The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
zyxel — nas326_firmware | The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request. | 2023-06-19 | 9.8 | CVE-2023-27992 MISC |
marksoft — marksoft | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605. | 2023-06-19 | 9.8 | CVE-2023-2907 MISC |
wordpress — wordpress | The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the ‘id’ parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-24 | 9.8 | CVE-2023-3197 MISC MISC |
simple_customer_relationship_management — simple_customer_relationship_management | Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter. | 2023-06-16 | 9.8 | CVE-2023-34548 MISC |
jeecg_boot — jeecg_boot | jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. | 2023-06-16 | 9.8 | CVE-2023-34659 MISC |
tp-link — archer_ax10_firmware | TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 – 0x132B4. | 2023-06-16 | 9.8 | CVE-2023-34832 MISC MISC MISC MISC |
progress — moveit_transfer | In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3). | 2023-06-16 | 9.8 | CVE-2023-35708 MISC MISC MISC |
wordpress — wordpress | The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the ‘cmsc_add_site’ function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the ‘_cmsc_public_key’ in the plugin config, providing access to the plugin’s remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe. | 2023-06-20 | 8.1 | CVE-2023-3325 MISC MISC MISC |
microsoft — sql_server | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2023-06-16 | 7.8 | CVE-2023-32027 MISC |
microsoft — sql_server | Microsoft OLE DB Remote Code Execution Vulnerability | 2023-06-16 | 7.8 | CVE-2023-32028 MISC |
linux — kernel | An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. | 2023-06-16 | 7.8 | CVE-2023-35788 MISC MISC MISC MLIST |
juniper_networks — junos_os/junos_os_evolved | An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This issue affects: Juniper Networks Junos OS 15.1R1 and later versions prior to 20.4R3-S8; 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5; 21.4 versions prior to 21.4R3-S4; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S2; 22.3 versions prior to 22.2R3-S2; 22.4 versions prior to 22.4R2-S1, 22.4R3; 23.1 versions prior to 23.1R1-S1, 23.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S8-EVO; 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO; 21.3 versions prior to 21.3R3-S5-EVO; 21.4 versions prior to 21.4R3-S4-EVO; 22.1 versions prior to 22.1R3-S4-EVO; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO. | 2023-06-21 | 7.5 | CVE-2023-0026 CONFIRM MISC |
isc — bind_9 | Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. | 2023-06-21 | 7.5 | CVE-2023-2828 MISC MISC MISC MISC |
isc — bind_9 | A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1. | 2023-06-21 | 7.5 | CVE-2023-2829 MISC |
isc — bind_9 | If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. | 2023-06-21 | 7.5 | CVE-2023-2911 MISC MISC MISC MISC |
microsoft — yarp | Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability | 2023-06-23 | 7.5 | CVE-2023-33141 MISC |
jfinal_cms — jfinal_cms | jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | 2023-06-16 | 7.5 | CVE-2023-34645 MISC |
wordpress — wordpress | The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard. | 2023-06-22 | 7.2 | CVE-2019-25152 MISC MISC MISC MISC |
wordpress — wordpress | The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nsc_bar_content_href’ parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2. | 2023-06-24 | 7.2 | CVE-2023-3388 MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
mattermost — mattermost | Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. | 2023-06-16 | 6.5 | CVE-2023-2784 MISC |
fortinet — fortios | A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter. | 2023-06-16 | 6.5 | CVE-2023-33306 MISC |
fortinet — fortios | A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter. | 2023-06-16 | 6.5 | CVE-2023-33307 MISC MISC |
jeecg_boot — jeecg_boot | jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. | 2023-06-16 | 6.5 | CVE-2023-34660 MISC |
wordpress — wordpress | The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘lana_text_to_image’ and ‘lana_text_to_img’ shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-24 | 6.4 | CVE-2023-3387 MISC MISC MISC |
everestthemes — arya_multipurpose | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose theme <= 1.0.5 versions. | 2023-06-16 | 6.1 | CVE-2023-27420 MISC |
react-storefront — react-storefront | Cross-site Scripting (XSS) – DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7. | 2023-06-16 | 6.1 | CVE-2023-3294 MISC CONFIRM |
wordpress — wordpress | The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-20 | 6.1 | CVE-2023-3320 MISC MISC MISC |
apple — macos | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system | 2023-06-23 | 6 | CVE-2023-32369 MISC MISC MISC |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions. | 2023-06-16 | 5.4 | CVE-2023-26013 MISC |
wolterskluwer — teammate+ | A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML. | 2023-06-16 | 5.4 | CVE-2023-33438 MISC MISC |
bludit — bludit | Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. | 2023-06-16 | 5.4 | CVE-2023-34845 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions. | 2023-06-16 | 4.8 | CVE-2023-25963 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psicosi448 wp2syslog plugin <= 1.0.5 versions. | 2023-06-16 | 4.8 | CVE-2023-25974 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko Takagi Simple Slug Translate plugin <= 2.7.2 versions. | 2023-06-16 | 4.8 | CVE-2023-26515 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions. | 2023-06-16 | 4.8 | CVE-2023-26527 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <= 1.0.2 versions. | 2023-06-16 | 4.8 | CVE-2023-26537 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions. | 2023-06-16 | 4.8 | CVE-2023-26541 MISC |
suitecrm — suitecrm | Cross-site Scripting (XSS) – Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0. | 2023-06-16 | 4.8 | CVE-2023-3293 CONFIRM MISC |
mattermost — mattermost | Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. | 2023-06-16 | 4.3 | CVE-2023-2783 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
nanopb — nanopb | Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string. | 2023-06-17 | not yet calculated | CVE-2014-125106 MISC MISC MISC |
mozilla — firefox |
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. | 2023-06-19 | not yet calculated | CVE-2019-25136 MISC MISC |
ebcms — ebcms | File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter. | 2023-06-20 | not yet calculated | CVE-2020-20067 MISC |
dwsurvey — dwsurvey | Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file. | 2023-06-20 | not yet calculated | CVE-2020-20070 MISC |
kilo — kilo | Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8520c5b04d261616098cebf742f5a23 allows a remote attacker to cause a denial of service via the editorUpdateRow function in kilo.c. | 2023-06-20 | not yet calculated | CVE-2020-20335 MISC |
wuzhicms — wuzhicms | SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. | 2023-06-20 | not yet calculated | CVE-2020-20413 MISC |
opencart — opencart | SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. | 2023-06-20 | not yet calculated | CVE-2020-20491 MISC |
yzcms — yzcms | Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function. | 2023-06-20 | not yet calculated | CVE-2020-20502 MISC MISC |
joyplus-cms — joyplus-cms | SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. | 2023-06-20 | not yet calculated | CVE-2020-20636 MISC |
nodcms — nodcms | Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter. | 2023-06-20 | not yet calculated | CVE-2020-20697 MISC |
vim — vim | Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. | 2023-06-20 | not yet calculated | CVE-2020-20703 MISC |
pluckcms — pluckcms | File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter. | 2023-06-20 | not yet calculated | CVE-2020-20718 MISC |
taocms — taocms | Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. | 2023-06-20 | not yet calculated | CVE-2020-20725 MISC |
gilacms — gilacms | Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter. | 2023-06-20 | not yet calculated | CVE-2020-20726 MISC |
ljcms — ljcms | File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter. | 2023-06-20 | not yet calculated | CVE-2020-20735 MISC |
pluckcms — pluckcms | An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page. | 2023-06-20 | not yet calculated | CVE-2020-20918 MISC |
pluckcms — pluckcms | File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file. | 2023-06-20 | not yet calculated | CVE-2020-20919 MISC |
pluckcms — pluckcms | File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file. | 2023-06-20 | not yet calculated | CVE-2020-20969 MISC |
zrlog — zrlog | Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function. | 2023-06-20 | not yet calculated | CVE-2020-21052 MISC |
typora — typora | Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax. | 2023-06-20 | not yet calculated | CVE-2020-21058 MISC |
liufee_cms — liufee_cms | File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function. | 2023-06-20 | not yet calculated | CVE-2020-21174 MISC |
yiicms — yiicms | Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function. | 2023-06-20 | not yet calculated | CVE-2020-21246 MISC |
hongcms — hongcms | Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. | 2023-06-20 | not yet calculated | CVE-2020-21252 MISC |
easysoft — zentaopms | Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter. | 2023-06-20 | not yet calculated | CVE-2020-21268 MISC |
wuzhicms — wuzhicms |
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the functioncommon.func.php file. | 2023-06-20 | not yet calculated | CVE-2020-21325 MISC |
greencms — greencms | Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php. | 2023-06-20 | not yet calculated | CVE-2020-21366 MISC |
phpmywind — phpmywind | SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function. | 2023-06-20 | not yet calculated | CVE-2020-21400 MISC |
nucleuscms — nucleuscms | File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter. | 2023-06-20 | not yet calculated | CVE-2020-21474 MISC |
alluxio — alluxio | Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component. | 2023-06-20 | not yet calculated | CVE-2020-21485 MISC |
phpok — phpok | SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file. | 2023-06-20 | not yet calculated | CVE-2020-21486 MISC |
feehicms — feehicms | File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component. | 2023-06-20 | not yet calculated | CVE-2020-21489 MISC |
apple — macos |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution | 2023-06-23 | not yet calculated | CVE-2022-22630 MISC MISC MISC |
semver — semver | Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. | 2023-06-21 | not yet calculated | CVE-2022-25883 MISC MISC MISC MISC MISC MISC |
riello ups — netman-204 | There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations. | 2023-06-21 | not yet calculated | CVE-2022-3372 MISC |
apple — ios_and_ipados |
This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information | 2023-06-23 | not yet calculated | CVE-2022-42792 MISC |
apple — macos |
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key | 2023-06-23 | not yet calculated | CVE-2022-42807 MISC |
apple — macos |
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression | 2023-06-23 | not yet calculated | CVE-2022-42834 MISC MISC MISC |
apple — macos |
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system | 2023-06-23 | not yet calculated | CVE-2022-42860 MISC MISC MISC |
temenos_cwx — temenos_cwx | An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. | 2023-06-21 | not yet calculated | CVE-2022-45287 MISC MISC MISC |
apple — ios_and_ipados |
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences | 2023-06-23 | not yet calculated | CVE-2022-46715 MISC |
apple — macos |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information | 2023-06-23 | not yet calculated | CVE-2022-46718 MISC MISC MISC MISC |
wordpress — wordpress | Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions. | 2023-06-19 | not yet calculated | CVE-2022-46850 MISC |
wordpress — wordpress | Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.1.23 versions. | 2023-06-19 | not yet calculated | CVE-2022-47586 MISC |
wordpress — wordpress | Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 versions. | 2023-06-22 | not yet calculated | CVE-2022-47593 MISC |
wordpress — wordpress | Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions. | 2023-06-23 | not yet calculated | CVE-2022-47614 MISC |
huawei — emui |
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 2023-06-19 | not yet calculated | CVE-2022-48486 MISC |
huawei — emui |
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 2023-06-19 | not yet calculated | CVE-2022-48487 MISC |
huawei — harmonyos |
Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop. | 2023-06-19 | not yet calculated | CVE-2022-48488 MISC |
huawei — emui |
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 2023-06-19 | not yet calculated | CVE-2022-48489 MISC |
huawei — emui |
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 2023-06-19 | not yet calculated | CVE-2022-48490 MISC |
huawei — harmonyos |
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time. | 2023-06-19 | not yet calculated | CVE-2022-48491 MISC |
huawei — emui | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 2023-06-19 | not yet calculated | CVE-2022-48492 MISC |
huawei — emui |
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 2023-06-19 | not yet calculated | CVE-2022-48493 MISC |
huawei — harmonyos |
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized. | 2023-06-19 | not yet calculated | CVE-2022-48494 MISC |
huawei — harmonyos |
Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained. | 2023-06-19 | not yet calculated | CVE-2022-48495 MISC |
huawei — harmonyos |
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized. | 2023-06-19 | not yet calculated | CVE-2022-48496 MISC |
huawei — emui |
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 2023-06-19 | not yet calculated | CVE-2022-48497 MISC |
huawei — emui |
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 2023-06-19 | not yet calculated | CVE-2022-48498 MISC |
huawei — emui |
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 2023-06-19 | not yet calculated | CVE-2022-48499 MISC |
huawei — emui |
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 2023-06-19 | not yet calculated | CVE-2022-48500 MISC |
huawei — harmonyos |
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | 2023-06-19 | not yet calculated | CVE-2022-48501 MISC |
dominion_voting_systems — imagecast_precinct/imagecast_evolution | A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions “Improved pseudo random number algorithm,” which may be relevant. | 2023-06-19 | not yet calculated | CVE-2022-48506 MISC MISC MISC MISC |
wordpress — wordpress |
The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-06-19 | not yet calculated | CVE-2023-0368 MISC |
wordpress — wordpress |
The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-06-19 | not yet calculated | CVE-2023-0489 MISC |
silicon_labs — z/ip_gateway | A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. | 2023-06-21 | not yet calculated | CVE-2023-0969 MISC |
silicon_labs — z/ip_gateway | Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code. | 2023-06-21 | not yet calculated | CVE-2023-0970 MISC |
silicon_labs — z/ip_gateway | A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. | 2023-06-21 | not yet calculated | CVE-2023-0971 MISC |
silicon_labs — z/ip_gateway | Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | 2023-06-21 | not yet calculated | CVE-2023-0972 MISC |
yoga_class_registration_system — yoga_class_registration_system | Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | 2023-06-24 | not yet calculated | CVE-2023-1721 MISC MISC |
yoga_class_registration_system — yoga_class_registration_system | Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | 2023-06-24 | not yet calculated | CVE-2023-1722 MISC MISC |
ladybirdweb — faveo_helpdesk_for_linux | Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS. | 2023-06-24 | not yet calculated | CVE-2023-1724 MISC MISC |
orangescrum — orangescrum_for_linux | OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF. | 2023-06-23 | not yet calculated | CVE-2023-1783 MISC MISC |
cloudflare — warp_client_for_windows | Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target’s device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target’s device must’ve been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target’s credentials. | 2023-06-20 | not yet calculated | CVE-2023-1862 MISC MISC MISC |
chromium — libwebp | There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. | 2023-06-20 | not yet calculated | CVE-2023-1999 MISC |
vmware — vcenter_server | The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. | 2023-06-22 | not yet calculated | CVE-2023-20892 MISC |
vmware — vcenter_server | The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. | 2023-06-22 | not yet calculated | CVE-2023-20893 MISC |
vmware — vcenter_server | The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. | 2023-06-22 | not yet calculated | CVE-2023-20894 MISC |
vmware — vcenter_server | The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. | 2023-06-22 | not yet calculated | CVE-2023-20895 MISC |
vmware — vcenter_server | The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). | 2023-06-22 | not yet calculated | CVE-2023-20896 MISC |
wordpress — wordpress |
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | 2023-06-19 | not yet calculated | CVE-2023-2221 MISC |
hcl_software — bigfix_osd_bare_metal_server | A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain. | 2023-06-22 | not yet calculated | CVE-2023-23343 MISC |
hcl_software — bigfix_webui_insights | A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | 2023-06-23 | not yet calculated | CVE-2023-23344 MISC |
apple — macos |
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Big Sur 11.7.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges | 2023-06-23 | not yet calculated | CVE-2023-23516 MISC MISC MISC |
apple — macos |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution | 2023-06-23 | not yet calculated | CVE-2023-23539 MISC |
wordpress — wordpress |
The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. | 2023-06-19 | not yet calculated | CVE-2023-2359 MISC |
js_help_desk — js_help_desk | Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7. | 2023-06-23 | not yet calculated | CVE-2023-23679 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions. | 2023-06-22 | not yet calculated | CVE-2023-23795 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumos MojoPlug Slide Panel plugin <= 1.1.2 versions. | 2023-06-22 | not yet calculated | CVE-2023-23807 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neil Gee Smoothscroller plugin <= 1.0.0 versions. | 2023-06-22 | not yet calculated | CVE-2023-23811 MISC |
wordpress — wordpress |
The QuBot WordPress plugin before 1.1.6 doesn’t filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. | 2023-06-19 | not yet calculated | CVE-2023-2399 MISC |
devolutions — server |
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access. | 2023-06-20 | not yet calculated | CVE-2023-2400 MISC |
wordpress — wordpress |
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-06-19 | not yet calculated | CVE-2023-2401 MISC |
gl.inet — gl-e750_mudi | A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request. | 2023-06-21 | not yet calculated | CVE-2023-24261 MISC |
wordpress — wordpress |
The QueryWall: Plug’n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 2023-06-19 | not yet calculated | CVE-2023-2492 MISC |
autodesk — autocad/maya | A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution. | 2023-06-23 | not yet calculated | CVE-2023-25003 MISC |
nokia — airscale_asika_single_ran_devices | An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don’t give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities. | 2023-06-16 | not yet calculated | CVE-2023-25187 MISC MISC MISC |
wordpress — wordpress |
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-06-19 | not yet calculated | CVE-2023-2527 MISC |
papercut — ng/mf | A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes. | 2023-06-20 | not yet calculated | CVE-2023-2533 MISC MISC |
libtiff — libtiff | libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. | 2023-06-21 | not yet calculated | CVE-2023-25435 MISC |
vaadin — vaadin | When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure. | 2023-06-22 | not yet calculated | CVE-2023-25499 MISC MISC |
vaadin — vaadin | Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests. | 2023-06-22 | not yet calculated | CVE-2023-25500 MISC MISC |
nvidia — jetson_agx_xavier_series/jetson_xavier_nx | NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity. | 2023-06-23 | not yet calculated | CVE-2023-25515 MISC |
nvidia — jetson_agx_xavier_series/jetson_xavier_nx | NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity. | 2023-06-23 | not yet calculated | CVE-2023-25518 MISC |
nvidia — multiple_products | NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service. | 2023-06-23 | not yet calculated | CVE-2023-25520 MISC |
mozilla — firefox |
The return value from `gfx::SourceSurfaceSkia::Map()` wasn’t being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110. | 2023-06-19 | not yet calculated | CVE-2023-25733 MISC MISC |
mozilla — firefox |
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110. | 2023-06-19 | not yet calculated | CVE-2023-25736 MISC MISC |
mozilla — firefox_for_android |
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0. | 2023-06-19 | not yet calculated | CVE-2023-25747 MISC MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-25936 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-25937 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-25938 MISC |
wordpress — wordpress |
The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-06-19 | not yet calculated | CVE-2023-2600 MISC |
advantech — r-seenet | Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. | 2023-06-22 | not yet calculated | CVE-2023-2611 MISC |
sync — word-wrap | All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable. | 2023-06-22 | not yet calculated | CVE-2023-26115 MISC MISC MISC |
open-xchange_ software_gmbh — ox_app_suite | Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known. | 2023-06-20 | not yet calculated | CVE-2023-26427 MISC MISC MISC MISC |
open-xchange_ software_gmbh — ox_app_suite | Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known. | 2023-06-20 | not yet calculated | CVE-2023-26428 MISC MISC MISC MISC |
open-xchange_ software_gmbh — ox_app_suite | Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known. | 2023-06-20 | not yet calculated | CVE-2023-26429 MISC MISC MISC MISC |
open-xchange_ software_gmbh — ox_app_suite | IPv4-mapped IPv6 addresses did not get recognized as “local” by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known. | 2023-06-20 | not yet calculated | CVE-2023-26431 MISC MISC MISC MISC |
open-xchange_ software_gmbh — ox_app_suite | When adding an external mail account, processing of SMTP “capabilities” responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known. | 2023-06-20 | not yet calculated | CVE-2023-26432 MISC MISC MISC MISC |
open-xchange_ software_gmbh — ox_app_suite | When adding an external mail account, processing of IMAP “capabilities” responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known. | 2023-06-20 | not yet calculated | CVE-2023-26433 MISC MISC MISC MISC |
open-xchange_ software_gmbh — ox_app_suite | When adding an external mail account, processing of POP3 “capabilities” responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server response to reasonable length/size. No publicly available exploits are known. | 2023-06-20 | not yet calculated | CVE-2023-26434 MISC MISC MISC MISC |
open-xchange_ software_gmbh — ox_app_suite | It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. We have improved existing content filters and validators to avoid including any local resources. No publicly available exploits are known. | 2023-06-20 | not yet calculated | CVE-2023-26435 MISC MISC MISC MISC |
open-xchange_ software_gmbh — ox_app_suite | Attackers with access to the “documentconverterws” API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processing the request. A check has been introduced to restrict processing of legal and expected classes for this API. We now log a warning in case there are attempts to inject illegal classes. No publicly available exploits are known. | 2023-06-20 | not yet calculated | CVE-2023-26436 MISC MISC MISC MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneWebsite WP Repost plugin <= 0.1 versions. | 2023-06-22 | not yet calculated | CVE-2023-26534 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin <= 2.1.2 versions. | 2023-06-22 | not yet calculated | CVE-2023-26539 MISC |
wordpress — wordpress |
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-06-19 | not yet calculated | CVE-2023-2654 MISC |
wordpress — wordpress |
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-06-19 | not yet calculated | CVE-2023-2684 MISC |
pluckcms — pluckcms | An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. | 2023-06-22 | not yet calculated | CVE-2023-27083 MISC |
wordpress — wordpress |
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber. | 2023-06-19 | not yet calculated | CVE-2023-2719 MISC |
makves — dcap | An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API. | 2023-06-21 | not yet calculated | CVE-2023-27243 MISC MISC MISC |
omron_corporation — multiple_products |
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues — (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later) | 2023-06-19 | not yet calculated | CVE-2023-27396 MISC MISC MISC MISC MISC MISC MISC |
wordpress — wordpress |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <= 2.4.4 versions. | 2023-06-22 | not yet calculated | CVE-2023-27413 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions. | 2023-06-21 | not yet calculated | CVE-2023-27414 MISC |
wordpress — wordpress |
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2023-06-19 | not yet calculated | CVE-2023-2742 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions. | 2023-06-23 | not yet calculated | CVE-2023-27427 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic – Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions. | 2023-06-21 | not yet calculated | CVE-2023-27429 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin <= 1.0.4 versions. | 2023-06-21 | not yet calculated | CVE-2023-27432 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions. | 2023-06-21 | not yet calculated | CVE-2023-27439 MISC |
wordpress — wordpress |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin <= 2.9.1 versions. | 2023-06-21 | not yet calculated | CVE-2023-27443 MISC |
wordpress — wordpress |
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions. | 2023-06-21 | not yet calculated | CVE-2023-27450 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.3 versions. | 2023-06-22 | not yet calculated | CVE-2023-27452 MISC |
wordpress — wordpress |
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site. | 2023-06-19 | not yet calculated | CVE-2023-2751 MISC |
wordpress — wordpress |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions. | 2023-06-22 | not yet calculated | CVE-2023-27612 MISC |
wordpress — wordpress |
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions. | 2023-06-22 | not yet calculated | CVE-2023-27618 MISC |
wordpress — wordpress |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions. | 2023-06-22 | not yet calculated | CVE-2023-27629 MISC |
wordpress — wordpress |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions. | 2023-06-22 | not yet calculated | CVE-2023-27631 MISC |
wordpress — wordpress |
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2023-06-19 | not yet calculated | CVE-2023-2779 MISC MISC |
autodesk_installer |
A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability. | 2023-06-23 | not yet calculated | CVE-2023-27908 MISC |
apple — macos |
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges | 2023-06-23 | not yet calculated | CVE-2023-27930 MISC MISC MISC MISC |
apple — macos |
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections | 2023-06-23 | not yet calculated | CVE-2023-27940 MISC MISC MISC |
apple — airpods_firmware_update |
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones. | 2023-06-23 | not yet calculated | CVE-2023-27964 MISC |
hcl_software — bigfix_osd_bare_metal_server | The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. | 2023-06-22 | not yet calculated | CVE-2023-28006 MISC |
hcl_software — bigfix_osd_bare_metal_server | Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | 2023-06-22 | not yet calculated | CVE-2023-28016 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28026 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28027 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28028 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable | 2023-06-23 | not yet calculated | CVE-2023-28029 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28030 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28031 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28032 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28033 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28034 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28035 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28036 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28039 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28040 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28041 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28042 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28044 MISC |
wordpress — wordpress |
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 2023-06-19 | not yet calculated | CVE-2023-2805 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28050 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28052 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28054 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28056 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28058 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28059 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28060 MISC |
dell — cpg_bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | not yet calculated | CVE-2023-28061 MISC |
dell — cpg_bios | Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | 2023-06-23 | not yet calculated | CVE-2023-28064 MISC |
dell — multiple_products | Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation. | 2023-06-23 | not yet calculated | CVE-2023-28065 MISC |
dell — multiple_products | Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). | 2023-06-23 | not yet calculated | CVE-2023-28071 MISC |
dell — cpg_bios | Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system. | 2023-06-23 | not yet calculated | CVE-2023-28073 MISC |
pegasystems — pega_platform |
Pega platform clients who are using versions 6.1 through 8.8.3 and have upgraded from a version prior to 8.x may be utilizing default credentials. | 2023-06-22 | not yet calculated | CVE-2023-28094 MISC |
wordpress — wordpress |
The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot | 2023-06-19 | not yet calculated | CVE-2023-2811 MISC |
wordpress — wordpress |
The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-06-19 | not yet calculated | CVE-2023-2812 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <= 1.0.0 versions. | 2023-06-22 | not yet calculated | CVE-2023-28166 MISC |
wordpress — wordpress |
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions. | 2023-06-22 | not yet calculated | CVE-2023-28171 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLightUp eRocket plugin <= 1.2.4 versions. | 2023-06-22 | not yet calculated | CVE-2023-28174 MISC |
apple — multiple_products | This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences | 2023-06-23 | not yet calculated | CVE-2023-28191 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app firewall setting may not take effect after exiting the Settings app | 2023-06-23 | not yet calculated | CVE-2023-28202 MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. | 2023-06-23 | not yet calculated | CVE-2023-28204 MISC MISC MISC MISC MISC MISC |
wordpress — wordpress |
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Yudlee themes Mediciti Lite theme <= 1.3.0 versions. | 2023-06-22 | not yet calculated | CVE-2023-28418 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prism Tech Studios Modern Footnotes plugin <= 1.4.15 versions. | 2023-06-22 | not yet calculated | CVE-2023-28423 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP2GO – Email Made Easy plugin <= 1.4.2 versions. | 2023-06-22 | not yet calculated | CVE-2023-28496 MISC |
wordpress — wordpress |
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board plugin <= 2.0.0 versions. | 2023-06-22 | not yet calculated | CVE-2023-28534 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Drew Phillips VigilanTor plugin <= 1.3.10 versions. | 2023-06-22 | not yet calculated | CVE-2023-28695 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6 versions. | 2023-06-22 | not yet calculated | CVE-2023-28750 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions. | 2023-06-23 | not yet calculated | CVE-2023-28751 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grade Us, Inc. Review Stream plugin <= 1.6.5 versions. | 2023-06-22 | not yet calculated | CVE-2023-28774 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions. | 2023-06-22 | not yet calculated | CVE-2023-28776 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions. | 2023-06-22 | not yet calculated | CVE-2023-28778 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions. | 2023-06-22 | not yet calculated | CVE-2023-28784 MISC |
zscaler — client_connector | A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. | 2023-06-22 | not yet calculated | CVE-2023-28799 MISC MISC MISC MISC MISC MISC |
zscaler — client_connector | When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | 2023-06-22 | not yet calculated | CVE-2023-28800 MISC MISC MISC MISC MISC MISC |
ibm — spectrum_protect_backup-archive_client | IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: 251767. | 2023-06-22 | not yet calculated | CVE-2023-28956 MISC MISC |
wordpress — wordpress |
The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin | 2023-06-19 | not yet calculated | CVE-2023-2899 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin <= 11.6.0 versions. | 2023-06-23 | not yet calculated | CVE-2023-29100 MISC |
subnet_solutions — powersystem_center | SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. | 2023-06-19 | not yet calculated | CVE-2023-29158 MISC |
mozilla — multiple_products_for_macos |
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | 2023-06-19 | not yet calculated | CVE-2023-29531 MISC MISC MISC MISC |
mozilla — multiple_products_for_windows |
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | 2023-06-19 | not yet calculated | CVE-2023-29532 MISC MISC MISC MISC |
mozilla — firefox_for_android |
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. | 2023-06-19 | not yet calculated | CVE-2023-29534 MISC MISC MISC MISC MISC MISC MISC MISC |
mozilla — multiple_products_for_windows |
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | 2023-06-19 | not yet calculated | CVE-2023-29542 MISC MISC MISC MISC MISC |
mozilla — multiple_products_for_windows |
Similar to CVE-2023-28163, this time when choosing ‘Save Link As’, suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | 2023-06-19 | not yet calculated | CVE-2023-29545 MISC MISC MISC MISC |
mozilla — multiple_products_for_android |
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. | 2023-06-19 | not yet calculated | CVE-2023-29546 MISC MISC |
gbcom_lac — web_control_center | Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device. | 2023-06-22 | not yet calculated | CVE-2023-29707 MISC MISC |
wavlink — wn579x3 |
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload. | 2023-06-22 | not yet calculated | CVE-2023-29708 MISC MISC |
wildix — wsg24poe | An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication. | 2023-06-22 | not yet calculated | CVE-2023-29709 MISC MISC |
interlink — psg-5124 | An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request. | 2023-06-22 | not yet calculated | CVE-2023-29711 MISC MISC |
dtstack taier — dtstack taier | An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method. | 2023-06-23 | not yet calculated | CVE-2023-29860 MISC |
fortra — globalscape_eft |
Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited | 2023-06-22 | not yet calculated | CVE-2023-2989 MISC MISC |
fortra — globalscape_eft |
Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service | 2023-06-22 | not yet calculated | CVE-2023-2990 MISC MISC |
fortra — globalscape_eft |
Fortra Globalscape EFT’s administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a “trial extension request” message | 2023-06-22 | not yet calculated | CVE-2023-2991 MISC MISC |
laravel-s — laravel-s | laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php. | 2023-06-22 | not yet calculated | CVE-2023-29931 MISC |
linux — kernel |
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress. | 2023-06-19 | not yet calculated | CVE-2023-3022 MISC MISC |
magnussolution — magnusbilling | Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. | 2023-06-23 | not yet calculated | CVE-2023-30258 MISC MISC |
raspap — raspap-webgui | Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. | 2023-06-23 | not yet calculated | CVE-2023-30260 MISC MISC |
neox_contact_center — neox_contact_center | Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search. | 2023-06-22 | not yet calculated | CVE-2023-30347 MISC |
libcoap_library — libcoap_library | Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu. | 2023-06-23 | not yet calculated | CVE-2023-30362 MISC MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <= 1.8.1.2 versions. | 2023-06-22 | not yet calculated | CVE-2023-30500 MISC MISC |
ricoh_company — printer_driver_packager_nx |
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege. | 2023-06-19 | not yet calculated | CVE-2023-30759 MISC MISC MISC |
silicon_labs — unify_gateway | Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | 2023-06-21 | not yet calculated | CVE-2023-3110 MISC |
hashicorp — terraform_enterprise | Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1. | 2023-06-22 | not yet calculated | CVE-2023-3114 MISC |
wordpress — wordpress |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPBakery Page Builder plugin <= 6.13.0 versions. | 2023-06-22 | not yet calculated | CVE-2023-31213 MISC |
fuji_electric/hakko_electronics — v-server/v-server_lite | Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file. | 2023-06-19 | not yet calculated | CVE-2023-31239 MISC MISC |
grafana — grafana | Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. | 2023-06-22 | not yet calculated | CVE-2023-3128 MISC |
sick_ag — eventcam_app | A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted. | 2023-06-19 | not yet calculated | CVE-2023-31410 MISC MISC MISC |
sick_ag — eventcam_app | A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App. | 2023-06-19 | not yet calculated | CVE-2023-31411 MISC MISC MISC |
oracle — apache/streampipes |
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0. | 2023-06-23 | not yet calculated | CVE-2023-31469 MISC |
sage — x3 | Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. | 2023-06-22 | not yet calculated | CVE-2023-31867 MISC MISC |
sage — x3 | Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user’s inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is injected into those fields, this code will be saved by the application and executed by the web browser of the user viewing the web page. Several injection points have been identified on the application. The major one requires the user to be authenticated with a common account, he can then target an Administrator. All others endpoints need the malicious user to be authenticated as an Administrator. Therefore, the impact is diminished. | 2023-06-22 | not yet calculated | CVE-2023-31868 MISC MISC |
linux — kernel |
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. | 2023-06-23 | not yet calculated | CVE-2023-3212 MISC MISC |
linux — kernel |
An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference. | 2023-06-20 | not yet calculated | CVE-2023-3220 MISC |
fuji_electric/hakko_electronics — tellus/tellus_lite |
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273. | 2023-06-19 | not yet calculated | CVE-2023-32201 MISC MISC |
mozilla — firefox |
Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. | 2023-06-19 | not yet calculated | CVE-2023-32208 MISC MISC |
mozilla — firefox |
A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. | 2023-06-19 | not yet calculated | CVE-2023-32209 MISC MISC |
mozilla — firefox |
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113. | 2023-06-19 | not yet calculated | CVE-2023-32210 MISC MISC |
mozilla — multiple_products |
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | 2023-06-19 | not yet calculated | CVE-2023-32214 MISC MISC MISC MISC |
mozilla — firefox |
Memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113. | 2023-06-19 | not yet calculated | CVE-2023-32216 MISC MISC |
wordpress — wordpress | Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions. | 2023-06-22 | not yet calculated | CVE-2023-32239 MISC |
fuji_electric/hakko_electronics — tellus/tellus_lite |
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. | 2023-06-19 | not yet calculated | CVE-2023-32270 MISC MISC |
fuji_electric/hakko_electronics — tellus/tellus_lite |
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201. | 2023-06-19 | not yet calculated | CVE-2023-32273 MISC MISC |
enphase — installer_toolkit | Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information. | 2023-06-20 | not yet calculated | CVE-2023-32274 MISC |
fuji_electric/hakko_electronics — tellus/tellus_lite |
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. | 2023-06-19 | not yet calculated | CVE-2023-32276 MISC MISC |
fuji_electric/hakko_electronics — tellus/tellus_lite |
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution. | 2023-06-19 | not yet calculated | CVE-2023-32288 MISC MISC |
nextcloud — security-advisories | Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to send as many requests the server could handle in parallel to bruteforce protected details instead of the configured limit, default 8. Nextcloud Server versions 25.0.7 and 26.0.2 and Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7 and 26.0.2 contain patches for this issue. | 2023-06-22 | not yet calculated | CVE-2023-32320 MISC MISC MISC |
apple — itunes_for_windows |
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges | 2023-06-23 | not yet calculated | CVE-2023-32351 MISC |
apple — macos |
A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may bypass Gatekeeper checks | 2023-06-23 | not yet calculated | CVE-2023-32352 MISC MISC MISC MISC MISC |
apple — itunes_for_windows |
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges | 2023-06-23 | not yet calculated | CVE-2023-32353 MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory | 2023-06-23 | not yet calculated | CVE-2023-32354 MISC MISC MISC |
apple — macos |
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system | 2023-06-23 | not yet calculated | CVE-2023-32355 MISC MISC MISC |
apple — multiple_products |
An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to retain access to system configuration files even after its permission is revoked | 2023-06-23 | not yet calculated | CVE-2023-32357 MISC MISC MISC MISC MISC MISC |
apple — macos |
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An unauthenticated user may be able to access recently printed documents | 2023-06-23 | not yet calculated | CVE-2023-32360 MISC MISC MISC |
apple — macos |
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences | 2023-06-23 | not yet calculated | CVE-2023-32363 MISC |
apple — multiple_products |
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, iOS 15.7.6 and iPadOS 15.7.6. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication | 2023-06-23 | not yet calculated | CVE-2023-32365 MISC MISC |
apple — multiple_products |
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data | 2023-06-23 | not yet calculated | CVE-2023-32367 MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory | 2023-06-23 | not yet calculated | CVE-2023-32368 MISC MISC MISC MISC MISC |
apple — multiple_products |
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox | 2023-06-23 | not yet calculated | CVE-2023-32371 MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. Processing an image may result in disclosure of process memory | 2023-06-23 | not yet calculated | CVE-2023-32372 MISC MISC MISC MISC |
apple — multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 2023-06-23 | not yet calculated | CVE-2023-32373 MISC MISC MISC MISC MISC MISC |
apple — macos_venture/macos_monterey | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory | 2023-06-23 | not yet calculated | CVE-2023-32375 MISC MISC |
apple — multiple_products | This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to modify protected parts of the file system | 2023-06-23 | not yet calculated | CVE-2023-32376 MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may lead to arbitrary code execution | 2023-06-23 | not yet calculated | CVE-2023-32380 MISC MISC MISC |
apple — multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory | 2023-06-23 | not yet calculated | CVE-2023-32382 MISC MISC MISC |
apple — multiple_products | A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing an image may lead to arbitrary code execution | 2023-06-23 | not yet calculated | CVE-2023-32384 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination | 2023-06-23 | not yet calculated | CVE-2023-32385 MISC MISC |
apple — multiple_products | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to observe unprotected user data | 2023-06-23 | not yet calculated | CVE-2023-32386 MISC MISC MISC |
apple — multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution | 2023-06-23 | not yet calculated | CVE-2023-32387 MISC MISC MISC |
apple — multiple_products | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences | 2023-06-23 | not yet calculated | CVE-2023-32388 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory | 2023-06-23 | not yet calculated | CVE-2023-32389 MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup | 2023-06-23 | not yet calculated | CVE-2023-32390 MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6. A shortcut may be able to use sensitive data with certain actions without prompting the user | 2023-06-23 | not yet calculated | CVE-2023-32391 MISC MISC MISC MISC |
apple — multiple_products | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information | 2023-06-23 | not yet calculated | CVE-2023-32392 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. A person with physical access to a device may be able to view contact information from the lock screen | 2023-06-23 | not yet calculated | CVE-2023-32394 MISC MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system | 2023-06-23 | not yet calculated | CVE-2023-32395 MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system | 2023-06-23 | not yet calculated | CVE-2023-32397 MISC MISC MISC MISC |
apple — multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to execute arbitrary code with kernel privileges | 2023-06-23 | not yet calculated | CVE-2023-32398 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to read sensitive location information | 2023-06-23 | not yet calculated | CVE-2023-32399 MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Entitlements and privacy permissions granted to this app may be used by a malicious app | 2023-06-23 | not yet calculated | CVE-2023-32400 MISC MISC MISC |
apple — multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information | 2023-06-23 | not yet calculated | CVE-2023-32402 MISC MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information | 2023-06-23 | not yet calculated | CVE-2023-32403 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. An app may be able to bypass Privacy preferences | 2023-06-23 | not yet calculated | CVE-2023-32404 MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges | 2023-06-23 | not yet calculated | CVE-2023-32405 MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences | 2023-06-23 | not yet calculated | CVE-2023-32407 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. An app may be able to read sensitive location information | 2023-06-23 | not yet calculated | CVE-2023-32408 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. | 2023-06-23 | not yet calculated | CVE-2023-32409 MISC MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to leak sensitive kernel state | 2023-06-23 | not yet calculated | CVE-2023-32410 MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved entitlements. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences | 2023-06-23 | not yet calculated | CVE-2023-32411 MISC MISC MISC MISC MISC |
apple — multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution | 2023-06-23 | not yet calculated | CVE-2023-32412 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges | 2023-06-23 | not yet calculated | CVE-2023-32413 MISC MISC MISC MISC MISC MISC MISC |
apple — macos | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox | 2023-06-23 | not yet calculated | CVE-2023-32414 MISC |
apple — multiple_products | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to read sensitive location information | 2023-06-23 | not yet calculated | CVE-2023-32415 MISC MISC MISC |
apple — watchos | This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features | 2023-06-23 | not yet calculated | CVE-2023-32417 MISC |
apple — ios/ipados | The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution | 2023-06-23 | not yet calculated | CVE-2023-32419 MISC |
apple — multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to cause unexpected system termination or read kernel memory | 2023-06-23 | not yet calculated | CVE-2023-32420 MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to bypass Privacy preferences | 2023-06-23 | not yet calculated | CVE-2023-32422 MISC MISC MISC |
apple — multiple_products | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information | 2023-06-23 | not yet calculated | CVE-2023-32423 MISC MISC MISC MISC MISC |
apple — multiple_products | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Big Sur 11.7.8, macOS Monterey 12.6.7, macOS Ventura 13.4.1, watchOS 9.5.2. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. | 2023-06-23 | not yet calculated | CVE-2023-32434 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. | 2023-06-23 | not yet calculated | CVE-2023-32435 MISC MISC MISC MISC |
apple — multiple_products | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, Safari 16.5.1, macOS Ventura 13.4.1, iOS 15.7.7 and iPadOS 15.7.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 2023-06-23 | not yet calculated | CVE-2023-32439 MISC MISC MISC MISC |
dell — powerstore | Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks | 2023-06-22 | not yet calculated | CVE-2023-32449 MISC |
dell — vxrail | Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction. | 2023-06-23 | not yet calculated | CVE-2023-32463 MISC |
dell — vxrail | Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim’s traffic to view or modify a victim’s data in transit. | 2023-06-23 | not yet calculated | CVE-2023-32464 MISC |
dell — cpg_bios | Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution. | 2023-06-23 | not yet calculated | CVE-2023-32480 MISC |
fuji_electric/hakko_electronics — tellus/tellus_lite |
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201. | 2023-06-19 | not yet calculated | CVE-2023-32538 MISC MISC |
fuji_electric/hakko_electronics — tellus/tellus_lite |
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. | 2023-06-19 | not yet calculated | CVE-2023-32542 MISC MISC |
advantech — r-seenet | Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. | 2023-06-22 | not yet calculated | CVE-2023-3256 MISC |
dynamic — linq | Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed. | 2023-06-22 | not yet calculated | CVE-2023-32571 MISC MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions. | 2023-06-23 | not yet calculated | CVE-2023-32580 MISC |
subnet_solutions — powersystem_center | SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications. | 2023-06-19 | not yet calculated | CVE-2023-32659 MISC |
wordpress — wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS). | 2023-06-22 | not yet calculated | CVE-2023-32960 MISC |
admidio — admidio | Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. | 2023-06-23 | not yet calculated | CVE-2023-3302 MISC CONFIRM |
admidio — admidio | Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | 2023-06-23 | not yet calculated | CVE-2023-3303 MISC CONFIRM |
admidio — admidio | Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | 2023-06-23 | not yet calculated | CVE-2023-3304 CONFIRM MISC |
c-data — web_management_system | A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability. | 2023-06-18 | not yet calculated | CVE-2023-3305 MISC MISC MISC |
ruijie — rg-ew1200g | A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-18 | not yet calculated | CVE-2023-3306 MISC MISC MISC |
minical –minical | A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231803. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-18 | not yet calculated | CVE-2023-3307 MISC MISC MISC |
whaleal_icefrog — whaleal_icefrog | A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804. | 2023-06-18 | not yet calculated | CVE-2023-3308 MISC MISC MISC |
sourcecodester — resort_management_system |
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability. | 2023-06-18 | not yet calculated | CVE-2023-3309 MISC MISC MISC |
code-projects — agro-school_management_system |
A vulnerability, which was classified as critical, has been found in code-projects Agro-School Management System 1.0. Affected by this issue is some unknown functionality of the file loaddata.php. The manipulation of the argument subject/course leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231806 is the identifier assigned to this vulnerability. | 2023-06-18 | not yet calculated | CVE-2023-3310 MISC MISC MISC |
puneethreddyhc — online_shopping_system_advanced | A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807. | 2023-06-18 | not yet calculated | CVE-2023-3311 MISC MISC MISC |
linux — kernel |
A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service. | 2023-06-19 | not yet calculated | CVE-2023-3312 MISC |
jenkins — jenkins |
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 2023-06-19 | not yet calculated | CVE-2023-3315 MISC |
libtiff — libtiff | A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. | 2023-06-19 | not yet calculated | CVE-2023-3316 MISC |
linux — kernel |
A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after ‘features’ memory release. This vulnerability could even lead to a kernel information leak problem. | 2023-06-23 | not yet calculated | CVE-2023-3317 MISC |
sourcecodester — resort_management_system |
A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231937 was assigned to this vulnerability. | 2023-06-19 | not yet calculated | CVE-2023-3318 MISC MISC MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin <= 1.3.0 versions. | 2023-06-19 | not yet calculated | CVE-2023-33213 MISC |
freebsd — freebsd |
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system. | 2023-06-22 | not yet calculated | CVE-2023-3326 MISC |
urlnorm_crate — urlnorm_crate | The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. | 2023-06-21 | not yet calculated | CVE-2023-33289 MISC MISC MISC |
fortinet — fortinac |
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed. | 2023-06-23 | not yet calculated | CVE-2023-33299 MISC |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.2 versions. | 2023-06-22 | not yet calculated | CVE-2023-33323 MISC |
puneethreddyhc — online_shopping_system_advanced | A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper authentication. The attack can be launched remotely. The identifier VDB-232009 was assigned to this vulnerability. | 2023-06-20 | not yet calculated | CVE-2023-3337 MISC MISC |
datev_eg — personal-management_system_comfort/comfort_plus | A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users’ login data by sending a crafted link. | 2023-06-22 | not yet calculated | CVE-2023-33387 MISC MISC MISC |
code-projects — agro-school_management_system |
A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument test_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232015. | 2023-06-21 | not yet calculated | CVE-2023-3339 MISC MISC MISC |
sourcecodester — online_school_fees_system |
A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajx.php of the component GET Parameter Handler. The manipulation of the argument name_startsWith leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232016. | 2023-06-20 | not yet calculated | CVE-2023-3340 MISC MISC MISC |
blogengine.net — blogengine.net | Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect. | 2023-06-21 | not yet calculated | CVE-2023-33405 MISC |
craft_cms — craft_cms | Craft CMS through 4.4.9 is vulnerable to HTML Injection. | 2023-06-20 | not yet calculated | CVE-2023-33495 MISC MISC |
ros2 — ros2 | ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 are vulnerable to Denial-of-Service (DoS) attacks. A malicious user potentially exploited the vulnerability remotely and crashed the ROS2 nodes. | 2023-06-23 | not yet calculated | CVE-2023-33565 MISC MISC |
sourcecodester — enrollment_system_project |
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. | 2023-06-21 | not yet calculated | CVE-2023-33584 MISC MISC MISC MISC |
user_registration/login_and_user_management_system — user_registration/login_and_user_management_system | User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php. | 2023-06-21 | not yet calculated | CVE-2023-33591 MISC MISC |
broadleaf — broadleaf | Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA. | 2023-06-21 | not yet calculated | CVE-2023-33725 MISC |
wavlink — wn579x3 |
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-23 | not yet calculated | CVE-2023-3380 MISC MISC MISC |
sourcecodester — online_school_fees_system |
A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-232237 was assigned to this vulnerability. | 2023-06-23 | not yet calculated | CVE-2023-3381 MISC MISC MISC |
sourcecodester — game_result_matrix_system |
A vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0. Affected by this issue is some unknown functionality of the file /dipam/save-delegates.php of the component GET Parameter Handler. The manipulation of the argument del_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-232238 is the identifier assigned to this vulnerability. | 2023-06-23 | not yet calculated | CVE-2023-3382 MISC MISC MISC |
sourcecodester — game_result_matrix_system |
A vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0. This affects an unknown part of the file /dipam/athlete-profile.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232239. | 2023-06-23 | not yet calculated | CVE-2023-3383 MISC MISC MISC |
ibm — spss_modeler | IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117. | 2023-06-22 | not yet calculated | CVE-2023-33842 MISC MISC |
enphase — envoy | Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands. | 2023-06-20 | not yet calculated | CVE-2023-33869 MISC |
sourcecodester — human_resource_management_system |
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232288. | 2023-06-23 | not yet calculated | CVE-2023-3391 MISC MISC MISC |
fossbilling — fossbilling |
Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1. | 2023-06-23 | not yet calculated | CVE-2023-3393 MISC MISC |
fossbilling — fossbilling |
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1. | 2023-06-23 | not yet calculated | CVE-2023-3394 MISC MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.5.5 versions. | 2023-06-22 | not yet calculated | CVE-2023-33997 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <= 3.6.2 versions. | 2023-06-22 | not yet calculated | CVE-2023-34006 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <= 2.8.24 versions. | 2023-06-23 | not yet calculated | CVE-2023-34012 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions. | 2023-06-23 | not yet calculated | CVE-2023-34021 MISC |
wordpress — wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions. | 2023-06-22 | not yet calculated | CVE-2023-34028 MISC |
flask-appbuilder — flask-appbuilder | Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2. | 2023-06-22 | not yet calculated | CVE-2023-34110 MISC MISC MISC MISC |
huawei — harmonyos |
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability. | 2023-06-19 | not yet calculated | CVE-2023-34155 MISC |
huawei — harmonyos |
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied. | 2023-06-19 | not yet calculated | CVE-2023-34156 MISC |
huawei — harmonyos |
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | 2023-06-19 | not yet calculated | CVE-2023-34158 MISC |
huawei — harmonyos |
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality. | 2023-06-19 | not yet calculated | CVE-2023-34159 MISC |
huawei — harmonyos |
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | 2023-06-19 | not yet calculated | CVE-2023-34160 MISC |
huawei — harmonyos |
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally. | 2023-06-19 | not yet calculated | CVE-2023-34161 MISC |
huawei — harmonyos |
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail. | 2023-06-19 | not yet calculated | CVE-2023-34162 MISC |
huawei — harmonyos |
Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. | 2023-06-19 | not yet calculated | CVE-2023-34163 MISC |
huawei — harmonyos |
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. | 2023-06-19 | not yet calculated | CVE-2023-34166 MISC |
huawei — harmonyos |
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | 2023-06-19 | not yet calculated | CVE-2023-34167 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin <= 3.5.7 versions. | 2023-06-22 | not yet calculated | CVE-2023-34170 MISC |
mongoose — mongoose | The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. | 2023-06-23 | not yet calculated | CVE-2023-34188 MISC MISC MISC |
progress — openedge_management/openedge_explorer | In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7. | 2023-06-23 | not yet calculated | CVE-2023-34203 MISC |
openprinting — cups | OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue. | 2023-06-22 | not yet calculated | CVE-2023-34241 MISC MISC MISC MISC |
glpi-project — glpi-agent | The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5. | 2023-06-23 | not yet calculated | CVE-2023-34254 MISC MISC |
oracle — apache/accumulo |
Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0. Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1. | 2023-06-21 | not yet calculated | CVE-2023-34340 MISC MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions. | 2023-06-22 | not yet calculated | CVE-2023-34368 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions. | 2023-06-19 | not yet calculated | CVE-2023-34373 MISC |
mozilla — multiple_products |
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. | 2023-06-19 | not yet calculated | CVE-2023-34414 MISC MISC MISC MISC |
mozilla — firefox |
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an “open redirect”. Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114. | 2023-06-19 | not yet calculated | CVE-2023-34415 MISC MISC |
mozilla — multiple_products |
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. | 2023-06-19 | not yet calculated | CVE-2023-34416 MISC MISC MISC MISC |
mozilla — firefox |
Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114. | 2023-06-19 | not yet calculated | CVE-2023-34417 MISC MISC |
tauri-apps — tauri | Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1. | 2023-06-23 | not yet calculated | CVE-2023-34460 MISC MISC MISC MISC |
pybb — pybb | PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `` that looks like “`xss“` could have been used to run code through JavaScript on the client side. The problem has been patched as of commit `5defd92`, and users are advised to upgrade. Attackers do need posting privilege in order to exploit this vulnerability. This vulnerability is present within the 0.1.0 release, and users are advised to upgrade to 0.1.1. Users unable to upgrade may be able to work around the attack by either; Removing the ability to create posts, removing the `|safe` tag from the Jinja2 template titled “post.html” in templates or by adding manual validation of links in the post creation section. | 2023-06-19 | not yet calculated | CVE-2023-34461 MISC MISC |
netty — netty | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final. | 2023-06-22 | not yet calculated | CVE-2023-34462 MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the `displaycontent` or `rendercontent` template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user’s rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax. | 2023-06-23 | not yet calculated | CVE-2023-34464 MISC MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending configuration, including the smtp domain name and credentials. The problem has been patched in XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, the rights of the `Mail.MailConfig` page can be manually updated so that only a set of trusted users can view, edit and delete it (e.g., the `XWiki.XWikiAdminGroup` group). | 2023-06-23 | not yet calculated | CVE-2023-34465 MISC MISC MISC MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1. | 2023-06-23 | not yet calculated | CVE-2023-34466 MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1. | 2023-06-23 | not yet calculated | CVE-2023-34467 MISC MISC MISC |
langchain — langchain | Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. | 2023-06-20 | not yet calculated | CVE-2023-34541 MISC |
wafu — keyless_smart_lock | An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack. | 2023-06-22 | not yet calculated | CVE-2023-34553 MISC |
netgear — R6250 | netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication. | 2023-06-20 | not yet calculated | CVE-2023-34563 MISC MISC |
aeotec — wallmote_switch | A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message. | 2023-06-20 | not yet calculated | CVE-2023-34596 MISC MISC |
fibaro — motion_sensor | A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message. | 2023-06-20 | not yet calculated | CVE-2023-34597 MISC MISC |
adiscon — loganalyzer | Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection. | 2023-06-20 | not yet calculated | CVE-2023-34600 MISC MISC |
jeesite — jeesite | Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml. | 2023-06-22 | not yet calculated | CVE-2023-34601 MISC |
jeecgboot — jeecgboot | JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController. | 2023-06-19 | not yet calculated | CVE-2023-34602 MISC |
jeecgboot — jeecgboot | JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController. | 2023-06-19 | not yet calculated | CVE-2023-34603 MISC |
kioware_for_windows — kioware_for_windows | KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt. | 2023-06-19 | not yet calculated | CVE-2023-34641 MISC MISC |
kioware_for_windows — kioware_for_windows | KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt. | 2023-06-19 | not yet calculated | CVE-2023-34642 MISC MISC |
eyoucms — eyoucms | A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter. | 2023-06-19 | not yet calculated | CVE-2023-34657 MISC |
elenos — etg150_fm_transmitter | Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user’s role in the user profile. An attack could occur over the public Internet in some cases. | 2023-06-23 | not yet calculated | CVE-2023-34671 MISC MISC |
elenos — etg150_fm_transmitter | Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user’s role within the admin profile. An attack could occur over the public Internet in some cases. | 2023-06-23 | not yet calculated | CVE-2023-34672 MISC MISC |
elenos — etg150_fm_transmitter | Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases. | 2023-06-23 | not yet calculated | CVE-2023-34673 MISC MISC |
dmarcts-report-viewer — dmarcts-report-viewer | Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values. | 2023-06-22 | not yet calculated | CVE-2023-34796 MISC MISC |
topdesk — topdesk | XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation. | 2023-06-22 | not yet calculated | CVE-2023-34923 MISC MISC |
casdoor — casdoor | Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user’s password via supplying a crafted URL. | 2023-06-22 | not yet calculated | CVE-2023-34927 MISC MISC MISC |
onlyoffice — community_server | Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. | 2023-06-22 | not yet calculated | CVE-2023-34939 MISC MISC MISC |
oracle — apache/tomcat |
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak. | 2023-06-21 | not yet calculated | CVE-2023-34981 MISC |
oracle — apache/airflow |
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later. | 2023-06-19 | not yet calculated | CVE-2023-35005 MISC MISC MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin <= 1.2.1 versions. | 2023-06-23 | not yet calculated | CVE-2023-35048 MISC |
wordpress — wordpress |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions. | 2023-06-22 | not yet calculated | CVE-2023-35090 MISC |
wordpress — wordpress |
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the “Orders” of the plugin and get the data related to the order like email, username, and more. | 2023-06-22 | not yet calculated | CVE-2023-35093 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin <= 1.0.40 versions. | 2023-06-20 | not yet calculated | CVE-2023-35095 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Internet Marketing Dojo WP Affiliate Links plugin <= 0.1.1 versions. | 2023-06-20 | not yet calculated | CVE-2023-35097 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions. | 2023-06-20 | not yet calculated | CVE-2023-35098 MISC |
moodle — moodle |
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14. | 2023-06-22 | not yet calculated | CVE-2023-35131 MISC |
moodle — moodle |
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | 2023-06-22 | not yet calculated | CVE-2023-35132 MISC |
moodle — moodle |
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | 2023-06-22 | not yet calculated | CVE-2023-35133 MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8. | 2023-06-23 | not yet calculated | CVE-2023-35150 MISC MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround. | 2023-06-23 | not yet calculated | CVE-2023-35151 MISC MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, one may apply the patch manually. | 2023-06-23 | not yet calculated | CVE-2023-35152 MISC MISC MISC MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title. Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload. The issue has been patched in XWiki 14.4.8, 14.10.4, and 15.0. As a workaround, update `AppWithinMinutes.ClassEditSheet` with a patch. | 2023-06-23 | not yet calculated | CVE-2023-35153 MISC MISC MISC |
knowagelabs — knowage-server | Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8. | 2023-06-23 | not yet calculated | CVE-2023-35154 MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: ` |
2023-06-23 | not yet calculated | CVE-2023-35155 MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the delete template to perform a XSS, e.g. by using URL such as: > xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1. The vulnerability has been patched in XWiki 14.10.6 and 15.1. Note that a partial patch has been provided in 14.10.5 but wasn’t enough to entirely fix the vulnerability. | 2023-06-23 | not yet calculated | CVE-2023-35156 MISC MISC MISC MISC MISC MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6. | 2023-06-23 | not yet calculated | CVE-2023-35157 MISC MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. | 2023-06-23 | not yet calculated | CVE-2023-35158 MISC MISC MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. | 2023-06-23 | not yet calculated | CVE-2023-35159 MISC MISC MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. | 2023-06-23 | not yet calculated | CVE-2023-35160 MISC MISC MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. | 2023-06-23 | not yet calculated | CVE-2023-35161 MISC MISC MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as: > |
2023-06-23 | not yet calculated | CVE-2023-35162 MISC MISC MISC MISC |
vegaprotocol — vega | Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator’s Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network. A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited. | 2023-06-23 | not yet calculated | CVE-2023-35163 MISC MISC MISC |
aws — cloud_development_kit | AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 until 1.202.0, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, that have an overly permissive trust policy. The first, referred to as the `CreationRole`, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g `KubernetesManifest`, `HelmChart`, …) onto it. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected. The second, referred to as the `default MastersRole`, is provisioned only if the `mastersRole` property isn’t provided and has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected. The issue has been fixed in `@aws-cdk/aws-eks` v1.202.0 and `aws-cdk-lib` v2.80.0. These versions no longer use the account root principal. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. There is no workaround available for CreationRole. To avoid creating the `default MastersRole`, use the `mastersRole` property to explicitly provide a role. | 2023-06-23 | not yet calculated | CVE-2023-35165 MISC MISC |
xwiki — xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5. | 2023-06-20 | not yet calculated | CVE-2023-35166 MISC MISC MISC |
remult — remult | Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function. | 2023-06-23 | not yet calculated | CVE-2023-35167 MISC MISC MISC |
webklex — php-imap | PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code execution vulnerability. Every application that stores attachments with `Attachment::save()` without providing a `$filename` or passing unsanitized user input is affected by this attack. An attacker can send an email with a malicious attachment to the inbox, which gets crawled with `webklex/php-imap` or `webklex/laravel-imap`. Prerequisite for the vulnerability is that the script stores the attachments without providing a `$filename`, or providing an unsanitized `$filename`, in `src/Attachment::save(string $path, string $filename = null)`. In this case, where no `$filename` gets passed into the `Attachment::save()` method, the package would use a series of unsanitized and insecure input values from the mail as fallback. Even if a developer passes a `$filename` into the `Attachment::save()` method, e.g. by passing the name or filename of the mail attachment itself (from email headers), the input values never get sanitized by the package. There is also no restriction about the file extension (e.g. “.php”) or the contents of a file. This allows an attacker to upload malicious code of any type and content at any location where the underlying user has write permissions. The attacker can also overwrite existing files and inject malicious code into files that, e.g. get executed by the system via cron or requests. Version 5.3.0 contains a patch for this issue. | 2023-06-23 | not yet calculated | CVE-2023-35169 MISC MISC MISC MISC MISC |
nextcloud — server/enterprise_server | NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker’s site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available. | 2023-06-23 | not yet calculated | CVE-2023-35171 MISC MISC MISC |
nextcloud — server/enterprise_server | NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available. | 2023-06-23 | not yet calculated | CVE-2023-35172 MISC MISC MISC |
nextcloud — end-to-end_encryption_app | Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix. | 2023-06-23 | not yet calculated | CVE-2023-35173 MISC MISC MISC |
livebook-dev — livebook | Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim’s machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3. | 2023-06-22 | not yet calculated | CVE-2023-35174 MISC MISC MISC MISC MISC |
progess – whatsup_gold | In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim’s browser, aka XSS. | 2023-06-23 | not yet calculated | CVE-2023-35759 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions. | 2023-06-19 | not yet calculated | CVE-2023-35772 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backup Solutions WP Backup Manager plugin <= 1.13.1 versions. | 2023-06-19 | not yet calculated | CVE-2023-35775 MISC |
wordpress — wordpress |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Beplus Sermon’e – Sermons Online plugin <= 1.0.0 versions. | 2023-06-19 | not yet calculated | CVE-2023-35776 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed Webs Seed Fonts plugin <= 2.3.1 versions. | 2023-06-19 | not yet calculated | CVE-2023-35779 MISC |
safe — softwarez_fme_server | A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have access to a user account with write privileges. FME Flow 2023.0 is also a fixed version. | 2023-06-23 | not yet calculated | CVE-2023-35801 MISC MISC CONFIRM |
sugarcrm — enterprise | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected. | 2023-06-17 | not yet calculated | CVE-2023-35808 MISC |
sugarcrm — enterprise | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected. | 2023-06-17 | not yet calculated | CVE-2023-35809 MISC |
sugarcrm — enterprise | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing input validation. Admin user privileges are required to exploit this vulnerability. Editions other than Enterprise are also affected. | 2023-06-17 | not yet calculated | CVE-2023-35810 MISC |
sugarcrm — enterprise | An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected. | 2023-06-17 | not yet calculated | CVE-2023-35811 MISC |
sitecore — multiple_products | Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. | 2023-06-17 | not yet calculated | CVE-2023-35813 MISC |
linux — kernel |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. | 2023-06-18 | not yet calculated | CVE-2023-35823 MISC MISC MISC MISC |
linux — kernel |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. | 2023-06-18 | not yet calculated | CVE-2023-35824 MISC MISC MISC MISC |
linux — kernel |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. | 2023-06-18 | not yet calculated | CVE-2023-35826 MISC MISC MISC MISC |
linux — kernel |
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. | 2023-06-18 | not yet calculated | CVE-2023-35827 MISC MISC |
linux — kernel |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. | 2023-06-18 | not yet calculated | CVE-2023-35828 MISC MISC MISC MISC |
linux — kernel |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. | 2023-06-18 | not yet calculated | CVE-2023-35829 MISC MISC MISC MISC |
solon — solon | Solon before 2.3.3 allows Deserialization of Untrusted Data. | 2023-06-19 | not yet calculated | CVE-2023-35839 MISC MISC |
elfinder — elfinder | _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. | 2023-06-19 | not yet calculated | CVE-2023-35840 MISC MISC MISC MISC |
nocodb — nocodb | NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information. | 2023-06-19 | not yet calculated | CVE-2023-35843 MISC MISC MISC |
lightdash — lightdash | packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used. | 2023-06-19 | not yet calculated | CVE-2023-35844 MISC MISC MISC MISC |
picotcp — picotcp | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering. | 2023-06-19 | not yet calculated | CVE-2023-35846 MISC |
picotcp — picotcp | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero). | 2023-06-19 | not yet calculated | CVE-2023-35847 MISC |
picotcp — picotcp | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member. | 2023-06-19 | not yet calculated | CVE-2023-35848 MISC |
picotcp — picotcp | VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet. | 2023-06-19 | not yet calculated | CVE-2023-35849 MISC |
suricata — suricata |
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation. | 2023-06-19 | not yet calculated | CVE-2023-35852 MISC MISC MISC MISC |
suricata — suricata |
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section. | 2023-06-19 | not yet calculated | CVE-2023-35853 MISC MISC MISC |
zoho — manageengine_adselfservice_plus | Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. | 2023-06-20 | not yet calculated | CVE-2023-35854 MISC MISC |
counter-strike — counter-strike | A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client’s machine by modifying the lservercfgfile console variable. | 2023-06-19 | not yet calculated | CVE-2023-35855 MISC |
nintendo — multiple_mario_kart_wii_versions | A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client’s machine via a crafted packet. | 2023-06-19 | not yet calculated | CVE-2023-35856 MISC |
siren — investigate | In Siren Investigate before 13.2.2, session keys remain active even after logging out. | 2023-06-19 | not yet calculated | CVE-2023-35857 MISC MISC |
libcoap — libcoap | libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c. | 2023-06-19 | not yet calculated | CVE-2023-35862 MISC MISC MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vadym K. Extra User Details plugin <= 0.5 versions. | 2023-06-20 | not yet calculated | CVE-2023-35878 MISC |
wordpress — wordpress |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor Super Socializer plugin <= 7.13.52 versions. | 2023-06-20 | not yet calculated | CVE-2023-35882 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions. | 2023-06-20 | not yet calculated | CVE-2023-35884 MISC |
cloudpanel_2 — cloudpanel_2 | CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. | 2023-06-20 | not yet calculated | CVE-2023-35885 MISC |
wordpress — wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. | 2023-06-22 | not yet calculated | CVE-2023-35917 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions. | 2023-06-22 | not yet calculated | CVE-2023-35918 MISC |
intellectualsites — fastasyncworldedit | FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3. | 2023-06-23 | not yet calculated | CVE-2023-35925 MISC MISC MISC |
backstage — backstage | Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of `@backstage/plugin-scaffolder-backend`. | 2023-06-22 | not yet calculated | CVE-2023-35926 MISC MISC MISC |
nextcloud — server/enterprise_server | NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, when two server are registered as trusted servers for each other and successfully exchanged the share secrets, the malicious server could modify or delete VCards in the system addressbook on the origin server. This would impact the available and shown information in certain places, such as the user search and avatar menu. If a manipulated user modifies their own data in the personal settings the entry is fixed again. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. A workaround is available. Remove all trusted servers in the “Administration” > “Sharing” settings `…/index.php/settings/admin/sharing`. Afterwards, trigger a recreation of the local system addressbook with the following `occ dav:sync-system-addressbook`. | 2023-06-23 | not yet calculated | CVE-2023-35927 MISC MISC MISC |
nextcloud — server/enterprise_server | Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, a user could use this functionality to get access to the login credentials of another user and take over their account. This issue has been patched in Nextcloud Server versions 25.0.7 and 26.0.2 and NextCloud Enterprise Server versions 19.0.13.9, 20.0.14.14, 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2. Three workarounds are available. Disable app files_external. Change config setting “Allow users to mount external storage” to disabled in “Administration” > “External storage” settings `…/index.php/settings/admin/externalstorages`. Change config setting to disallow users to create external storages in “Administration” > “External storage” settings `…/index.php/settings/admin/externalstorages` with the types FTP, Nextcloud, SFTP, and/or WebDAV. | 2023-06-23 | not yet calculated | CVE-2023-35928 MISC MISC MISC |
shescape — shescape | Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1. | 2023-06-23 | not yet calculated | CVE-2023-35931 MISC MISC MISC MISC |
jcvi — jcvi | jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix. | 2023-06-23 | not yet calculated | CVE-2023-35932 MISC MISC |
eyoucms — eyoucms | There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3 | 2023-06-22 | not yet calculated | CVE-2023-36093 MISC |
funadmin — funadmin | funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. | 2023-06-22 | not yet calculated | CVE-2023-36097 MISC |
sqlite3 — sqlite3 | sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c. | 2023-06-23 | not yet calculated | CVE-2023-36191 MISC |
sngrep — sngrep | Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c. | 2023-06-23 | not yet calculated | CVE-2023-36192 MISC |
gifsicle — gifsicle | Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c. | 2023-06-23 | not yet calculated | CVE-2023-36193 MISC |
libming_ listswf — libming_ listswf | libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c. | 2023-06-22 | not yet calculated | CVE-2023-36239 MISC |
flvmeta — flvmeta | FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c. | 2023-06-22 | not yet calculated | CVE-2023-36243 MISC |
libredwg — libredwg |
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c. | 2023-06-23 | not yet calculated | CVE-2023-36271 MISC |
libredwg — libredwg |
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c. | 2023-06-23 | not yet calculated | CVE-2023-36272 MISC |
libredwg — libredwg |
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | 2023-06-23 | not yet calculated | CVE-2023-36273 MISC |
libredwg — libredwg |
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c. | 2023-06-23 | not yet calculated | CVE-2023-36274 MISC |
webkul — qloapps | An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application’s authentication and authorization mechanisms and retrieve the contents of an entire database. | 2023-06-23 | not yet calculated | CVE-2023-36284 MISC |
webkul — qloapps | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user’s session cookie and then impersonate that user via POST controller parameter. | 2023-06-23 | not yet calculated | CVE-2023-36287 MISC |
webkul — qloapps | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user’s session cookie and then impersonate that user via GET configure parameter. | 2023-06-23 | not yet calculated | CVE-2023-36288 MISC |
webkul — qloapps | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user’s session cookie and then impersonate that user via POST email_create and back parameter. | 2023-06-23 | not yet calculated | CVE-2023-36289 MISC |
codekop — codekop |
A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. | 2023-06-23 | not yet calculated | CVE-2023-36345 MISC |
codekop — codekop |
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php. | 2023-06-23 | not yet calculated | CVE-2023-36346 MISC |
codekop — codekop |
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. | 2023-06-23 | not yet calculated | CVE-2023-36348 MISC |
tp-link — multiple_products |
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 2023-06-22 | not yet calculated | CVE-2023-36354 MISC |
tp-link — multiple_products |
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 2023-06-22 | not yet calculated | CVE-2023-36355 MISC |
tp-link — multiple_products |
TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 2023-06-22 | not yet calculated | CVE-2023-36356 MISC |
tp-link — multiple_products |
An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 2023-06-22 | not yet calculated | CVE-2023-36357 MISC |
tp-link — multiple_products |
TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 2023-06-22 | not yet calculated | CVE-2023-36358 MISC |
tp-link — multiple_products |
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 2023-06-22 | not yet calculated | CVE-2023-36359 MISC |
monetdb_server — monetdb_server |
An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2023-06-22 | not yet calculated | CVE-2023-36362 MISC |
monetdb_server — monetdb_server |
An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2023-06-22 | not yet calculated | CVE-2023-36363 MISC |
monetdb_server — monetdb_server |
An issue in the rel_deps component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2023-06-22 | not yet calculated | CVE-2023-36364 MISC |
monetdb_server — monetdb_server |
An issue in the sql_trans_copy_key component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2023-06-22 | not yet calculated | CVE-2023-36365 MISC |
monetdb_server — monetdb_server |
An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service (DoS) via crafted SQL statements. | 2023-06-22 | not yet calculated | CVE-2023-36366 MISC |
monetdb_server — monetdb_server |
An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2023-06-22 | not yet calculated | CVE-2023-36367 MISC |
monetdb_server — monetdb_server |
An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2023-06-22 | not yet calculated | CVE-2023-36368 MISC |
monetdb_server — monetdb_server |
An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2023-06-22 | not yet calculated | CVE-2023-36369 MISC |
monetdb_server — monetdb_server |
An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2023-06-22 | not yet calculated | CVE-2023-36370 MISC |
monetdb_server — monetdb_server |
An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2023-06-22 | not yet calculated | CVE-2023-36371 MISC |