Vulnerability Summary for the Week of July 3, 2023

Posted by:

|

On:

|

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
sem-cms — semcms File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. 2023-06-30 9.8 CVE-2020-18432
MISC
MISC
flatnest_project — flatnest All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in flatnest/nest.js file. 2023-06-30 9.8 CVE-2023-26135
MISC
MISC
MISC
salesforce — tough-cookie Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. 2023-07-01 9.8 CVE-2023-26136
MISC
MISC
MISC
MISC
wordpress — wordpress The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. 2023-06-30 9.8 CVE-2023-2834
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the ‘hidden_form_data’ function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. 2023-06-30 9.8 CVE-2023-3249
MISC
MISC
retro_cellphone_online_store_project — retro_cellphone_online_store A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232752. 2023-06-30 9.8 CVE-2023-3473
MISC
MISC
MISC
fossbilling — fossbilling SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3. 2023-06-30 9.8 CVE-2023-3490
MISC
MISC
hp — laserjet_pro_mfp_m478-m479_w1a75a_firmware Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model. 2023-06-30 9.8 CVE-2023-35175
MISC
mediawiki — mediawiki An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message. 2023-06-30 9.8 CVE-2023-37303
MISC
MISC
wordpress — wordpress The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 8.8 CVE-2020-36740
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 8.8 CVE-2020-36745
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 2023-07-01 8.8 CVE-2021-31982
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 2023-07-01 8.8 CVE-2021-34475
MISC
wordpress — wordpress The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 8.8 CVE-2021-4387
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to update custom field meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 8.8 CVE-2021-4394
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization(), connection_test_initiater(), admin_menus(), and subscribe_handler() function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 8.8 CVE-2021-4399
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 8.8 CVE-2021-4401
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
westerndigital — my_cloud_os Post-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This issue affects My Cloud OS 5 devices: before 5.26.300. 2023-06-30 8.8 CVE-2023-22815
MISC
westerndigital — my_cloud_os A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300. 2023-06-30 8.8 CVE-2023-22816
MISC
wordpress — wordpress The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts. 2023-06-30 8.8 CVE-2023-3063
MISC
MISC
fossbilling — fossbilling Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. 2023-06-30 8.8 CVE-2023-3491
MISC
MISC
hp — laserjet_pro_mfp_m478-m479_w1a75a_firmware Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. 2023-06-30 8.8 CVE-2023-35176
MISC
hp — laserjet_pro_mfp_m478-m479_w1a75a_firmware Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. 2023-06-30 8.8 CVE-2023-35177
MISC
hp — laserjet_pro_mfp_m478-m479_w1a75a_firmware Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. 2023-06-30 8.8 CVE-2023-35178
MISC
maxprintisp — maxlink_1200g_firmware Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the “Diagnostic tool” functionality of the device. 2023-06-30 8.8 CVE-2023-36143
MISC
MISC
wavlink — wl-wn531ax2_firmware Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in. 2023-06-30 8.1 CVE-2023-32613
MISC
MISC
fossbilling — fossbilling Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3. 2023-06-30 8 CVE-2023-3493
MISC
MISC
google — android In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07611449; Issue ID: ALPS07441735. 2023-07-04 7.8 CVE-2023-20773
MISC
linux — kernel A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system. 2023-06-30 7.8 CVE-2023-3117
MISC
perimeter81 — xpc_helpertool com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. 2023-06-30 7.8 CVE-2023-33298
MISC
MISC
linuxfoundation — yocto In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014. 2023-07-04 7.5 CVE-2022-32666
MISC
linuxfoundation — yocto In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664741; Issue ID: ALPS07664741. 2023-07-04 7.5 CVE-2023-20689
MISC
linuxfoundation — yocto In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664735; Issue ID: ALPS07664735. 2023-07-04 7.5 CVE-2023-20690
MISC
linuxfoundation — yocto In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664731; Issue ID: ALPS07664731. 2023-07-04 7.5 CVE-2023-20691
MISC
linuxfoundation — yocto In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664720; Issue ID: ALPS07664720. 2023-07-04 7.5 CVE-2023-20692
MISC
linuxfoundation — yocto In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711. 2023-07-04 7.5 CVE-2023-20693
MISC
frauscher_sensortechnik — gmbh_fds001_for_fadc/fadci Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device. 2023-07-05 7.5 CVE-2023-2880
MISC
linux — kernel A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. 2023-06-30 7.5 CVE-2023-3338
MISC
codekop — codekop A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. 2023-06-30 7.5 CVE-2023-36347
MISC
MISC
misp-project — malware_information_sharing_platform MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages. 2023-06-30 7.5 CVE-2023-37306
MISC
MISC
misp-project — malware_information_sharing_platform In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. 2023-06-30 7.5 CVE-2023-37307
MISC
MISC
wavlink — wl-wn531ax2_firmware Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege. 2023-06-30 7.2 CVE-2023-32612
MISC
MISC
wavlink — wl-wn531ax2_firmware WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege. 2023-06-30 7.2 CVE-2023-32621
MISC
MISC
wavlink — wl-wn531ax2_firmware Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege. 2023-06-30 7.2 CVE-2023-32622
MISC
MISC
ibos — ibos A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-06-30 7.2 CVE-2023-3478
MISC
MISC
MISC
malwarebytes — anti-exploit Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a ‘’ character. 2023-06-30 7.1 CVE-2023-27469
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
google — android In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07588667. 2023-07-04 6.7 CVE-2023-20753
MISC
google — android In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07588343. 2023-07-04 6.7 CVE-2023-20754
MISC
google — android In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07509605. 2023-07-04 6.7 CVE-2023-20755
MISC
google — android In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07549928. 2023-07-04 6.7 CVE-2023-20756
MISC
google — android In cmdq, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636133. 2023-07-04 6.7 CVE-2023-20757
MISC
google — android In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578. 2023-07-04 6.7 CVE-2023-20760
MISC
google — android In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628582. 2023-07-04 6.7 CVE-2023-20761
MISC
google — android In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573202. 2023-07-04 6.7 CVE-2023-20766
MISC
google — android In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584. 2023-07-04 6.7 CVE-2023-20767
MISC
google — android In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800. 2023-07-04 6.7 CVE-2023-20768
MISC
google — android In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441796; Issue ID: ALPS07441796. 2023-07-04 6.7 CVE-2023-20772
MISC
google — android In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292228; Issue ID: ALPS07292228. 2023-07-04 6.7 CVE-2023-20774
MISC
google — android In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07978760; Issue ID: ALPS07363410. 2023-07-04 6.7 CVE-2023-20775
MISC
wordpress — wordpress The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 6.5 CVE-2021-4395
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
pleasanter — pleasanter Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server. 2023-06-30 6.5 CVE-2023-32608
MISC
MISC
wavlink — wl-wn531ax2_firmware Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. 2023-06-30 6.5 CVE-2023-32620
MISC
MISC
ovarro — tbox_ms-cpu32_firmware ?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer. 2023-07-03 6.5 CVE-2023-3395
MISC
ovarro — tbox_ms-cpu32_firmware The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens. 2023-07-03 6.5 CVE-2023-36611
MISC
hnswlib_project — hnswlib Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer. 2023-06-30 6.5 CVE-2023-37365
MISC
google — android In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046. 2023-07-04 6.4 CVE-2023-20771
MISC
gira — knx_ip_router_firmware The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a “404 – Not Found” status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS). 2023-06-30 6.1 CVE-2023-33276
MISC
MISC
simplephpscripts — simple_blog A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability. 2023-06-30 6.1 CVE-2023-3474
MISC
MISC
simplephpscripts — event_script A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability. 2023-06-30 6.1 CVE-2023-3475
MISC
MISC
simplephpscripts — guestbook_script A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755. 2023-06-30 6.1 CVE-2023-3476
MISC
MISC
rocketsoft — rocket_lms A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756. 2023-06-30 6.1 CVE-2023-3477
MISC
MISC
hestiacp — control_panel Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. 2023-06-30 6.1 CVE-2023-3479
MISC
MISC
angular-ui-notification_project — angular-ui-notification angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability. 2023-06-30 6.1 CVE-2023-34840
MISC
MISC
MISC
joplin_project — joplin Joplin before 2.11.5 allows XSS via a USE element in an SVG document. 2023-06-30 6.1 CVE-2023-37298
MISC
MISC
MISC
joplin_project — joplin Joplin before 2.11.5 allows XSS via an AREA element of an image map. 2023-06-30 6.1 CVE-2023-37299
MISC
MISC
MISC
mediawiki — mediawiki An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute). 2023-06-30 6.1 CVE-2023-37302
MISC
MISC
MISC
pacparser_project — pacparser pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products). 2023-06-30 6.1 CVE-2023-37360
MISC
ovarro — tbox_ms-cpu32_firmware ?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves. 2023-07-03 5.9 CVE-2023-36610
MISC
uzabase — newspicks “NewsPicks” App for Android versions 10.4.5 and earlier and “NewsPicks” App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service. 2023-06-30 5.5 CVE-2023-28387
MISC
MISC
MISC
gradle — gradle Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency’s coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build’s configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit. 2023-06-30 5.5 CVE-2023-35946
MISC
MISC
MISC
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 2023-07-01 5.4 CVE-2021-34506
MISC
pleasanter — pleasanter Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. 2023-06-30 5.4 CVE-2023-32607
MISC
MISC
multilaser — re170_firmware A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733. 2023-06-30 5.4 CVE-2023-36146
MISC
MISC
mediawiki — mediawiki An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature. 2023-06-30 5.4 CVE-2023-37304
MISC
MISC
wordpress — wordpress The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties. 2023-07-01 5.3 CVE-2021-4388
MISC
MISC
MISC
mediawiki — mediawiki An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users. 2023-06-30 5.3 CVE-2023-37300
MISC
MISC
mediawiki — mediawiki An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn’t use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur. 2023-06-30 5.3 CVE-2023-37301
MISC
MISC
mediawiki — mediawiki An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces. 2023-06-30 5.3 CVE-2023-37305
MISC
MISC
sophos — web_appliance Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. 2023-06-30 4.8 CVE-2023-33336
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2. 2023-06-30 4.8 CVE-2023-3469
MISC
MISC
google — android In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07536951; Issue ID: ALPS07536951. 2023-07-04 4.4 CVE-2023-20748
MISC
google — android In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636130. 2023-07-04 4.4 CVE-2023-20758
MISC
google — android In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07634601. 2023-07-04 4.4 CVE-2023-20759
MISC
wordpress — wordpress The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36735
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the export_json, import_json, and status_logs_file functions. This makes it possible for unauthenticated attackers to import/export settings and trigger logs showing via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36736
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to display an import status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36737
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36738
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the my_fts_fb_load_more() function. This makes it possible for unauthenticated attackers to load feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36739
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36741
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to edit meta field values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36742
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to update product meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36743
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36744
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswp_save_meta() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36746
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to save metbox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36747
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36748
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2020-36749
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Information Disclosure Vulnerability 2023-07-01 4.3 CVE-2021-42307
MISC
wordpress — wordpress The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the load_images_thumbnail() and edit_gallery() functions. This makes it possible for unauthenticated attackers to edit galleries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4384
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_groups() function. This makes it possible for unauthenticated attackers to add new group members via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4385
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4386
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4389
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. This makes it possible for unauthenticated attackers to quick edit templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4390
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4391
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to save product meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4392
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save manual digital orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4393
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the save_rc_post_meta() function. This makes it possible for unauthenticated attackers to save post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4396
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4397
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4398
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process_settings_import() and bsearch_process_settings_export() functions. This makes it possible for unauthenticated attackers to import and export settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4400
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently() functions. This makes it possible for unauthenticated attackers to add additional roles to users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4402
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the validate() function. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4403
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. This makes it possible for unauthenticated attackers to op into notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4404
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed parameters for autosuggest to elasticpress[.]io via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-07-01 4.3 CVE-2021-4405
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
temporal — temporal Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace. 2023-06-30 3.6 CVE-2023-3485
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
duxcms — duxcms File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload. 2023-07-06 not yet calculated CVE-2020-21861
MISC
duxcms — duxcms Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del. 2023-07-06 not yet calculated CVE-2020-21862
MISC
fuel-cms — fuel-cms Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function. 2023-07-03 not yet calculated CVE-2020-22151
MISC
fuel-cms — fuel-cms Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function. 2023-07-03 not yet calculated CVE-2020-22152
MISC
fuel-cms — fuel-cms File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. 2023-07-03 not yet calculated CVE-2020-22153
MISC
pdfcrack — pdfcrack An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function. 2023-07-06 not yet calculated CVE-2020-22336
MISC
jerryscript_ project — jerryscript An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter. 2023-07-03 not yet calculated CVE-2020-22597
MISC
selenium — grid A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page. 2023-07-05 not yet calculated CVE-2020-23452
MISC
gnuplot — gnuplot gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest(). 2023-07-05 not yet calculated CVE-2020-25969
MISC
wordpress — wordpress The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the admin_enqueue_scripts action which displays the connection key. This makes it possible for authenticated attackers with any level of access obtaining owner access to a site in the Google Search Console. We recommend upgrading to V1.8.1 or above. 2023-07-07 not yet calculated CVE-2020-8934
MISC
radare2 — radare2 Radare2 has a division by zero vulnerability in Mach-O parser’s rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. 2023-07-07 not yet calculated CVE-2021-32494
MISC
MISC
radare2 — radare2 Radare2 has a use-after-free vulnerability in pyc parser’s get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service. 2023-07-07 not yet calculated CVE-2021-32495
MISC
MISC
mujs — mujs In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. 2023-07-07 not yet calculated CVE-2021-33796
MISC
libpano13 — libpano13 A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file. 2023-07-07 not yet calculated CVE-2021-33798
MISC
MISC
ibm — cloud_object_system IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650. 2023-07-07 not yet calculated CVE-2021-39014
MISC
MISC
huawei — harmonyos Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. 2023-07-05 not yet calculated CVE-2021-46890
MISC
MISC
huawei — harmonyos Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. 2023-07-05 not yet calculated CVE-2021-46891
MISC
MISC
huawei — harmonyos Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality. 2023-07-06 not yet calculated CVE-2021-46892
MISC
MISC
huawei — harmonyos Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity. 2023-07-05 not yet calculated CVE-2021-46893
MISC
MISC
huawei — harmonyos Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation. 2023-07-06 not yet calculated CVE-2021-46894
MISC
MISC
px4-autopilot — px4-autopilot Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332. 2023-07-06 not yet calculated CVE-2021-46896
MISC
solus_labs — solusvm Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization. 2023-07-05 not yet calculated CVE-2022-42175
MISC
MISC
MISC
keycloak– keycloak Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. 2023-07-07 not yet calculated CVE-2022-4361
MISC
MISC
nexxt_solutions — nebular_1200-ac Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET. 2023-07-06 not yet calculated CVE-2022-46080
MISC
MISC
wordpress — wordpress The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-07-04 not yet calculated CVE-2022-4623
MISC
huawei — harmonyos Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-07-06 not yet calculated CVE-2022-48507
MISC
MISC
huawei — harmonyos Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity. 2023-07-06 not yet calculated CVE-2022-48508
MISC
MISC
huawei — harmonyos Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally. 2023-07-06 not yet calculated CVE-2022-48509
MISC
MISC
huawei — harmonyos Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations. 2023-07-06 not yet calculated CVE-2022-48510
MISC
MISC
huawei — harmonyos Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally. 2023-07-06 not yet calculated CVE-2022-48511
MISC
MISC
huawei — harmonyos Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally. 2023-07-06 not yet calculated CVE-2022-48512
MISC
MISC
huawei — harmonyos Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access. 2023-07-06 not yet calculated CVE-2022-48513
MISC
MISC
huawei — harmonyos The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality. 2023-07-06 not yet calculated CVE-2022-48514
MISC
huawei — harmonyos Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality. 2023-07-06 not yet calculated CVE-2022-48515
MISC
MISC
huawei — harmonyos Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality. 2023-07-06 not yet calculated CVE-2022-48516
MISC
MISC
huawei — harmonyos Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability. 2023-07-06 not yet calculated CVE-2022-48517
MISC
MISC
huawei — harmonyos Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance. 2023-07-06 not yet calculated CVE-2022-48518
MISC
MISC
huawei — harmonyos Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality. 2023-07-06 not yet calculated CVE-2022-48519
MISC
MISC
huawei — harmonyos Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality. 2023-07-06 not yet calculated CVE-2022-48520
MISC
MISC
linux — kernel A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. 2023-06-30 not yet calculated CVE-2023-1206
MISC
wordpress — wordpress The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks 2023-07-04 not yet calculated CVE-2023-1273
MISC
servicenow — now_user_experience ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts. 2023-07-06 not yet calculated CVE-2023-1298
MISC
MISC
huawei — harmonyos Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally. 2023-07-06 not yet calculated CVE-2023-1691
MISC
MISC
huawei — harmonyos Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally. 2023-07-06 not yet calculated CVE-2023-1695
MISC
MISC
wordpress — wordpress The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll. 2023-07-04 not yet calculated CVE-2023-2010
MISC
cisco — webex_meetings A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2023-07-07 not yet calculated CVE-2023-20133
MISC
cisco — webex_meetings A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions. 2023-07-07 not yet calculated CVE-2023-20180
MISC
vmware — sd-wan_edge VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. 2023-07-06 not yet calculated CVE-2023-20899
MISC
qualcomm_inc. — snapdragon Information disclosure in DSP Services while loading dynamic module. 2023-07-04 not yet calculated CVE-2023-21624
MISC
qualcomm_inc. — snapdragon Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. 2023-07-04 not yet calculated CVE-2023-21629
MISC
qualcomm_inc. — snapdragon Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. 2023-07-04 not yet calculated CVE-2023-21631
MISC
qualcomm_inc. — snapdragon Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. 2023-07-04 not yet calculated CVE-2023-21633
MISC
qualcomm_inc. — snapdragon Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony. 2023-07-04 not yet calculated CVE-2023-21635
MISC
qualcomm_inc. — snapdragon Memory corruption in Linux while calling system configuration APIs. 2023-07-04 not yet calculated CVE-2023-21637
MISC
qualcomm_inc. — snapdragon Memory corruption in Video while calling APIs with different instance ID than the one received in initialization. 2023-07-04 not yet calculated CVE-2023-21638
MISC
qualcomm_inc. — snapdragon Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client. 2023-07-04 not yet calculated CVE-2023-21639
MISC
qualcomm_inc. — snapdragon Memory corruption in Linux when the file upload API is called with parameters having large buffer. 2023-07-04 not yet calculated CVE-2023-21640
MISC
qualcomm_inc. — snapdragon An app with non-privileged access can change global system brightness and cause undesired system behavior. 2023-07-04 not yet calculated CVE-2023-21641
MISC
qualcomm_inc. — snapdragon Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions. 2023-07-04 not yet calculated CVE-2023-21672
MISC
milesight — ur32l An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-22299
MISC
milesight — ur32l An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-22306
MISC
milesight — vpn A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-22319
MISC
milesight — ur32l An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-22365
MISC
milesight — vpn An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-22371
MISC
qualcomm_inc. — snapdragon Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. 2023-07-04 not yet calculated CVE-2023-22386
MISC
qualcomm_inc. — snapdragon Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. 2023-07-04 not yet calculated CVE-2023-22387
MISC
milesight — ur32l An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An attacker can send an HTTP request to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-22653
MISC
milesight — ur32l An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-22659
MISC
qualcomm_inc. — snapdragon Memory Corruption in Audio while allocating the ion buffer during the music playback. 2023-07-04 not yet calculated CVE-2023-22667
MISC
western_digital — my_cloud_os_5 An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202. 2023-07-01 not yet calculated CVE-2023-22814
MISC
milesight — vpn An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-22844
MISC
hero_electronix — qubo_hcd01_02_v1.38_20220125_devices Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password. 2023-07-04 not yet calculated CVE-2023-22906
MISC
MISC
wordpress — wordpress The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-07-04 not yet calculated CVE-2023-2320
MISC
wordpress — wordpress The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-07-04 not yet calculated CVE-2023-2321
MISC
wordpress — wordpress The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-07-04 not yet calculated CVE-2023-2324
MISC
wordpress — wordpress The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-07-04 not yet calculated CVE-2023-2333
MISC
milesight — ur32l A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-23546
MISC
milesight — ur32l A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-23547
MISC
milesight — ur32l An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-23550
MISC
milesight — ur32l An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-23571
MISC
milesight — ur32l A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-23902
MISC
milesight — vpn A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-23907
MISC
milesight — ur32l A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send an HTTP request to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-24018
MISC
milesight — ur32l A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-24019
MISC
nio — ec6_aspen An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal. 2023-07-06 not yet calculated CVE-2023-24256
MISC
milesight — vpn Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database. 2023-07-06 not yet calculated CVE-2023-24496
MISC
milesight — vpn Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database 2023-07-06 not yet calculated CVE-2023-24497
MISC
milesight — ur32l Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility. 2023-07-06 not yet calculated CVE-2023-24519
MISC
milesight — ur32l Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility. 2023-07-06 not yet calculated CVE-2023-24520
MISC
milesight — ur32l Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet. 2023-07-06 not yet calculated CVE-2023-24582
MISC
milesight — ur32l Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a UDP packet. 2023-07-06 not yet calculated CVE-2023-24583
MISC
milesight — ur32l An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. 2023-07-06 not yet calculated CVE-2023-24595
MISC
qualcomm_inc. — snapdragon Memory Corruption in WLAN HOST while parsing QMI response message from firmware. 2023-07-04 not yet calculated CVE-2023-24851
MISC
qualcomm_inc. — snapdragon Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. 2023-07-04 not yet calculated CVE-2023-24854
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables. 2023-07-06 not yet calculated CVE-2023-25081
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables. 2023-07-06 not yet calculated CVE-2023-25082
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip and mac variables. 2023-07-06 not yet calculated CVE-2023-25083
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip, mac and description variables. 2023-07-06 not yet calculated CVE-2023-25084
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables. 2023-07-06 not yet calculated CVE-2023-25085
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables. 2023-07-06 not yet calculated CVE-2023-25086
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dport variables. 2023-07-06 not yet calculated CVE-2023-25087
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables. 2023-07-06 not yet calculated CVE-2023-25088
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1. 2023-07-06 not yet calculated CVE-2023-25089
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables. 2023-07-06 not yet calculated CVE-2023-25090
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1. 2023-07-06 not yet calculated CVE-2023-25091
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and out_acl variables. 2023-07-06 not yet calculated CVE-2023-25092
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable.. 2023-07-06 not yet calculated CVE-2023-25093
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the into_class_node function with either the class_name or old_class_name variable. 2023-07-06 not yet calculated CVE-2023-25094
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands. 2023-07-06 not yet calculated CVE-2023-25095
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings. 2023-07-06 not yet calculated CVE-2023-25096
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable. 2023-07-06 not yet calculated CVE-2023-25097
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable. 2023-07-06 not yet calculated CVE-2023-25098
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the dest variable. 2023-07-06 not yet calculated CVE-2023-25099
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the default_class variable. 2023-07-06 not yet calculated CVE-2023-25100
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_key variable. 2023-07-06 not yet calculated CVE-2023-25101
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the hub_ip and the hub_gre_ip variables. 2023-07-06 not yet calculated CVE-2023-25102
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables. 2023-07-06 not yet calculated CVE-2023-25103
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables. 2023-07-06 not yet calculated CVE-2023-25104
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable. 2023-07-06 not yet calculated CVE-2023-25105
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables. 2023-07-06 not yet calculated CVE-2023-25106
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_subnet and the remote_mask variables. 2023-07-06 not yet calculated CVE-2023-25107
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_ip variable. 2023-07-06 not yet calculated CVE-2023-25108
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable. 2023-07-06 not yet calculated CVE-2023-25109
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_virtual_ip variable. 2023-07-06 not yet calculated CVE-2023-25110
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable. 2023-07-06 not yet calculated CVE-2023-25111
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables. 2023-07-06 not yet calculated CVE-2023-25112
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the key variable. 2023-07-06 not yet calculated CVE-2023-25113
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the expert_options variable. 2023-07-06 not yet calculated CVE-2023-25114
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_ip and the port variables. 2023-07-06 not yet calculated CVE-2023-25115
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the remote_virtual_ip variables. 2023-07-06 not yet calculated CVE-2023-25116
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the local_virtual_mask variables. 2023-07-06 not yet calculated CVE-2023-25117
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the username and the password variables. 2023-07-06 not yet calculated CVE-2023-25118
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_pptp function with the remote_subnet and the remote_mask variables. 2023-07-06 not yet calculated CVE-2023-25119
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the cisco_secret variable. 2023-07-06 not yet calculated CVE-2023-25120
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable. 2023-07-06 not yet calculated CVE-2023-25121
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables. 2023-07-06 not yet calculated CVE-2023-25122
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables when action is 2. 2023-07-06 not yet calculated CVE-2023-25123
MISC
milesight — ur32l Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables. 2023-07-06 not yet calculated CVE-2023-25124
MISC
multitech — conduit_ap Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload. 2023-07-07 not yet calculated CVE-2023-25201
MISC
MISC
tyan — s5552_bmc A CWE-552 “Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS. 2023-07-05 not yet calculated CVE-2023-2538
MISC
scipy — scipy A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. 2023-07-05 not yet calculated CVE-2023-25399
MISC
MISC
MISC
nvidia — gpu_display_driver_for_linux NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service. 2023-07-04 not yet calculated CVE-2023-25516
MISC
nvidia– virtual_gpu_manager NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. 2023-07-04 not yet calculated CVE-2023-25517
MISC
nvidia — dgx_a100/a800 NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. 2023-07-04 not yet calculated CVE-2023-25521
MISC
nvidia — dgx_a100/a800 NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. 2023-07-04 not yet calculated CVE-2023-25522
MISC
nvidia — cuda_toolkit_for_linux_and_windows NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service. 2023-07-04 not yet calculated CVE-2023-25523
MISC
milesight — ur32l Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration. 2023-07-06 not yet calculated CVE-2023-25582
MISC
milesight — ur32l Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration. 2023-07-06 not yet calculated CVE-2023-25583
MISC
drogon_framework — drogon_framework All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the rn (carriage return line feeds) characters to end the HTTP response headers and inject malicious content. 2023-07-06 not yet calculated CVE-2023-26137
MISC
MISC
drogon_framework — drogon_framework All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the rn (carriage return line feeds) characters and inject additional headers in the request sent. 2023-07-06 not yet calculated CVE-2023-26138
MISC
MISC
ca_technologies — arcserve Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator. 2023-07-03 not yet calculated CVE-2023-26258
MISC
MISC
anydesk — anydesk AnyDesk 7.0.8 allows remote Denial of Service. 2023-07-03 not yet calculated CVE-2023-26509
MISC
MISC
MISC
pax_technology — a930 PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability. 2023-07-05 not yet calculated CVE-2023-27197
MISC
pax_technology — a930 PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability. 2023-07-05 not yet calculated CVE-2023-27198
MISC
pax_technology — a930 PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks. 2023-07-05 not yet calculated CVE-2023-27199
MISC
admin_panel_v3 — admin_panel_v3 A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field. 2023-07-06 not yet calculated CVE-2023-27225
MISC
MISC
kubernetes — kubernetes Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. 2023-07-03 not yet calculated CVE-2023-2727
MISC
MISC
MISC
kubernetes — kubernetes Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. 2023-07-03 not yet calculated CVE-2023-2728
MISC
MISC
MISC
diagon — diagon A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability. 2023-07-05 not yet calculated CVE-2023-27390
MISC
MISC
prestashop — prestashop SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components. 2023-07-07 not yet calculated CVE-2023-27845
MISC
CONFIRM
ivanti — ivanti_endpoint_manager A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines. 2023-07-01 not yet calculated CVE-2023-28323
MISC
ivanti — ivanti_endpoint_manager A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. 2023-07-01 not yet calculated CVE-2023-28324
MISC
brave_software — brave_browser_for_android An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. 2023-07-01 not yet calculated CVE-2023-28364
MISC
ubiquiti_inc. — unifi_network_application A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. 2023-07-01 not yet calculated CVE-2023-28365
MISC
qualcomm_inc. — snapdragon Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. 2023-07-04 not yet calculated CVE-2023-28541
MISC
qualcomm_inc. — snapdragon Memory Corruption in WLAN HOST while fetching TX status information. 2023-07-04 not yet calculated CVE-2023-28542
MISC
libtiff — libtiff A null pointer dereference issue was discovered in Libtiff’s tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service. 2023-06-30 not yet calculated CVE-2023-2908
MISC
MISC
MISC
MISC
malwarebytes — edr_1.0.11_for_linux The Malwarebytes EDR 1.0.11 for Linux driver doesn’t properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger. 2023-06-30 not yet calculated CVE-2023-29145
MISC
MISC
malwarebytes — edr_1.0.11_for_linux In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. 2023-06-30 not yet calculated CVE-2023-29147
MISC
MISC
bosch_security_systems — building_integration_system Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network 2023-06-30 not yet calculated CVE-2023-29241
MISC
synacor — zimbra_collaboration_zcs An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. 2023-07-06 not yet calculated CVE-2023-29381
MISC
MISC
synacor — zimbra_collaboration_zcs An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. 2023-07-06 not yet calculated CVE-2023-29382
MISC
MISC
darktrace — darktrace_for_android An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control “antigena” actions(block/unblock traffic) from the mobile application. This vulnerability could create a “shutdown”, blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed. 2023-07-06 not yet calculated CVE-2023-29656
MISC
MISC
red_hat — quarkus-core A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol. 2023-07-04 not yet calculated CVE-2023-2974
MISC
MISC
MISC
scipy — scipy A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. 2023-07-06 not yet calculated CVE-2023-29824
MISC
MISC
MISC
gis3w — g3w-suite A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter. 2023-07-07 not yet calculated CVE-2023-29998
MISC
CONFIRM
prestashop — prestashop In the module “Detailed Order” (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json. 2023-07-06 not yet calculated CVE-2023-30195
MISC
kodi — home_theater_software A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file. 2023-07-05 not yet calculated CVE-2023-30207
MISC
MISC
MISC
chatengine — wliang6_chatengine Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30319
CONFIRM
MISC
chatengine — wliang6_chatengine Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30320
MISC
CONFIRM
chatengine — wliang6_chatengine Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30321
MISC
CONFIRM
chatengine — payatu_chatengine Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30322
CONFIRM
MISC
chatengine — payatu_chatengine SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information. 2023-07-06 not yet calculated CVE-2023-30323
MISC
CONFIRM
chatengine — wliang6_chatengine SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information. 2023-07-06 not yet calculated CVE-2023-30325
MISC
CONFIRM
chatengine — wliang6_chatengine Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30326
CONFIRM
MISC
node.js — node.js A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process’s stack memory to locate the permission model Permission::enabled_ in the host process’s heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. 2023-07-01 not yet calculated CVE-2023-30586
MISC
node.js — node.js The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20 2023-07-01 not yet calculated CVE-2023-30589
MISC
atlassian — jira icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds. 2023-07-05 not yet calculated CVE-2023-30607
MISC
MISC
MISC
samsung_mobile — multiple_products Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration. 2023-07-06 not yet calculated CVE-2023-30640
MISC
samsung_mobile — multiple_products Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data. 2023-07-06 not yet calculated CVE-2023-30641
MISC
samsung_mobile — multiple_products Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function. 2023-07-06 not yet calculated CVE-2023-30642
MISC
samsung_mobile — multiple_products Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications. 2023-07-06 not yet calculated CVE-2023-30643
MISC
samsung_mobile — multiple_products Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30644
MISC
samsung_mobile — multiple_products Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30645
MISC
samsung_mobile — multiple_products Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30646
MISC
samsung_mobile — multiple_products Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30647
MISC
samsung_mobile — multiple_products Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system. 2023-07-06 not yet calculated CVE-2023-30648
MISC
samsung_mobile — multiple_products Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30649
MISC
samsung_mobile — multiple_products Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30650
MISC
samsung_mobile — multiple_products Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30651
MISC
samsung_mobile — multiple_products Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30652
MISC
samsung_mobile — multiple_products Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30653
MISC
samsung_mobile — multiple_products Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. 2023-07-06 not yet calculated CVE-2023-30655
MISC
samsung_mobile — multiple_products Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities. 2023-07-06 not yet calculated CVE-2023-30656
MISC
samsung_mobile — multiple_products Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. 2023-07-06 not yet calculated CVE-2023-30657
MISC
samsung_mobile — multiple_products Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. 2023-07-06 not yet calculated CVE-2023-30658
MISC
samsung_mobile — multiple_products Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. 2023-07-06 not yet calculated CVE-2023-30659
MISC
samsung_mobile — multiple_products Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. 2023-07-06 not yet calculated CVE-2023-30660
MISC
samsung_mobile — multiple_products Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. 2023-07-06 not yet calculated CVE-2023-30661
MISC
samsung_mobile — multiple_products Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. 2023-07-06 not yet calculated CVE-2023-30662
MISC
samsung_mobile — multiple_products Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. 2023-07-06 not yet calculated CVE-2023-30663
MISC
samsung_mobile — multiple_products Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. 2023-07-06 not yet calculated CVE-2023-30664
MISC
samsung_mobile — multiple_products Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read. 2023-07-06 not yet calculated CVE-2023-30665
MISC
samsung_mobile — multiple_products Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. 2023-07-06 not yet calculated CVE-2023-30666
MISC
samsung_mobile — multiple_products Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege. 2023-07-06 not yet calculated CVE-2023-30667
MISC
samsung_mobile — multiple_products Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30668
MISC
samsung_mobile — multiple_products Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30669
MISC
samsung_mobile — multiple_products Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code. 2023-07-06 not yet calculated CVE-2023-30670
MISC
samsung_mobile — multiple_products Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application. 2023-07-06 not yet calculated CVE-2023-30671
MISC
samsung_mobile — smart_switch Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction. 2023-07-06 not yet calculated CVE-2023-30672
MISC
samsung_mobile — smart_switch Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction. 2023-07-06 not yet calculated CVE-2023-30673
MISC
samsung_mobile — samsung_internet Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. 2023-07-06 not yet calculated CVE-2023-30674
MISC
samsung_mobile — samsung_pass Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed. 2023-07-06 not yet calculated CVE-2023-30675
MISC
samsung_mobile — samsung_pass Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass. 2023-07-06 not yet calculated CVE-2023-30676
MISC
samsung_mobile — samsung_pass Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device. 2023-07-06 not yet calculated CVE-2023-30677
MISC
google — android Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file. 2023-07-06 not yet calculated CVE-2023-30678
MISC
red_hat — multiple_products A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. 2023-07-05 not yet calculated CVE-2023-3089
MISC
MISC
ibm — i IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036. 2023-07-04 not yet calculated CVE-2023-30990
MISC
MISC
diagon — diagon An access violation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability. 2023-07-05 not yet calculated CVE-2023-31194
MISC
MISC
linux — kernel Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace 2023-07-05 not yet calculated CVE-2023-31248
MISC
MISC
MISC
piigab — m-bus PiiGAB M-Bus transmits credentials in plaintext format. 2023-07-06 not yet calculated CVE-2023-31277
MISC
wordpress — wordpress The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available. 2023-07-04 not yet calculated CVE-2023-3133
MISC
MISC
MISC
wordpress — wordpress The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered. 2023-07-04 not yet calculated CVE-2023-3139
MISC
MISC
pipreqs — pipreqs A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. 2023-06-30 not yet calculated CVE-2023-31543
MISC
MISC
ubiquiti_inc. — unifi_os UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. “Applicable Cloud Keys” include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus. 2023-07-01 not yet calculated CVE-2023-31997
MISC
npm — @fastify/oauth2 All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user’s session in some way that will allow the server to validate it. v7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object. 2023-07-04 not yet calculated CVE-2023-31999
MISC
MISC
MISC
ubiquiti — unifi_network_application A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. 2023-07-08 not yet calculated CVE-2023-32000
MISC
opensuse_tumbleweed — opensuse_tumbleweed Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. 2023-07-07 not yet calculated CVE-2023-32183
MISC
piigab — m-bus PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks. 2023-07-07 not yet calculated CVE-2023-32652
MISC
oracle — apache Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. This issue affects Apache Johnzon: through 1.2.20. 2023-07-07 not yet calculated CVE-2023-33008
MISC
trellix — enterprise_security_manager_for_windows An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands. 2023-07-03 not yet calculated CVE-2023-3313
MISC
trellix — enterprise_security_manager_for_windows A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges. 2023-07-03 not yet calculated CVE-2023-3314
MISC
bouncy_castle_for_java — bouncy_castle_for_java Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate’s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. 2023-07-05 not yet calculated CVE-2023-33201
CONFIRM
MISC
MISC
sophos — iview Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. 2023-07-05 not yet calculated CVE-2023-33335
MISC
toughnet — tn-5900_series TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users. 2023-07-05 not yet calculated CVE-2023-3336
MISC
ai-dev — aicombinationsonfly ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. 2023-07-07 not yet calculated CVE-2023-33664
MISC
CONFIRM
piigab — m-bus_softwarepack The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication. 2023-07-06 not yet calculated CVE-2023-33868
MISC
glpi — glpi GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch. 2023-07-05 not yet calculated CVE-2023-34106
MISC
MISC
glpi — glpi GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue. 2023-07-05 not yet calculated CVE-2023-34107
MISC
MISC
huawei — harmonyos Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability. 2023-07-06 not yet calculated CVE-2023-34164
MISC
MISC
synacor — zimbra_collaboration_zcs Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. 2023-07-06 not yet calculated CVE-2023-34192
MISC
MISC
MISC
synacor — zimbra_collaboration_zcs File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. 2023-07-06 not yet calculated CVE-2023-34193
MISC
MISC
MISC
zoho_manageengine — servicedesk_plus Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications. 2023-07-07 not yet calculated CVE-2023-34197
MISC
glpi — glpi GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8 to receive a patch. 2023-07-05 not yet calculated CVE-2023-34244
MISC
MISC
ami — megarac_spx AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 2023-07-05 not yet calculated CVE-2023-34337
MISC
ami — megarac_spx AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.  2023-07-05 not yet calculated CVE-2023-34338
MISC
trellix — move An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services. 2023-07-03 not yet calculated CVE-2023-3438
MISC
piigab — m-bus PiiGAB M-Bus stores passwords using a weak hash algorithm. 2023-07-07 not yet calculated CVE-2023-34433
MISC
cometbft — cometbft CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct `PeerState` is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places. The first is via logs, setting the `consensus` logging module to “debug” level (should not happen in production), and setting the log output format to JSON. The second is via RPC `dump_consensus_state`. Case 1, which should not be hit in production, will eventually hit the deadlock in most goroutines, effectively halting the node. In case 2, only the data structures related to the first peer will be deadlocked, together with the thread(s) dealing with the RPC request(s). This means that only one of the channels of communication to the node’s peers will be blocked. Eventually the peer will timeout and excluded from the list (typically after 2 minutes). The goroutines involved in the deadlock will not be garbage collected, but they will not interfere with the system after the peer is excluded. The theoretical worst case for case 2, is a network with only two validator nodes. In this case, each of the nodes only has one `PeerState` struct. If `dump_consensus_state` is called in either node (or both), the chain will halt until the peer connections time out, after which the nodes will reconnect (with different `PeerState` structs) and the chain will progress again. Then, the same process can be repeated. As the number of nodes in a network increases, and thus, the number of peer struct each node maintains, the possibility of reproducing the perturbation visible with two nodes decreases. Only the first `PeerState` struct will deadlock, and not the others (RPC `dump_consensus_state` accesses them in a for loop, so the deadlock at the first iteration causes the rest of the iterations of that “for” loop to never be reached). This regression was fixed in versions 0.34.29 and 0.37.2. Some workarounds are available. For case 1 (hitting the deadlock via logs), either don’t set the log output to “json”, leave at “plain”, or don’t set the consensus logging module to “debug”, leave it at “info” or higher. For case 2 (hitting the deadlock via RPC `dump_consensus_state`), do not expose `dump_consensus_state` RPC endpoint to the public internet (e.g., via rules in one’s nginx setup). 2023-07-03 not yet calculated CVE-2023-34450
MISC
MISC
MISC
MISC
cometbft — cometbft CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index (if any) of the transaction in the list. In `v0.37.0`, and `v0.37.1`, as well as in `v0.34.28`, and all previous releases of the CometBFT repo2, it is possible to have them out of sync. When this happens, the list may contain several copies of the same transaction. Because the map tracks a single index, it is then no longer possible to remove all the copies of the transaction from the list. This happens even if the duplicated transaction is later committed in a block. The only way to remove the transaction is by restarting the node. The above problem can be repeated on and on until a sizable number of transactions are stuck in the mempool, in order to try to bring down the target node. The problem is fixed in releases `v0.34.29` and `v0.37.2`. Some workarounds are available. Increasing the value of `cache_size` in `config.toml` makes it very difficult to effectively attack a full node. Not exposing the transaction submission RPC’s would mitigate the probability of a successful attack, as the attacker would then have to create a modified (byzantine) full node to be able to perform the attack via p2p. 2023-07-03 not yet calculated CVE-2023-34451
MISC
MISC
MISC
mechanicalsoup — mechanicalsoup MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type=”file” …>` inside HTML form. All users of MechanicalSoup’s form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue. 2023-07-05 not yet calculated CVE-2023-34457
MISC
MISC
MISC
ami — megarac_spx AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication. 2023-07-05 not yet calculated CVE-2023-34471
MISC
ami — megarac_spx AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity. 2023-07-05 not yet calculated CVE-2023-34472
MISC
ami — megarac_spx AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 2023-07-05 not yet calculated CVE-2023-34473
MISC
huawei — harmonyos/emui Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity. 2023-07-05 not yet calculated CVE-2023-3455
MISC
MISC
huawei — harmonyos Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality. 2023-07-06 not yet calculated CVE-2023-3456
MISC
MISC
wordpress — wordpress The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild. 2023-07-04 not yet calculated CVE-2023-3460
MISC
MISC
taocms — taocms taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). 2023-07-05 not yet calculated CVE-2023-34654
MISC
MISC
mozilla — firefox When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of ‘about:blank’. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115. 2023-07-05 not yet calculated CVE-2023-3482
MISC
MISC
google — chrome Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. (Chromium security severity: Medium) 2023-07-03 not yet calculated CVE-2023-3497
MISC
MISC
piigab — m-bus There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. 2023-07-07 not yet calculated CVE-2023-34995
MISC
linux — kernel Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace 2023-07-05 not yet calculated CVE-2023-35001
MISC
MISC
MISC
sourcecodester — shopping_website A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232950 is the identifier assigned to this vulnerability. 2023-07-04 not yet calculated CVE-2023-3502
MISC
MISC
MISC
sourcecodester — shopping_website A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951. 2023-07-04 not yet calculated CVE-2023-3503
MISC
MISC
MISC
smartweb_infotech — job_board A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-232952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-07-04 not yet calculated CVE-2023-3504
MISC
MISC
onest — crm A vulnerability was found in Onest CRM 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-232953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-07-04 not yet calculated CVE-2023-3505
MISC
MISC
active_it_zone — active_ecommerce_cms A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ecommerce/support_ticket of the component Create Ticket Page. The manipulation of the argument details with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-232954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-07-04 not yet calculated CVE-2023-3506
MISC
MISC
piigab — m-bus PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then the device could execute the GET or POST link request. 2023-07-07 not yet calculated CVE-2023-35120
MISC
go-gitea — go-gitea Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. 2023-07-05 not yet calculated CVE-2023-3515
MISC
MISC
it-novum — openitcockpit Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6. 2023-07-06 not yet calculated CVE-2023-3520
MISC
MISC
fossbilling — fossbilling Cross-site Scripting (XSS) – Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4. 2023-07-06 not yet calculated CVE-2023-3521
MISC
MISC
gpac — gpac Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. 2023-07-06 not yet calculated CVE-2023-3523
MISC
MISC
thinutech — thinucms A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument cat_id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-233252. 2023-07-06 not yet calculated CVE-2023-3528
MISC
MISC
rotem_dynamics — rotem_crm A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy. It is possible to initiate the attack remotely. The identifier VDB-233253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-07-06 not yet calculated CVE-2023-3529
MISC
MISC
nilsteampassnet — teampass Cross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10. 2023-07-06 not yet calculated CVE-2023-3531
MISC
MISC
outline — outline Cross-site Scripting (XSS) – Stored in GitHub repository outline/outline prior to 0.70.1. 2023-07-07 not yet calculated CVE-2023-3532
MISC
MISC
sourcecodester — shopping_website A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233286 is the identifier assigned to this vulnerability. 2023-07-07 not yet calculated CVE-2023-3534
MISC
MISC
MISC
simplephpscripts — faq_script_php A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233287. 2023-07-07 not yet calculated CVE-2023-3535
MISC
MISC
simplephpscripts — funeral_script_php A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233288. 2023-07-07 not yet calculated CVE-2023-3536
MISC
MISC
simplephpscripts — news_script_php_pro A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233289 was assigned to this vulnerability. 2023-07-07 not yet calculated CVE-2023-3537
MISC
MISC
simplephpscripts — photo_gallery_php A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability. 2023-07-07 not yet calculated CVE-2023-3538
MISC
MISC
simplephpscripts — simple_forum_php A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233291. 2023-07-07 not yet calculated CVE-2023-3539
MISC
MISC
simplephpscripts — newsletter_script_php A vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233292. 2023-07-07 not yet calculated CVE-2023-3540
MISC
MISC
thinutech — thinucms A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12<script>alert(1)</script>o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability. 2023-07-07 not yet calculated CVE-2023-3541
MISC
MISC
thinutech — thinucms A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability. 2023-07-07 not yet calculated CVE-2023-3542
MISC
MISC
gz_scripts — availability_booking_calendar_php A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-07-07 not yet calculated CVE-2023-3543
MISC
MISC
gz_scripts — time_slot_booking_calendar_php A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-07-07 not yet calculated CVE-2023-3544
MISC
MISC
nilsteampassnet — teampass Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10. 2023-07-08 not yet calculated CVE-2023-3551
MISC
MISC
nilsteampassnet — teampass Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10. 2023-07-08 not yet calculated CVE-2023-3552
MISC
MISC
nilsteampassnet — teampass Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10. 2023-07-08 not yet calculated CVE-2023-3553
MISC
MISC
piigab — m-bus PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials. 2023-07-07 not yet calculated CVE-2023-35765
MISC
zoho_manageengine — admanager_plus Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. 2023-07-05 not yet calculated CVE-2023-35786
MISC
oracle — apache_airflow Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability. 2023-07-03 not yet calculated CVE-2023-35797
MISC
MISC
madefornet_http_debugger — madefornet_http_debugger In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access. 2023-07-05 not yet calculated CVE-2023-35863
MISC
MISC
MISC
ibm — websphere_application_server IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. 2023-07-07 not yet calculated CVE-2023-35890
MISC
MISC
glpi — glpi GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory. 2023-07-05 not yet calculated CVE-2023-35924
MISC
MISC
yt-dlp — yt-dlp yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest’s host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later). At the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp’s info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped. yt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders’ built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scoping Some workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternatively, avoid using `–load-info-json`. Or, if authentication is a must: verify the integrity of download links from unknown sources in browser (including redirects) before passing them to yt-dlp; use `curl` as external downloader, since it is not impacted; and/or avoid fragmented formats such as HLS/m3u8, DASH/mpd and ISM. 2023-07-06 not yet calculated CVE-2023-35934
MISC
MISC
MISC
MISC
MISC
MISC
pandoc — pandoc Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `–extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `–extract-media` option. The fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension. Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. Note that the `–sandbox` option, which only affects IO done by readers and writers themselves, does not block this vulnerability. The vulnerability is patched in pandoc 3.1.4. As a workaround, audit the pandoc command and disallow PDF output and the `–extract-media` option. 2023-07-05 not yet calculated CVE-2023-35936
MISC
metersphere — metersphere Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. Version 2.10.2 LTS has a patch for this issue. 2023-07-06 not yet calculated CVE-2023-35937
MISC
glpi — glpi GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue. 2023-07-05 not yet calculated CVE-2023-35939
MISC
MISC
glpi — glpi GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue. 2023-07-05 not yet calculated CVE-2023-35940
MISC
MISC
gradle– gradle Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### Impact This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. * When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. * For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build. ### Patches A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. It is recommended that users upgrade to a patched version. ### Workarounds There is no workaround. * If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability. * If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured. ### References * [CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)](https://cwe.mitre.org/data/definitions/22.html) * [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html) * [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability) 2023-06-30 not yet calculated CVE-2023-35947
MISC
MISC
MISC
novu — novu Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the “Sign In with GitHub” functionality of Novu’s open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim’s account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch. 2023-07-06 not yet calculated CVE-2023-35948
MISC
MISC
aruba_networks — arubaos A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. 2023-07-05 not yet calculated CVE-2023-35971
MISC
aruba_networks — arubaos An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. 2023-07-05 not yet calculated CVE-2023-35972
MISC
aruba_networks — arubaos Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. 2023-07-05 not yet calculated CVE-2023-35973
MISC
aruba_networks — arubaos Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. 2023-07-05 not yet calculated CVE-2023-35974
MISC
aruba_networks — arubaos An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. 2023-07-05 not yet calculated CVE-2023-35975
MISC
aruba_networks — arubaos Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. 2023-07-05 not yet calculated CVE-2023-35976
MISC
aruba_networks — arubaos Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. 2023-07-05 not yet calculated CVE-2023-35977
MISC
aruba_networks — arubaos A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. 2023-07-05 not yet calculated CVE-2023-35978
MISC
aruba_networks — arubaos There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller. 2023-07-05 not yet calculated CVE-2023-35979
MISC
piigab — m-bus PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. 2023-07-06 not yet calculated CVE-2023-35987
MISC
django — django In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. 2023-07-03 not yet calculated CVE-2023-36053
CONFIRM
MISC
MISC
intelbras — switch_sg_2404_mr An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. 2023-06-30 not yet calculated CVE-2023-36144
MISC
MISC
zzcms — zzcms Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remote attacker to gain privileges via the add function in adminlist.php. 2023-07-03 not yet calculated CVE-2023-36162
MISC
MISC
openimageio — openimageio Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. 2023-07-03 not yet calculated CVE-2023-36183
MISC
langchain — langchain An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. 2023-07-06 not yet calculated CVE-2023-36188
MISC
MISC
langchain — langchain SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. 2023-07-06 not yet calculated CVE-2023-36189
MISC
MISC
jerryscript_project  — jerryscript An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays. 2023-07-07 not yet calculated CVE-2023-36201
MISC
mlogclub_bbs-go — mlogclub_bbs-go Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function. 2023-07-03 not yet calculated CVE-2023-36222
MISC
MISC
MISC
mlogclub_bbs-go — mlogclub_bbs-go Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function. 2023-07-03 not yet calculated CVE-2023-36223
MISC
MISC
MISC
online_examination_system_project — online_examination_system_project The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin’s consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data. 2023-07-07 not yet calculated CVE-2023-36256
MISC
MISC
langchain — langchain An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method. 2023-07-03 not yet calculated CVE-2023-36258
MISC
maxsite_cms — maxsite_cms Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file. 2023-07-03 not yet calculated CVE-2023-36291
MISC
osslsigncode — osslsigncode Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files. 2023-07-03 not yet calculated CVE-2023-36377
MISC
MISC
authentik — authentik authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy are susceptible to this. Possible spoofing of IP addresses in logs, downstream applications proxied by (built in) outpost, IP bypassing in custom flows if used. This poses a possible security risk when someone has flows or policies that check the user’s IP address, e.g. when they want to ignore the user’s 2 factor authentication when the user is connected to the company network. A second security risk is that the IP addresses in the logfiles and user sessions are not reliable anymore. Anybody can spoof this address and one cannot verify that the user has logged in from the IP address that is in their account’s log. A third risk is that this header is passed on to the proxied application behind an outpost. The application may do any kind of verification, logging, blocking or rate limiting based on the IP address, and this IP address can be overridden by anybody that want to. Versions 2023.4.3 and 2023.5.5 contain a patch for this issue. 2023-07-06 not yet calculated CVE-2023-36456
MISC
MISC
MISC
MISC
MISC
1panel — 1panel 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6. 2023-07-05 not yet calculated CVE-2023-36457
MISC
MISC
1panel — 1panel 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6. 2023-07-05 not yet calculated CVE-2023-36458
MISC
MISC
mastodon — mastodon Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview cards. This introduces a vector for cross-site scripting (XSS) payloads that can be rendered in the user’s browser when a preview card for a malicious link is clicked through. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue. 2023-07-06 not yet calculated CVE-2023-36459
MISC
MISC
MISC
MISC
MISC
MISC
mastodon — mastodon Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon’s media processing code to create arbitrary files at any location. This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue. 2023-07-06 not yet calculated CVE-2023-36460
MISC
MISC
MISC
MISC
MISC
MISC
mastodon — mastodon Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue. 2023-07-06 not yet calculated CVE-2023-36461
MISC
MISC
MISC
MISC
MISC
MISC
mastodon — mastodon Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. The link is visually misleading, but clicking on it will reveal the actual link. This can still be used for phishing, though, similar to IDN homograph attacks. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue. 2023-07-06 not yet calculated CVE-2023-36462
MISC
MISC
MISC
MISC
MISC
xwiki– xwiki-platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor’ space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details. 2023-06-30 not yet calculated CVE-2023-36477
MISC
MISC
MISC
MISC
ovarro — multiple_products The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm. 2023-07-03 not yet calculated CVE-2023-36608
MISC
ovarro — multiple_products The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges. 2023-07-03 not yet calculated CVE-2023-36609
MISC
loxone_electronics — miniserver_go_gen.2 The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter. 2023-07-05 not yet calculated CVE-2023-36622
MISC
MISC
loxone_electronics — miniserver_go_gen.2 The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges. 2023-07-05 not yet calculated CVE-2023-36623
MISC
MISC
loxone_electronics — miniserver_go_gen.2 Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement. 2023-07-05 not yet calculated CVE-2023-36624
MISC
MISC
protobufjs — protobufjs protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty. NOTE: this CVE Record is about “Object.constructor.prototype.<new-property> = …;” whereas CVE-2022-25878 was about “Object.__proto__.<new-property> = …;” instead. 2023-07-05 not yet calculated CVE-2023-36665
MISC
MISC
CONFIRM
MISC
CONFIRM
pypdf — pypdf pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details. 2023-06-30 not yet calculated CVE-2023-36807
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory. 2023-07-05 not yet calculated CVE-2023-36808
MISC
MISC
kiwitcms– kiwitcms Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed directly. The previous Nginx configuration was incorrect allowing certain browsers like Firefox to ignore the `Content-Type: text/plain` header on some occasions thus allowing potentially dangerous scripts to be executed. Additionally, file upload validators and parts of the HTML rendering code had been found to require additional sanitation and improvements. Version 12.5 fixes this vulnerability with updated Nginx content type configuration, improved file upload validation code to prevent more potentially dangerous uploads, and Sanitization of test plan names used in the `tree_view_html()` function. 2023-07-05 not yet calculated CVE-2023-36809
MISC
MISC
MISC
MISC
MISC
MISC
pypdf — pypdf pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-06-30 not yet calculated CVE-2023-36810
MISC
MISC
MISC
opentsdb — opentsdb OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`. 2023-06-30 not yet calculated CVE-2023-36812
MISC
MISC
MISC
kanboard — kanboard Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue. 2023-07-05 not yet calculated CVE-2023-36813
MISC
MISC
MISC
zopefoundation — products.cmfcore Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python’s marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2. 2023-07-03 not yet calculated CVE-2023-36814
MISC
MISC
labring — sealos Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user’s control and may have permission to correct it. It is not clear whether a fix exists. 2023-07-03 not yet calculated CVE-2023-36815
MISC
bubka — 2fa 2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3. 2023-07-03 not yet calculated CVE-2023-36816
MISC
MISC
tktchurch — website `tktchurch/website` contains the codebase for The King’s Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church’s project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase. 2023-07-03 not yet calculated CVE-2023-36817
MISC
knowage — knowage Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint `_/knowage/restful-services/dossier/importTemplateFile_` allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch and prior to version 8.1.8, the application does not sanitize the `_templateName_ `parameter allowing an attacker to use `*../*` in it, and escaping the directory the template are normally placed and download any file from the system. This vulnerability allows a low privileged attacker to exfiltrate sensitive configuration file. This issue has been patched in Knowage version 8.1.8. 2023-07-03 not yet calculated CVE-2023-36819
MISC
louislam — uptime-kuma Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. After downloading a plugin, it’s installed by calling `npm install` in the installation directory of the plugin. Because the plugin is not validated against the official list of plugins or installed with `npm install –ignore-scripts`, a maliciously crafted plugin taking advantage of npm scripts can gain remote code execution. Version 1.22.1 contains a patch for this issue. 2023-07-05 not yet calculated CVE-2023-36821
MISC
MISC
MISC
MISC
louislam — uptime-kuma Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. Before a plugin is downloaded, the plugin installation directory is checked for existence. If it exists, it’s removed before the plugin installation. Because the plugin is not validated against the official list of plugins or sanitized, the check for existence and the removal of the plugin installation directory are prone to path traversal. This vulnerability allows an authenticated attacker to delete files from the server Uptime Kuma is running on. Depending on which files are deleted, Uptime Kuma or the whole system may become unavailable due to data loss. 2023-07-05 not yet calculated CVE-2023-36822
MISC
MISC
MISC
MISC
rgrove — sanitize Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in “relaxed” config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn’t allow `style` elements, using a Sanitize config that doesn’t allow CSS at-rules, or by manually escaping the character sequence `</` as `</` in `style` element content. 2023-07-06 not yet calculated CVE-2023-36823
MISC
MISC
MISC
ethyca — fides Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability affects fides versions lower than version `2.15.1`, allowing remote attackers to access arbitrary files on the fides webserver container’s filesystem. The vulnerability is patched in fides `2.15.1`. If the Fides webserver API is not directly accessible to attackers and is instead deployed behind a reverse proxy as recommended in Ethyca’s security best practice documentation, and the reverse proxy is an AWS application load balancer, the vulnerability can’t be exploited by these attackers. An AWS application load balancer will reject this attack with a 400 error. Additionally, any secrets supplied to the container using environment variables rather than a `fides.toml` configuration file are not affected by this vulnerability. 2023-07-05 not yet calculated CVE-2023-36827
MISC
MISC
MISC
statamic — statamic_cms Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitize` function. Version 4.10.0 contains a patch for this issue. 2023-07-05 not yet calculated CVE-2023-36828
MISC
MISC
MISC
MISC
MISC
MISC
sentry — sentry Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2. 2023-07-06 not yet calculated CVE-2023-36829
MISC
MISC
MISC
MISC
sqlfluff — sqlfluff SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via macros. For many users who use SQLFluff in the context of an environment where all users already have fairly escalated privileges, this may not be an issue – however in larger user bases, or where SQLFluff is bundled into another tool where developers still wish to give users access to supply their on rule configuration, this may be an issue. The 2.1.2 release offers the ability for the `library_path` argument to be overwritten on the command line by using the `–library-path` option. This overrides any values provided in the config files and effectively prevents this route of attack for users which have access to the config file, but not to the scripts which call the SQLFluff CLI directly. A similar option is provided for the Python API, where users also have a greater ability to further customise or override configuration as necessary. Unless `library_path` is explicitly required, SQLFluff maintainers recommend using the option `–library-path none` when invoking SQLFluff which will disable the `library-path` option entirely regardless of the options set in the configuration file or via inline config directives. As a workaround, limiting access to – or otherwise validating configuration files before they are ingested by SQLFluff will provides a similar effect and does not require upgrade. 2023-07-06 not yet calculated CVE-2023-36830
MISC
MISC
piigab — m-bus PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands. 2023-07-06 not yet calculated CVE-2023-36859
MISC
progress — moveit_transfer In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. 2023-07-05 not yet calculated CVE-2023-36932
CONFIRM
MISC
progress — moveit_transfer In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly. 2023-07-05 not yet calculated CVE-2023-36933
CONFIRM
MISC
progress — moveit_transfer In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. 2023-07-05 not yet calculated CVE-2023-36934
CONFIRM
MISC
food_ordering_system — food_ordering_system A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter. 2023-07-06 not yet calculated CVE-2023-36968
MISC
MISC
cms_made_simple — cms_made_simple CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. 2023-07-06 not yet calculated CVE-2023-36969
MISC
cms_made_simple — cms_made_simple A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. 2023-07-06 not yet calculated CVE-2023-36970
MISC
travianz — travianz PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. 2023-07-07 not yet calculated CVE-2023-36992
MISC
travianz — travianz The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts. 2023-07-07 not yet calculated CVE-2023-36993
MISC
travianz — travianz In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. 2023-07-07 not yet calculated CVE-2023-36994
MISC
travianz — travianz TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie. 2023-07-06 not yet calculated CVE-2023-36995
MISC
chamilo — chamilo Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section. 2023-07-07 not yet calculated CVE-2023-37061
MISC
MISC
chamilo — chamilo Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories’ definition. 2023-07-07 not yet calculated CVE-2023-37062
MISC
MISC
chamilo — chamilo Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section. 2023-07-07 not yet calculated CVE-2023-37063
MISC
MISC
chamilo — chamilo Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section. 2023-07-07 not yet calculated CVE-2023-37064
MISC
MISC
chamilo — chamilo Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section. 2023-07-07 not yet calculated CVE-2023-37065
MISC
MISC
chamilo — chamilo Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel. 2023-07-07 not yet calculated CVE-2023-37066
MISC
MISC
chamilo — chamilo Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section. 2023-07-07 not yet calculated CVE-2023-37067
MISC
MISC
bagecms — bagecms A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module. 2023-07-06 not yet calculated CVE-2023-37122
MISC
seacms — seacms A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2023-07-06 not yet calculated CVE-2023-37124
MISC
seacms — seacms A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2023-07-06 not yet calculated CVE-2023-37125
MISC
yzncms — yzncms A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request. 2023-07-06 not yet calculated CVE-2023-37131
MISC
eyoucms — eyoucms A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2023-07-06 not yet calculated CVE-2023-37132
MISC
eyoucms — eyoucms A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2023-07-06 not yet calculated CVE-2023-37133
MISC
eyoucms — eyoucms A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2023-07-06 not yet calculated CVE-2023-37134
MISC
eyoucms — eyoucms A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2023-07-06 not yet calculated CVE-2023-37135
MISC
eyoucms — eyoucms A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2023-07-06 not yet calculated CVE-2023-37136
MISC
tenda — ac10 Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. 2023-07-07 not yet calculated CVE-2023-37144
MISC
totolink — lr350
 
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. 2023-07-07 not yet calculated CVE-2023-37145
MISC
totolink — lr350 TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. 2023-07-07 not yet calculated CVE-2023-37146
MISC
totolink — lr350 TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. 2023-07-07 not yet calculated CVE-2023-37148
MISC
totolink — lr350 TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. 2023-07-07 not yet calculated CVE-2023-37149
MISC
totolink– a3300r TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. 2023-07-07 not yet calculated CVE-2023-37170
MISC
totolink — a3300r TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. 2023-07-07 not yet calculated CVE-2023-37171
MISC
totolink — a3300r TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. 2023-07-07 not yet calculated CVE-2023-37172
MISC
totolink — a3300r TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. 2023-07-07 not yet calculated CVE-2023-37173
MISC
bitcoin_core — bitcoin_core Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app’s memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing. 2023-07-07 not yet calculated CVE-2023-37192
MISC
MISC
MISC
mozilla — multiple_products An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. 2023-07-05 not yet calculated CVE-2023-37201
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — multiple_products Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. 2023-07-05 not yet calculated CVE-2023-37202
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — firefox Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115. 2023-07-05 not yet calculated CVE-2023-37203
MISC
MISC
mozilla — firefox A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. 2023-07-05 not yet calculated CVE-2023-37204
MISC
MISC
mozilla — firefox The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115. 2023-07-05 not yet calculated CVE-2023-37205
MISC
MISC
mozilla — firefox Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115. 2023-07-05 not yet calculated CVE-2023-37206
MISC
MISC
mozilla — multiple_products A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. 2023-07-05 not yet calculated CVE-2023-37207
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — multiple_products When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. 2023-07-05 not yet calculated CVE-2023-37208
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — firefox A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115. 2023-07-05 not yet calculated CVE-2023-37209
MISC
MISC
mozilla — firefox A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. 2023-07-05 not yet calculated CVE-2023-37210
MISC
MISC
mozilla — multiple_products Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. 2023-07-05 not yet calculated CVE-2023-37211
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — firefox Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115. 2023-07-05 not yet calculated CVE-2023-37212
MISC
MISC
huawei — harmonyos Vulnerability of apps’ permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features. 2023-07-06 not yet calculated CVE-2023-37238
MISC
MISC
huawei — harmonyos Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program. 2023-07-06 not yet calculated CVE-2023-37239
MISC
MISC
huawei — harmonyos Vulnerability of missing input length verification in the distributed file system. Successful exploitation of this vulnerability may cause out-of-bounds read. 2023-07-06 not yet calculated CVE-2023-37240
MISC
MISC
huawei — harmonyos Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart. 2023-07-06 not yet calculated CVE-2023-37241
MISC
MISC
huawei — harmonyos Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities. 2023-07-06 not yet calculated CVE-2023-37242
MISC
MISC
huawei — harmonyos Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem. 2023-07-06 not yet calculated CVE-2023-37245
MISC
MISC
thephpleague — oauth2-server league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. This issue has been patched so that the provided key is no longer exposed in the exception message in the scenario outlined above. Users should upgrade to version 8.5.3 to receive the patch. As a workaround, pass the key as a file instead of a string. 2023-07-06 not yet calculated CVE-2023-37260
MISC
MISC
MISC
mightypirates — opencomputers OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. This issue affects every version of OpenComputers with the Internet Card feature enabled; that is, OpenComputers 1.2.0 until 1.8.3 in their most common, default configurations. If the OpenComputers mod is installed as part of a Minecraft server hosted on a popular cloud hosting provider, such as AWS, GCP and Azure, those metadata services’ API endpoints are not forbidden (aka “blacklisted”) by default. As such, any player can gain access to sensitive information exposed via those metadata servers, potentially allowing them to pivot or privilege escalate into the hosting provider. In addition, IPv6 addresses are not correctly filtered at all, allowing broader access into the local IPv6 network. This can allow a player on a server using an OpenComputers computer to access parts of the private IPv4 address space, as well as the whole IPv6 address space, in order to retrieve sensitive information. OpenComputers v1.8.3 for Minecraft 1.7.10 and 1.12.2 contains a patch for this issue. Some workarounds are also available. One may disable the Internet Card feature completely. If using OpenComputers 1.3.0 or above, using the allow list (`opencomputers.internet.whitelist` option) will prohibit connections to any IP addresses and/or domains not listed; or one may add entries to the block list (`opencomputers.internet.blacklist` option). More information about mitigations is available in the GitHub Security Advisory. 2023-07-07 not yet calculated CVE-2023-37261
MISC
MISC
MISC
MISC
MISC
MISC
MISC
cc-tweaked — cc-tweaked CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting providers, like AWS, GCP, and Azure, those metadata services API endpoints are not forbidden (aka “blacklisted”) by default. As such, any player can gain access to sensitive information exposed via those metadata servers, potentially allowing them to pivot or privilege escalate into the hosting provider. Versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3 contain a fix for this issue. 2023-07-07 not yet calculated CVE-2023-37262
MISC
MISC
MISC
MISC
MISC
tektoncd — pipeline Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. While the software stores and validates the PipelineRun’s (api version, kind, name, uid) in the child Run’s OwnerReference, it only store (api version, kind, name) in the ChildStatusReference. This means that if a client had access to create TaskRuns on a cluster, they could create a child TaskRun for a pipeline with the same name + owner reference, and the Pipeline controller picks it up as if it was the original TaskRun. This is problematic since it can let users modify the config of Pipelines at runtime, which violates SLSA L2 Service Generated / Non-falsifiable requirements. This issue can be used to trick the Pipeline controller into associating unrelated Runs to the Pipeline, feeding its data through the rest of the Pipeline. This requires access to create TaskRuns, so impact may vary depending on one Tekton setup. If users already have unrestricted access to create any Task/PipelineRun, this does not grant any additional capabilities. As of time of publication, there are no known patches for this issue. 2023-07-07 not yet calculated CVE-2023-37264
MISC
MISC
MISC
winter — winter Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting (XSS) attack. To exploit the vulnerability, an attacker would already need to have developer or super user level permissions in Winter CMS. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would have to be using local storage where uploaded files are served under the same domain as the application itself instead of a CDN. This is because all SVGs in Winter CMS are rendered through an `img` tag, which prevents any payloads from being executed directly. These two factors significantly limit the potential harm of this vulnerability. This issue has been patched in v1.2.3 through the inclusion of full support for SVG uploads and automatic sanitization of uploaded SVG files. As a workaround, one may apply the patches manually. 2023-07-07 not yet calculated CVE-2023-37269
MISC
MISC
MISC
MISC
piwigo — piwigo Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately. 2023-07-07 not yet calculated CVE-2023-37270
MISC
MISC
MISC
MISC
MISC
zoho_manageengine — adaudit_plus Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field. 2023-07-07 not yet calculated CVE-2023-37308
MISC
nullsoft — nullsoft_scriptable_install_system Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. 2023-07-03 not yet calculated CVE-2023-37378
MISC
MISC
MISC
MISC
MISC
MISC
MLIST
linux — kernel An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. 2023-07-06 not yet calculated CVE-2023-37453
MISC
MISC
MISC
linux — kernel An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. 2023-07-06 not yet calculated CVE-2023-37454
MISC
MISC
MISC
MISC

Back to top

Posted by

in