 not yet calculated CVE-2023-26432
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh — ox_app_suite When adding an external mail account, processing of IMAP “capabilities” responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known. 2023-06-20 not yet calculated CVE-2023-26433
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh — ox_app_suite When adding an external mail account, processing of POP3 “capabilities” responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server response to reasonable length/size. No publicly available exploits are known. 2023-06-20 not yet calculated CVE-2023-26434
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh — ox_app_suite It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. We have improved existing content filters and validators to avoid including any local resources. No publicly available exploits are known. 2023-06-20 not yet calculated CVE-2023-26435
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh — ox_app_suite Attackers with access to the “documentconverterws” API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processing the request. A check has been introduced to restrict processing of legal and expected classes for this API. We now log a warning in case there are attempts to inject illegal classes. No publicly available exploits are known. 2023-06-20 not yet calculated CVE-2023-26436
MISC
MISC
MISC
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneWebsite WP Repost plugin <= 0.1 versions. 2023-06-22 not yet calculated CVE-2023-26534
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin <= 2.1.2 versions. 2023-06-22 not yet calculated CVE-2023-26539
MISC
wordpress — wordpress
 
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-06-19 not yet calculated CVE-2023-2654
MISC
wordpress — wordpress
 
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-06-19 not yet calculated CVE-2023-2684
MISC
pluckcms — pluckcms An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. 2023-06-22 not yet calculated CVE-2023-27083
MISC
wordpress — wordpress
 
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber. 2023-06-19 not yet calculated CVE-2023-2719
MISC
makves — dcap An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API. 2023-06-21 not yet calculated CVE-2023-27243
MISC
MISC
MISC
omron_corporation — multiple_products
 
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues — (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later) 2023-06-19 not yet calculated CVE-2023-27396
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <= 2.4.4 versions. 2023-06-22 not yet calculated CVE-2023-27413
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions. 2023-06-21 not yet calculated CVE-2023-27414
MISC
wordpress — wordpress
 
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2023-06-19 not yet calculated CVE-2023-2742
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions. 2023-06-23 not yet calculated CVE-2023-27427
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic – Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions. 2023-06-21 not yet calculated CVE-2023-27429
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin <= 1.0.4 versions. 2023-06-21 not yet calculated CVE-2023-27432
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions. 2023-06-21 not yet calculated CVE-2023-27439
MISC
wordpress — wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin <= 2.9.1 versions. 2023-06-21 not yet calculated CVE-2023-27443
MISC
wordpress — wordpress
 
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions. 2023-06-21 not yet calculated CVE-2023-27450
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.3 versions. 2023-06-22 not yet calculated CVE-2023-27452
MISC
wordpress — wordpress
 
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site. 2023-06-19 not yet calculated CVE-2023-2751
MISC
wordpress — wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions. 2023-06-22 not yet calculated CVE-2023-27612
MISC
wordpress — wordpress
 
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions. 2023-06-22 not yet calculated CVE-2023-27618
MISC
wordpress — wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions. 2023-06-22 not yet calculated CVE-2023-27629
MISC
wordpress — wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions. 2023-06-22 not yet calculated CVE-2023-27631
MISC
wordpress — wordpress
 
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 2023-06-19 not yet calculated CVE-2023-2779
MISC
MISC
autodesk_installer
 
A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability. 2023-06-23 not yet calculated CVE-2023-27908
MISC
apple — macos
 
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges 2023-06-23 not yet calculated CVE-2023-27930
MISC
MISC
MISC
MISC
apple — macos
 
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections 2023-06-23 not yet calculated CVE-2023-27940
MISC
MISC
MISC
apple — airpods_firmware_update
 
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones. 2023-06-23 not yet calculated CVE-2023-27964
MISC
hcl_software — bigfix_osd_bare_metal_server The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. 2023-06-22 not yet calculated CVE-2023-28006
MISC
hcl_software — bigfix_osd_bare_metal_server Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. 2023-06-22 not yet calculated CVE-2023-28016
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28026
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28027
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28028
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable 2023-06-23 not yet calculated CVE-2023-28029
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28030
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28031
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28032
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28033
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28034
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28035
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28036
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28039
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28040
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28041
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28042
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28044
MISC
wordpress — wordpress
 
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. 2023-06-19 not yet calculated CVE-2023-2805
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28050
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28052
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28054
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28056
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28058
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28059
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28060
MISC
dell — cpg_bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-06-23 not yet calculated CVE-2023-28061
MISC
dell — cpg_bios Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. 2023-06-23 not yet calculated CVE-2023-28064
MISC
dell — multiple_products Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation. 2023-06-23 not yet calculated CVE-2023-28065
MISC
dell — multiple_products Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). 2023-06-23 not yet calculated CVE-2023-28071
MISC
dell — cpg_bios Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system. 2023-06-23 not yet calculated CVE-2023-28073
MISC
pegasystems — pega_platform
 
Pega platform clients who are using versions 6.1 through 8.8.3 and have upgraded from a version prior to 8.x may be utilizing default credentials. 2023-06-22 not yet calculated CVE-2023-28094
MISC
wordpress — wordpress
 
The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot 2023-06-19 not yet calculated CVE-2023-2811
MISC
wordpress — wordpress
 
The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-06-19 not yet calculated CVE-2023-2812
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <= 1.0.0 versions. 2023-06-22 not yet calculated CVE-2023-28166
MISC
wordpress — wordpress
 
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions. 2023-06-22 not yet calculated CVE-2023-28171
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLightUp eRocket plugin <= 1.2.4 versions. 2023-06-22 not yet calculated CVE-2023-28174
MISC
apple — multiple_products This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences 2023-06-23 not yet calculated CVE-2023-28191
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app firewall setting may not take effect after exiting the Settings app 2023-06-23 not yet calculated CVE-2023-28202
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. 2023-06-23 not yet calculated CVE-2023-28204
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Yudlee themes Mediciti Lite theme <= 1.3.0 versions. 2023-06-22 not yet calculated CVE-2023-28418
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prism Tech Studios Modern Footnotes plugin <= 1.4.15 versions. 2023-06-22 not yet calculated CVE-2023-28423
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP2GO – Email Made Easy plugin <= 1.4.2 versions. 2023-06-22 not yet calculated CVE-2023-28496
MISC
wordpress — wordpress
 
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board plugin <= 2.0.0 versions. 2023-06-22 not yet calculated CVE-2023-28534
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Drew Phillips VigilanTor plugin <= 1.3.10 versions. 2023-06-22 not yet calculated CVE-2023-28695
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6 versions. 2023-06-22 not yet calculated CVE-2023-28750
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions. 2023-06-23 not yet calculated CVE-2023-28751
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grade Us, Inc. Review Stream plugin <= 1.6.5 versions. 2023-06-22 not yet calculated CVE-2023-28774
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions. 2023-06-22 not yet calculated CVE-2023-28776
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions. 2023-06-22 not yet calculated CVE-2023-28778
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions. 2023-06-22 not yet calculated CVE-2023-28784
MISC
zscaler — client_connector A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.  2023-06-22 not yet calculated CVE-2023-28799
MISC
MISC
MISC
MISC
MISC
MISC
zscaler — client_connector When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. 2023-06-22 not yet calculated CVE-2023-28800
MISC
MISC
MISC
MISC
MISC
MISC
ibm — spectrum_protect_backup-archive_client IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: 251767. 2023-06-22 not yet calculated CVE-2023-28956
MISC
MISC
wordpress — wordpress
 
The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin 2023-06-19 not yet calculated CVE-2023-2899
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin <= 11.6.0 versions. 2023-06-23 not yet calculated CVE-2023-29100
MISC
subnet_solutions — powersystem_center SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. 2023-06-19 not yet calculated CVE-2023-29158
MISC
mozilla — multiple_products_for_macos
 
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. 2023-06-19 not yet calculated CVE-2023-29531
MISC
MISC
MISC
MISC
mozilla — multiple_products_for_windows
 
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. 2023-06-19 not yet calculated CVE-2023-29532
MISC
MISC
MISC
MISC
mozilla — firefox_for_android
 
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. 2023-06-19 not yet calculated CVE-2023-29534
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — multiple_products_for_windows
 
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. 2023-06-19 not yet calculated CVE-2023-29542
MISC
MISC
MISC
MISC
MISC
mozilla — multiple_products_for_windows
 
Similar to CVE-2023-28163, this time when choosing ‘Save Link As’, suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. 2023-06-19 not yet calculated CVE-2023-29545
MISC
MISC
MISC
MISC
mozilla — multiple_products_for_android
 
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. 2023-06-19 not yet calculated CVE-2023-29546
MISC
MISC
gbcom_lac — web_control_center Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device. 2023-06-22 not yet calculated CVE-2023-29707
MISC
MISC
wavlink — wn579x3
 
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload. 2023-06-22 not yet calculated CVE-2023-29708
MISC
MISC
wildix — wsg24poe An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication. 2023-06-22 not yet calculated CVE-2023-29709
MISC
MISC
interlink — psg-5124 An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request. 2023-06-22 not yet calculated CVE-2023-29711
MISC
MISC
dtstack taier — dtstack taier An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method. 2023-06-23 not yet calculated CVE-2023-29860
MISC
fortra — globalscape_eft
 
Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited 2023-06-22 not yet calculated CVE-2023-2989
MISC
MISC
fortra — globalscape_eft
 
Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service 2023-06-22 not yet calculated CVE-2023-2990
MISC
MISC
fortra — globalscape_eft
 
Fortra Globalscape EFT’s administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a “trial extension request” message 2023-06-22 not yet calculated CVE-2023-2991
MISC
MISC
laravel-s — laravel-s laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php. 2023-06-22 not yet calculated CVE-2023-29931
MISC
linux — kernel
 
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress. 2023-06-19 not yet calculated CVE-2023-3022
MISC
MISC
magnussolution — magnusbilling Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. 2023-06-23 not yet calculated CVE-2023-30258
MISC
MISC
raspap — raspap-webgui Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. 2023-06-23 not yet calculated CVE-2023-30260
MISC
MISC
neox_contact_center — neox_contact_center Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search. 2023-06-22 not yet calculated CVE-2023-30347
MISC
libcoap_library — libcoap_library Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu. 2023-06-23 not yet calculated CVE-2023-30362
MISC
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <= 1.8.1.2 versions. 2023-06-22 not yet calculated CVE-2023-30500
MISC
MISC
ricoh_company — printer_driver_packager_nx
 
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege. 2023-06-19 not yet calculated CVE-2023-30759
MISC
MISC
MISC
silicon_labs — unify_gateway Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. 2023-06-21 not yet calculated CVE-2023-3110
MISC
hashicorp — terraform_enterprise Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1. 2023-06-22 not yet calculated CVE-2023-3114
MISC
wordpress — wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPBakery Page Builder plugin <= 6.13.0 versions. 2023-06-22 not yet calculated CVE-2023-31213
MISC
fuji_electric/hakko_electronics — v-server/v-server_lite Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file. 2023-06-19 not yet calculated CVE-2023-31239
MISC
MISC
grafana — grafana Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. 2023-06-22 not yet calculated CVE-2023-3128
MISC
sick_ag — eventcam_app A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted. 2023-06-19 not yet calculated CVE-2023-31410
MISC
MISC
MISC
sick_ag — eventcam_app A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App. 2023-06-19 not yet calculated CVE-2023-31411
MISC
MISC
MISC
oracle — apache/streampipes
 
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0. 2023-06-23 not yet calculated CVE-2023-31469
MISC
sage — x3 Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. 2023-06-22 not yet calculated CVE-2023-31867
MISC
MISC
sage — x3 Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user’s inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is injected into those fields, this code will be saved by the application and executed by the web browser of the user viewing the web page. Several injection points have been identified on the application. The major one requires the user to be authenticated with a common account, he can then target an Administrator. All others endpoints need the malicious user to be authenticated as an Administrator. Therefore, the impact is diminished. 2023-06-22 not yet calculated CVE-2023-31868
MISC
MISC
linux — kernel
 
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. 2023-06-23 not yet calculated CVE-2023-3212
MISC
MISC
linux — kernel
 
An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference. 2023-06-20 not yet calculated CVE-2023-3220
MISC
fuji_electric/hakko_electronics — tellus/tellus_lite
 
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273. 2023-06-19 not yet calculated CVE-2023-32201
MISC
MISC
mozilla — firefox
 
Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. 2023-06-19 not yet calculated CVE-2023-32208
MISC
MISC
mozilla — firefox
 
A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. 2023-06-19 not yet calculated CVE-2023-32209
MISC
MISC
mozilla — firefox
 
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113. 2023-06-19 not yet calculated CVE-2023-32210
MISC
MISC
mozilla — multiple_products
 
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. 2023-06-19 not yet calculated CVE-2023-32214
MISC
MISC
MISC
MISC
mozilla — firefox
 
Memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113. 2023-06-19 not yet calculated CVE-2023-32216
MISC
MISC
wordpress — wordpress Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions. 2023-06-22 not yet calculated CVE-2023-32239
MISC
fuji_electric/hakko_electronics — tellus/tellus_lite
 
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. 2023-06-19 not yet calculated CVE-2023-32270
MISC
MISC
fuji_electric/hakko_electronics — tellus/tellus_lite
 
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201. 2023-06-19 not yet calculated CVE-2023-32273
MISC
MISC
enphase — installer_toolkit Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information. 2023-06-20 not yet calculated CVE-2023-32274
MISC
fuji_electric/hakko_electronics — tellus/tellus_lite
 
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. 2023-06-19 not yet calculated CVE-2023-32276
MISC
MISC
fuji_electric/hakko_electronics — tellus/tellus_lite
 
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution. 2023-06-19 not yet calculated CVE-2023-32288
MISC
MISC
nextcloud — security-advisories Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to send as many requests the server could handle in parallel to bruteforce protected details instead of the configured limit, default 8. Nextcloud Server versions 25.0.7 and 26.0.2 and Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7 and 26.0.2 contain patches for this issue. 2023-06-22 not yet calculated CVE-2023-32320
MISC
MISC
MISC
apple — itunes_for_windows
 
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges 2023-06-23 not yet calculated CVE-2023-32351
MISC
apple — macos
 
A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may bypass Gatekeeper checks 2023-06-23 not yet calculated CVE-2023-32352
MISC
MISC
MISC
MISC
MISC
apple — itunes_for_windows
 
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges 2023-06-23 not yet calculated CVE-2023-32353
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory 2023-06-23 not yet calculated CVE-2023-32354
MISC
MISC
MISC
apple — macos
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system 2023-06-23 not yet calculated CVE-2023-32355
MISC
MISC
MISC
apple — multiple_products
 
An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to retain access to system configuration files even after its permission is revoked 2023-06-23 not yet calculated CVE-2023-32357
MISC
MISC
MISC
MISC
MISC
MISC
apple — macos
 
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An unauthenticated user may be able to access recently printed documents 2023-06-23 not yet calculated CVE-2023-32360
MISC
MISC
MISC
apple — macos
 
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences 2023-06-23 not yet calculated CVE-2023-32363
MISC
apple — multiple_products
 
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, iOS 15.7.6 and iPadOS 15.7.6. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication 2023-06-23 not yet calculated CVE-2023-32365
MISC
MISC
apple — multiple_products
 
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data 2023-06-23 not yet calculated CVE-2023-32367
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory 2023-06-23 not yet calculated CVE-2023-32368
MISC
MISC
MISC
MISC
MISC
apple — multiple_products
 
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox 2023-06-23 not yet calculated CVE-2023-32371
MISC
MISC
apple — multiple_products
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. Processing an image may result in disclosure of process memory 2023-06-23 not yet calculated CVE-2023-32372
MISC
MISC
MISC
MISC
apple — multiple_products A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. 2023-06-23 not yet calculated CVE-2023-32373
MISC
MISC
MISC
MISC
MISC
MISC
apple — macos_venture/macos_monterey An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory 2023-06-23 not yet calculated CVE-2023-32375
MISC
MISC
apple — multiple_products This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to modify protected parts of the file system 2023-06-23 not yet calculated CVE-2023-32376
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may lead to arbitrary code execution 2023-06-23 not yet calculated CVE-2023-32380
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory 2023-06-23 not yet calculated CVE-2023-32382
MISC
MISC
MISC
apple — multiple_products A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing an image may lead to arbitrary code execution 2023-06-23 not yet calculated CVE-2023-32384
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination 2023-06-23 not yet calculated CVE-2023-32385
MISC
MISC
apple — multiple_products A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to observe unprotected user data 2023-06-23 not yet calculated CVE-2023-32386
MISC
MISC
MISC
apple — multiple_products A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution 2023-06-23 not yet calculated CVE-2023-32387
MISC
MISC
MISC
apple — multiple_products A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences 2023-06-23 not yet calculated CVE-2023-32388
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory 2023-06-23 not yet calculated CVE-2023-32389
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup 2023-06-23 not yet calculated CVE-2023-32390
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6. A shortcut may be able to use sensitive data with certain actions without prompting the user 2023-06-23 not yet calculated CVE-2023-32391
MISC
MISC
MISC
MISC
apple — multiple_products A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information 2023-06-23 not yet calculated CVE-2023-32392
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. A person with physical access to a device may be able to view contact information from the lock screen 2023-06-23 not yet calculated CVE-2023-32394
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system 2023-06-23 not yet calculated CVE-2023-32395
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system 2023-06-23 not yet calculated CVE-2023-32397
MISC
MISC
MISC
MISC
apple — multiple_products A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to execute arbitrary code with kernel privileges 2023-06-23 not yet calculated CVE-2023-32398
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to read sensitive location information 2023-06-23 not yet calculated CVE-2023-32399
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Entitlements and privacy permissions granted to this app may be used by a malicious app 2023-06-23 not yet calculated CVE-2023-32400
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information 2023-06-23 not yet calculated CVE-2023-32402
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information 2023-06-23 not yet calculated CVE-2023-32403
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. An app may be able to bypass Privacy preferences 2023-06-23 not yet calculated CVE-2023-32404
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges 2023-06-23 not yet calculated CVE-2023-32405
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences 2023-06-23 not yet calculated CVE-2023-32407
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. An app may be able to read sensitive location information 2023-06-23 not yet calculated CVE-2023-32408
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. 2023-06-23 not yet calculated CVE-2023-32409
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to leak sensitive kernel state 2023-06-23 not yet calculated CVE-2023-32410
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved entitlements. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences 2023-06-23 not yet calculated CVE-2023-32411
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution 2023-06-23 not yet calculated CVE-2023-32412
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges 2023-06-23 not yet calculated CVE-2023-32413
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — macos The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox 2023-06-23 not yet calculated CVE-2023-32414
MISC
apple — multiple_products This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to read sensitive location information 2023-06-23 not yet calculated CVE-2023-32415
MISC
MISC
MISC
apple — watchos This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features 2023-06-23 not yet calculated CVE-2023-32417
MISC
apple — ios/ipados The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution 2023-06-23 not yet calculated CVE-2023-32419
MISC
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to cause unexpected system termination or read kernel memory 2023-06-23 not yet calculated CVE-2023-32420
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to bypass Privacy preferences 2023-06-23 not yet calculated CVE-2023-32422
MISC
MISC
MISC
apple — multiple_products A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information 2023-06-23 not yet calculated CVE-2023-32423
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Big Sur 11.7.8, macOS Monterey 12.6.7, macOS Ventura 13.4.1, watchOS 9.5.2. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. 2023-06-23 not yet calculated CVE-2023-32434
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. 2023-06-23 not yet calculated CVE-2023-32435
MISC
MISC
MISC
MISC
apple — multiple_products A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, Safari 16.5.1, macOS Ventura 13.4.1, iOS 15.7.7 and iPadOS 15.7.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. 2023-06-23 not yet calculated CVE-2023-32439
MISC
MISC
MISC
MISC
dell — powerstore Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks 2023-06-22 not yet calculated CVE-2023-32449
MISC
dell — vxrail Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction. 2023-06-23 not yet calculated CVE-2023-32463
MISC
dell — vxrail Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim’s traffic to view or modify a victim’s data in transit. 2023-06-23 not yet calculated CVE-2023-32464
MISC
dell — cpg_bios Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution. 2023-06-23 not yet calculated CVE-2023-32480
MISC
fuji_electric/hakko_electronics — tellus/tellus_lite
 
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201. 2023-06-19 not yet calculated CVE-2023-32538
MISC
MISC
fuji_electric/hakko_electronics — tellus/tellus_lite
 
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. 2023-06-19 not yet calculated CVE-2023-32542
MISC
MISC
advantech — r-seenet Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. 2023-06-22 not yet calculated CVE-2023-3256
MISC
dynamic — linq Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed. 2023-06-22 not yet calculated CVE-2023-32571
MISC
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions. 2023-06-23 not yet calculated CVE-2023-32580
MISC
subnet_solutions — powersystem_center SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications. 2023-06-19 not yet calculated CVE-2023-32659
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS). 2023-06-22 not yet calculated CVE-2023-32960
MISC
admidio — admidio Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. 2023-06-23 not yet calculated CVE-2023-3302
MISC
CONFIRM
admidio — admidio Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. 2023-06-23 not yet calculated CVE-2023-3303
MISC
CONFIRM
admidio — admidio Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. 2023-06-23 not yet calculated CVE-2023-3304
CONFIRM
MISC
c-data — web_management_system A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability. 2023-06-18 not yet calculated CVE-2023-3305
MISC
MISC
MISC
ruijie — rg-ew1200g A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-06-18 not yet calculated CVE-2023-3306
MISC
MISC
MISC
minical –minical A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231803. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-06-18 not yet calculated CVE-2023-3307
MISC
MISC
MISC
whaleal_icefrog — whaleal_icefrog A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804. 2023-06-18 not yet calculated CVE-2023-3308
MISC
MISC
MISC
sourcecodester — resort_management_system
 
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability. 2023-06-18 not yet calculated CVE-2023-3309
MISC
MISC
MISC
code-projects — agro-school_management_system
 
A vulnerability, which was classified as critical, has been found in code-projects Agro-School Management System 1.0. Affected by this issue is some unknown functionality of the file loaddata.php. The manipulation of the argument subject/course leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231806 is the identifier assigned to this vulnerability. 2023-06-18 not yet calculated CVE-2023-3310
MISC
MISC
MISC
puneethreddyhc — online_shopping_system_advanced A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807. 2023-06-18 not yet calculated CVE-2023-3311
MISC
MISC
MISC
linux — kernel
 
A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service. 2023-06-19 not yet calculated CVE-2023-3312
MISC
jenkins — jenkins
 
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 2023-06-19 not yet calculated CVE-2023-3315
MISC
libtiff — libtiff A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. 2023-06-19 not yet calculated CVE-2023-3316
MISC
linux — kernel
 
A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after ‘features’ memory release. This vulnerability could even lead to a kernel information leak problem. 2023-06-23 not yet calculated CVE-2023-3317
MISC
sourcecodester — resort_management_system
 
A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231937 was assigned to this vulnerability. 2023-06-19 not yet calculated CVE-2023-3318
MISC
MISC
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin <= 1.3.0 versions. 2023-06-19 not yet calculated CVE-2023-33213
MISC
freebsd — freebsd
 
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system. 2023-06-22 not yet calculated CVE-2023-3326
MISC
urlnorm_crate — urlnorm_crate The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. 2023-06-21 not yet calculated CVE-2023-33289
MISC
MISC
MISC
fortinet — fortinac
 
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. 2023-06-23 not yet calculated CVE-2023-33299
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.2 versions. 2023-06-22 not yet calculated CVE-2023-33323
MISC
puneethreddyhc — online_shopping_system_advanced A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper authentication. The attack can be launched remotely. The identifier VDB-232009 was assigned to this vulnerability. 2023-06-20 not yet calculated CVE-2023-3337
MISC
MISC
datev_eg — personal-management_system_comfort/comfort_plus A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users’ login data by sending a crafted link. 2023-06-22 not yet calculated CVE-2023-33387
MISC
MISC
MISC
code-projects — agro-school_management_system
 
A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument test_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232015. 2023-06-21 not yet calculated CVE-2023-3339
MISC
MISC
MISC
sourcecodester — online_school_fees_system
 
A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajx.php of the component GET Parameter Handler. The manipulation of the argument name_startsWith leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232016. 2023-06-20 not yet calculated CVE-2023-3340
MISC
MISC
MISC
blogengine.net — blogengine.net Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect. 2023-06-21 not yet calculated CVE-2023-33405
MISC
craft_cms — craft_cms Craft CMS through 4.4.9 is vulnerable to HTML Injection. 2023-06-20 not yet calculated CVE-2023-33495
MISC
MISC
ros2 — ros2 ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 are vulnerable to Denial-of-Service (DoS) attacks. A malicious user potentially exploited the vulnerability remotely and crashed the ROS2 nodes. 2023-06-23 not yet calculated CVE-2023-33565
MISC
MISC
sourcecodester — enrollment_system_project
 
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. 2023-06-21 not yet calculated CVE-2023-33584
MISC
MISC
MISC
MISC
user_registration/login_and_user_management_system — user_registration/login_and_user_management_system User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php. 2023-06-21 not yet calculated CVE-2023-33591
MISC
MISC
broadleaf — broadleaf Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA. 2023-06-21 not yet calculated CVE-2023-33725
MISC
wavlink — wn579x3
 
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-06-23 not yet calculated CVE-2023-3380
MISC
MISC
MISC
sourcecodester — online_school_fees_system
 
A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-232237 was assigned to this vulnerability. 2023-06-23 not yet calculated CVE-2023-3381
MISC
MISC
MISC
sourcecodester — game_result_matrix_system
 
A vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0. Affected by this issue is some unknown functionality of the file /dipam/save-delegates.php of the component GET Parameter Handler. The manipulation of the argument del_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-232238 is the identifier assigned to this vulnerability. 2023-06-23 not yet calculated CVE-2023-3382
MISC
MISC
MISC
sourcecodester — game_result_matrix_system
 
A vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0. This affects an unknown part of the file /dipam/athlete-profile.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232239. 2023-06-23 not yet calculated CVE-2023-3383
MISC
MISC
MISC
ibm — spss_modeler IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117. 2023-06-22 not yet calculated CVE-2023-33842
MISC
MISC
enphase — envoy Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands. 2023-06-20 not yet calculated CVE-2023-33869
MISC
sourcecodester — human_resource_management_system
 
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232288. 2023-06-23 not yet calculated CVE-2023-3391
MISC
MISC
MISC
fossbilling — fossbilling
 
Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1. 2023-06-23 not yet calculated CVE-2023-3393
MISC
MISC
fossbilling — fossbilling
 
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1. 2023-06-23 not yet calculated CVE-2023-3394
MISC
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.5.5 versions. 2023-06-22 not yet calculated CVE-2023-33997
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <= 3.6.2 versions. 2023-06-22 not yet calculated CVE-2023-34006
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <= 2.8.24 versions. 2023-06-23 not yet calculated CVE-2023-34012
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions. 2023-06-23 not yet calculated CVE-2023-34021
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions. 2023-06-22 not yet calculated CVE-2023-34028
MISC
flask-appbuilder — flask-appbuilder Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2. 2023-06-22 not yet calculated CVE-2023-34110
MISC
MISC
MISC
MISC
huawei — harmonyos
 
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability. 2023-06-19 not yet calculated CVE-2023-34155
MISC
huawei — harmonyos
 
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied. 2023-06-19 not yet calculated CVE-2023-34156
MISC
huawei — harmonyos
 
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. 2023-06-19 not yet calculated CVE-2023-34158
MISC
huawei — harmonyos
 
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality. 2023-06-19 not yet calculated CVE-2023-34159
MISC
huawei — harmonyos
 
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. 2023-06-19 not yet calculated CVE-2023-34160
MISC
huawei — harmonyos
 
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally. 2023-06-19 not yet calculated CVE-2023-34161
MISC
huawei — harmonyos
 
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail. 2023-06-19 not yet calculated CVE-2023-34162
MISC
huawei — harmonyos
 
Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. 2023-06-19 not yet calculated CVE-2023-34163
MISC
huawei — harmonyos
 
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. 2023-06-19 not yet calculated CVE-2023-34166
MISC
huawei — harmonyos
 
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. 2023-06-19 not yet calculated CVE-2023-34167
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin <= 3.5.7 versions. 2023-06-22 not yet calculated CVE-2023-34170
MISC
mongoose — mongoose The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. 2023-06-23 not yet calculated CVE-2023-34188
MISC
MISC
MISC
progress — openedge_management/openedge_explorer In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7. 2023-06-23 not yet calculated CVE-2023-34203
MISC
openprinting — cups OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue. 2023-06-22 not yet calculated CVE-2023-34241
MISC
MISC
MISC
MISC
glpi-project — glpi-agent The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5. 2023-06-23 not yet calculated CVE-2023-34254
MISC
MISC
oracle — apache/accumulo
 
Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0. Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1. 2023-06-21 not yet calculated CVE-2023-34340
MISC
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions. 2023-06-22 not yet calculated CVE-2023-34368
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions. 2023-06-19 not yet calculated CVE-2023-34373
MISC
mozilla — multiple_products
 
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. 2023-06-19 not yet calculated CVE-2023-34414
MISC
MISC
MISC
MISC
mozilla — firefox
 
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an “open redirect”. Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114. 2023-06-19 not yet calculated CVE-2023-34415
MISC
MISC
mozilla — multiple_products
 
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. 2023-06-19 not yet calculated CVE-2023-34416
MISC
MISC
MISC
MISC
mozilla — firefox
 
Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114. 2023-06-19 not yet calculated CVE-2023-34417
MISC
MISC
tauri-apps — tauri Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1. 2023-06-23 not yet calculated CVE-2023-34460
MISC
MISC
MISC
MISC
pybb — pybb PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `` that looks like “`xss“` could have been used to run code through JavaScript on the client side. The problem has been patched as of commit `5defd92`, and users are advised to upgrade. Attackers do need posting privilege in order to exploit this vulnerability. This vulnerability is present within the 0.1.0 release, and users are advised to upgrade to 0.1.1. Users unable to upgrade may be able to work around the attack by either; Removing the ability to create posts, removing the `|safe` tag from the Jinja2 template titled “post.html” in templates or by adding manual validation of links in the post creation section. 2023-06-19 not yet calculated CVE-2023-34461
MISC
MISC
netty — netty Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final. 2023-06-22 not yet calculated CVE-2023-34462
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the `displaycontent` or `rendercontent` template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user’s rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax. 2023-06-23 not yet calculated CVE-2023-34464
MISC
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending configuration, including the smtp domain name and credentials. The problem has been patched in XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, the rights of the `Mail.MailConfig` page can be manually updated so that only a set of trusted users can view, edit and delete it (e.g., the `XWiki.XWikiAdminGroup` group). 2023-06-23 not yet calculated CVE-2023-34465
MISC
MISC
MISC
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1. 2023-06-23 not yet calculated CVE-2023-34466
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1. 2023-06-23 not yet calculated CVE-2023-34467
MISC
MISC
MISC
langchain — langchain Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. 2023-06-20 not yet calculated CVE-2023-34541
MISC
wafu — keyless_smart_lock An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack. 2023-06-22 not yet calculated CVE-2023-34553
MISC
netgear — R6250 netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication. 2023-06-20 not yet calculated CVE-2023-34563
MISC
MISC
aeotec — wallmote_switch A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message. 2023-06-20 not yet calculated CVE-2023-34596
MISC
MISC
fibaro — motion_sensor A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message. 2023-06-20 not yet calculated CVE-2023-34597
MISC
MISC
adiscon — loganalyzer Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection. 2023-06-20 not yet calculated CVE-2023-34600
MISC
MISC
jeesite — jeesite Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml. 2023-06-22 not yet calculated CVE-2023-34601
MISC
jeecgboot — jeecgboot JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController. 2023-06-19 not yet calculated CVE-2023-34602
MISC
jeecgboot — jeecgboot JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController. 2023-06-19 not yet calculated CVE-2023-34603
MISC
kioware_for_windows — kioware_for_windows KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt. 2023-06-19 not yet calculated CVE-2023-34641
MISC
MISC
kioware_for_windows — kioware_for_windows KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt. 2023-06-19 not yet calculated CVE-2023-34642
MISC
MISC
eyoucms — eyoucms A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter. 2023-06-19 not yet calculated CVE-2023-34657
MISC
elenos — etg150_fm_transmitter Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user’s role in the user profile. An attack could occur over the public Internet in some cases. 2023-06-23 not yet calculated CVE-2023-34671
MISC
MISC
elenos — etg150_fm_transmitter Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user’s role within the admin profile. An attack could occur over the public Internet in some cases. 2023-06-23 not yet calculated CVE-2023-34672
MISC
MISC
elenos — etg150_fm_transmitter Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases. 2023-06-23 not yet calculated CVE-2023-34673
MISC
MISC
dmarcts-report-viewer — dmarcts-report-viewer Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values. 2023-06-22 not yet calculated CVE-2023-34796
MISC
MISC
topdesk — topdesk XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation. 2023-06-22 not yet calculated CVE-2023-34923
MISC
MISC
casdoor — casdoor Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user’s password via supplying a crafted URL. 2023-06-22 not yet calculated CVE-2023-34927
MISC
MISC
MISC
onlyoffice — community_server Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. 2023-06-22 not yet calculated CVE-2023-34939
MISC
MISC
MISC
oracle — apache/tomcat
 
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak. 2023-06-21 not yet calculated CVE-2023-34981
MISC
oracle — apache/airflow
 
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later. 2023-06-19 not yet calculated CVE-2023-35005
MISC
MISC
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin <= 1.2.1 versions. 2023-06-23 not yet calculated CVE-2023-35048
MISC
wordpress — wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions. 2023-06-22 not yet calculated CVE-2023-35090
MISC
wordpress — wordpress
 
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the “Orders” of the plugin and get the data related to the order like email, username, and more. 2023-06-22 not yet calculated CVE-2023-35093
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin <= 1.0.40 versions. 2023-06-20 not yet calculated CVE-2023-35095
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Internet Marketing Dojo WP Affiliate Links plugin <= 0.1.1 versions. 2023-06-20 not yet calculated CVE-2023-35097
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions. 2023-06-20 not yet calculated CVE-2023-35098
MISC
moodle — moodle
 
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14. 2023-06-22 not yet calculated CVE-2023-35131
MISC
moodle — moodle
 
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. 2023-06-22 not yet calculated CVE-2023-35132
MISC
moodle — moodle
 
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. 2023-06-22 not yet calculated CVE-2023-35133
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8. 2023-06-23 not yet calculated CVE-2023-35150
MISC
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround. 2023-06-23 not yet calculated CVE-2023-35151
MISC
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, one may apply the patch manually. 2023-06-23 not yet calculated CVE-2023-35152
MISC
MISC
MISC
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title. Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload. The issue has been patched in XWiki 14.4.8, 14.10.4, and 15.0. As a workaround, update `AppWithinMinutes.ClassEditSheet` with a patch. 2023-06-23 not yet calculated CVE-2023-35153
MISC
MISC
MISC
knowagelabs — knowage-server Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8. 2023-06-23 not yet calculated CVE-2023-35154
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `/xwiki/bin/view/Main/?viewer=share&send=1&target=&target=%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Crenniepak%40intigriti.me%3E&includeDocument=inline&message=I+wanted+to+share+this+page+with+you.`, where `` is the URL of your XWiki installation. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. 2023-06-23 not yet calculated CVE-2023-35155
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the delete template to perform a XSS, e.g. by using URL such as: > xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1. The vulnerability has been patched in XWiki 14.10.6 and 15.1. Note that a partial patch has been provided in 14.10.5 but wasn’t enough to entirely fix the vulnerability. 2023-06-23 not yet calculated CVE-2023-35156
MISC
MISC
MISC
MISC
MISC
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6. 2023-06-23 not yet calculated CVE-2023-35157
MISC
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. 2023-06-23 not yet calculated CVE-2023-35158
MISC
MISC
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. 2023-06-23 not yet calculated CVE-2023-35159
MISC
MISC
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. 2023-06-23 not yet calculated CVE-2023-35160
MISC
MISC
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. 2023-06-23 not yet calculated CVE-2023-35161
MISC
MISC
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/get/FlamingoThemes/Cerulean xpage=xpart&vm=previewactions.vm&xcontinue=javascript:alert(document.domain). This vulnerability exists since XWiki 6.1-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. 2023-06-23 not yet calculated CVE-2023-35162
MISC
MISC
MISC
MISC
vegaprotocol — vega Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator’s Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network. A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited. 2023-06-23 not yet calculated CVE-2023-35163
MISC
MISC
MISC
aws — cloud_development_kit AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 until 1.202.0, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, that have an overly permissive trust policy. The first, referred to as the `CreationRole`, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g `KubernetesManifest`, `HelmChart`, …) onto it. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected. The second, referred to as the `default MastersRole`, is provisioned only if the `mastersRole` property isn’t provided and has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected. The issue has been fixed in `@aws-cdk/aws-eks` v1.202.0 and `aws-cdk-lib` v2.80.0. These versions no longer use the account root principal. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. There is no workaround available for CreationRole. To avoid creating the `default MastersRole`, use the `mastersRole` property to explicitly provide a role. 2023-06-23 not yet calculated CVE-2023-35165
MISC
MISC
xwiki — xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5. 2023-06-20 not yet calculated CVE-2023-35166
MISC
MISC
MISC
remult — remult Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function. 2023-06-23 not yet calculated CVE-2023-35167
MISC
MISC
MISC
webklex — php-imap PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code execution vulnerability. Every application that stores attachments with `Attachment::save()` without providing a `$filename` or passing unsanitized user input is affected by this attack. An attacker can send an email with a malicious attachment to the inbox, which gets crawled with `webklex/php-imap` or `webklex/laravel-imap`. Prerequisite for the vulnerability is that the script stores the attachments without providing a `$filename`, or providing an unsanitized `$filename`, in `src/Attachment::save(string $path, string $filename = null)`. In this case, where no `$filename` gets passed into the `Attachment::save()` method, the package would use a series of unsanitized and insecure input values from the mail as fallback. Even if a developer passes a `$filename` into the `Attachment::save()` method, e.g. by passing the name or filename of the mail attachment itself (from email headers), the input values never get sanitized by the package. There is also no restriction about the file extension (e.g. “.php”) or the contents of a file. This allows an attacker to upload malicious code of any type and content at any location where the underlying user has write permissions. The attacker can also overwrite existing files and inject malicious code into files that, e.g. get executed by the system via cron or requests. Version 5.3.0 contains a patch for this issue. 2023-06-23 not yet calculated CVE-2023-35169
MISC
MISC
MISC
MISC
MISC
nextcloud — server/enterprise_server NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker’s site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available. 2023-06-23 not yet calculated CVE-2023-35171
MISC
MISC
MISC
nextcloud — server/enterprise_server NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available. 2023-06-23 not yet calculated CVE-2023-35172
MISC
MISC
MISC
nextcloud — end-to-end_encryption_app Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix. 2023-06-23 not yet calculated CVE-2023-35173
MISC
MISC
MISC
livebook-dev — livebook Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim’s machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3. 2023-06-22 not yet calculated CVE-2023-35174
MISC
MISC
MISC
MISC
MISC
progess – whatsup_gold In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim’s browser, aka XSS. 2023-06-23 not yet calculated CVE-2023-35759
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions. 2023-06-19 not yet calculated CVE-2023-35772
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backup Solutions WP Backup Manager plugin <= 1.13.1 versions. 2023-06-19 not yet calculated CVE-2023-35775
MISC
wordpress — wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Beplus Sermon’e – Sermons Online plugin <= 1.0.0 versions. 2023-06-19 not yet calculated CVE-2023-35776
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed Webs Seed Fonts plugin <= 2.3.1 versions. 2023-06-19 not yet calculated CVE-2023-35779
MISC
safe — softwarez_fme_server A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have access to a user account with write privileges. FME Flow 2023.0 is also a fixed version. 2023-06-23 not yet calculated CVE-2023-35801
MISC
MISC
CONFIRM
sugarcrm — enterprise An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected. 2023-06-17 not yet calculated CVE-2023-35808
MISC
sugarcrm — enterprise An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected. 2023-06-17 not yet calculated CVE-2023-35809
MISC
sugarcrm — enterprise An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing input validation. Admin user privileges are required to exploit this vulnerability. Editions other than Enterprise are also affected. 2023-06-17 not yet calculated CVE-2023-35810
MISC
sugarcrm — enterprise An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected. 2023-06-17 not yet calculated CVE-2023-35811
MISC
sitecore — multiple_products Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. 2023-06-17 not yet calculated CVE-2023-35813
MISC
linux — kernel
 
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. 2023-06-18 not yet calculated CVE-2023-35823
MISC
MISC
MISC
MISC
linux — kernel
 
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. 2023-06-18 not yet calculated CVE-2023-35824
MISC
MISC
MISC
MISC
linux — kernel
 
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. 2023-06-18 not yet calculated CVE-2023-35826
MISC
MISC
MISC
MISC
linux — kernel
 
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. 2023-06-18 not yet calculated CVE-2023-35827
MISC
MISC
linux — kernel
 
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. 2023-06-18 not yet calculated CVE-2023-35828
MISC
MISC
MISC
MISC
linux — kernel
 
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. 2023-06-18 not yet calculated CVE-2023-35829
MISC
MISC
MISC
MISC
solon — solon Solon before 2.3.3 allows Deserialization of Untrusted Data. 2023-06-19 not yet calculated CVE-2023-35839
MISC
MISC
elfinder — elfinder _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. 2023-06-19 not yet calculated CVE-2023-35840
MISC
MISC
MISC
MISC
nocodb — nocodb NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information. 2023-06-19 not yet calculated CVE-2023-35843
MISC
MISC
MISC
lightdash — lightdash packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used. 2023-06-19 not yet calculated CVE-2023-35844
MISC
MISC
MISC
MISC
picotcp — picotcp VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering. 2023-06-19 not yet calculated CVE-2023-35846
MISC
picotcp — picotcp VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero). 2023-06-19 not yet calculated CVE-2023-35847
MISC
picotcp — picotcp VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member. 2023-06-19 not yet calculated CVE-2023-35848
MISC
picotcp — picotcp VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet. 2023-06-19 not yet calculated CVE-2023-35849
MISC
suricata — suricata
 
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation. 2023-06-19 not yet calculated CVE-2023-35852
MISC
MISC
MISC
MISC
suricata — suricata
 
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section. 2023-06-19 not yet calculated CVE-2023-35853
MISC
MISC
MISC
zoho — manageengine_adselfservice_plus Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. 2023-06-20 not yet calculated CVE-2023-35854
MISC
MISC
counter-strike — counter-strike A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client’s machine by modifying the lservercfgfile console variable. 2023-06-19 not yet calculated CVE-2023-35855
MISC
nintendo — multiple_mario_kart_wii_versions A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client’s machine via a crafted packet. 2023-06-19 not yet calculated CVE-2023-35856
MISC
siren — investigate In Siren Investigate before 13.2.2, session keys remain active even after logging out. 2023-06-19 not yet calculated CVE-2023-35857
MISC
MISC
libcoap — libcoap libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c. 2023-06-19 not yet calculated CVE-2023-35862
MISC
MISC
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vadym K. Extra User Details plugin <= 0.5 versions. 2023-06-20 not yet calculated CVE-2023-35878
MISC
wordpress — wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor Super Socializer plugin <= 7.13.52 versions. 2023-06-20 not yet calculated CVE-2023-35882
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions. 2023-06-20 not yet calculated CVE-2023-35884
MISC
cloudpanel_2 — cloudpanel_2 CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. 2023-06-20 not yet calculated CVE-2023-35885
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. 2023-06-22 not yet calculated CVE-2023-35917
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions. 2023-06-22 not yet calculated CVE-2023-35918
MISC
intellectualsites — fastasyncworldedit FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3. 2023-06-23 not yet calculated CVE-2023-35925
MISC
MISC
MISC
backstage — backstage Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of `@backstage/plugin-scaffolder-backend`. 2023-06-22 not yet calculated CVE-2023-35926
MISC
MISC
MISC
nextcloud — server/enterprise_server NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, when two server are registered as trusted servers for each other and successfully exchanged the share secrets, the malicious server could modify or delete VCards in the system addressbook on the origin server. This would impact the available and shown information in certain places, such as the user search and avatar menu. If a manipulated user modifies their own data in the personal settings the entry is fixed again. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. A workaround is available. Remove all trusted servers in the “Administration” > “Sharing” settings `…/index.php/settings/admin/sharing`. Afterwards, trigger a recreation of the local system addressbook with the following `occ dav:sync-system-addressbook`. 2023-06-23 not yet calculated CVE-2023-35927
MISC
MISC
MISC
nextcloud — server/enterprise_server Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, a user could use this functionality to get access to the login credentials of another user and take over their account. This issue has been patched in Nextcloud Server versions 25.0.7 and 26.0.2 and NextCloud Enterprise Server versions 19.0.13.9, 20.0.14.14, 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2. Three workarounds are available. Disable app files_external. Change config setting “Allow users to mount external storage” to disabled in “Administration” > “External storage” settings `…/index.php/settings/admin/externalstorages`. Change config setting to disallow users to create external storages in “Administration” > “External storage” settings `…/index.php/settings/admin/externalstorages` with the types FTP, Nextcloud, SFTP, and/or WebDAV. 2023-06-23 not yet calculated CVE-2023-35928
MISC
MISC
MISC
shescape — shescape Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1. 2023-06-23 not yet calculated CVE-2023-35931
MISC
MISC
MISC
MISC
jcvi — jcvi jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix. 2023-06-23 not yet calculated CVE-2023-35932
MISC
MISC
eyoucms — eyoucms There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3 2023-06-22 not yet calculated CVE-2023-36093
MISC
funadmin — funadmin funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. 2023-06-22 not yet calculated CVE-2023-36097
MISC
sqlite3 — sqlite3 sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c. 2023-06-23 not yet calculated CVE-2023-36191
MISC
sngrep — sngrep Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c. 2023-06-23 not yet calculated CVE-2023-36192
MISC
gifsicle — gifsicle Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c. 2023-06-23 not yet calculated CVE-2023-36193
MISC
libming_ listswf — libming_ listswf libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c. 2023-06-22 not yet calculated CVE-2023-36239
MISC
flvmeta — flvmeta FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c. 2023-06-22 not yet calculated CVE-2023-36243
MISC
libredwg — libredwg
 
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c. 2023-06-23 not yet calculated CVE-2023-36271
MISC
libredwg — libredwg
 
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c. 2023-06-23 not yet calculated CVE-2023-36272
MISC
libredwg — libredwg
 
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. 2023-06-23 not yet calculated CVE-2023-36273
MISC
libredwg — libredwg
 
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c. 2023-06-23 not yet calculated CVE-2023-36274
MISC
webkul — qloapps An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application’s authentication and authorization mechanisms and retrieve the contents of an entire database. 2023-06-23 not yet calculated CVE-2023-36284
MISC
webkul — qloapps An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user’s session cookie and then impersonate that user via POST controller parameter. 2023-06-23 not yet calculated CVE-2023-36287
MISC
webkul — qloapps An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user’s session cookie and then impersonate that user via GET configure parameter. 2023-06-23 not yet calculated CVE-2023-36288
MISC
webkul — qloapps An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user’s session cookie and then impersonate that user via POST email_create and back parameter. 2023-06-23 not yet calculated CVE-2023-36289
MISC
codekop — codekop
 
A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. 2023-06-23 not yet calculated CVE-2023-36345
MISC
codekop — codekop
 
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php. 2023-06-23 not yet calculated CVE-2023-36346
MISC
codekop — codekop
 
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. 2023-06-23 not yet calculated CVE-2023-36348
MISC
tp-link — multiple_products
 
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. 2023-06-22 not yet calculated CVE-2023-36354
MISC
tp-link — multiple_products
 
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. 2023-06-22 not yet calculated CVE-2023-36355
MISC
tp-link — multiple_products
 
TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. 2023-06-22 not yet calculated CVE-2023-36356
MISC
tp-link — multiple_products
 
An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. 2023-06-22 not yet calculated CVE-2023-36357
MISC
tp-link — multiple_products
 
TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. 2023-06-22 not yet calculated CVE-2023-36358
MISC
tp-link — multiple_products
 
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. 2023-06-22 not yet calculated CVE-2023-36359
MISC
monetdb_server — monetdb_server
 
An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. 2023-06-22 not yet calculated CVE-2023-36362
MISC
monetdb_server — monetdb_server
 
An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. 2023-06-22 not yet calculated CVE-2023-36363
MISC
monetdb_server — monetdb_server
 
An issue in the rel_deps component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. 2023-06-22 not yet calculated CVE-2023-36364
MISC
monetdb_server — monetdb_server
 
An issue in the sql_trans_copy_key component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. 2023-06-22 not yet calculated CVE-2023-36365
MISC
monetdb_server — monetdb_server
 
An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service (DoS) via crafted SQL statements. 2023-06-22 not yet calculated CVE-2023-36366
MISC
monetdb_server — monetdb_server
 
An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. 2023-06-22 not yet calculated CVE-2023-36367
MISC
monetdb_server — monetdb_server
 
An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. 2023-06-22 not yet calculated CVE-2023-36368
MISC
monetdb_server — monetdb_server
 
An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. 2023-06-22 not yet calculated CVE-2023-36369
MISC
monetdb_server — monetdb_server
 
An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. 2023-06-22 not yet calculated CVE-2023-36370
MISC
monetdb_server — monetdb_server
 
An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. 2023-06-22 not yet calculated CVE-2023-36371
MISC

Back to top

Posted by

in