Vulnerability Summary for the Week of February 6, 2023

Posted by:

|

On:

|

Original release date: February 14, 2023

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
webfinance_project — webfinance A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The name of the patch is abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability. 2023-02-03 9.8 CVE-2013-10015
MISC
MISC
MISC
webfinance_project — webfinance A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The name of the patch is 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055. 2023-02-03 9.8 CVE-2013-10016
MISC
MISC
MISC
webfinance_project — webfinance A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220056. 2023-02-04 9.8 CVE-2013-10017
MISC
MISC
MISC
webfinance_project — webfinance A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The name of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended to apply a patch to fix this issue. The identifier VDB-220057 was assigned to this vulnerability. 2023-02-04 9.8 CVE-2013-10018
MISC
MISC
MISC
gimmie_project — gimmie A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability. 2023-02-06 9.8 CVE-2014-125084
MISC
MISC
MISC
MISC
gimmie_project — gimmie A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability. 2023-02-06 9.8 CVE-2014-125085
MISC
MISC
MISC
MISC
gimmie_project — gimmie A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207. 2023-02-06 9.8 CVE-2014-125086
MISC
MISC
MISC
MISC
phpwcms — phpwcms An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation. 2023-02-03 9.8 CVE-2021-36424
MISC
jizhicms — jizhicms SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. 2023-02-03 9.8 CVE-2021-36484
MISC
native-php-cms_project — native-php-cms SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. 2023-02-03 9.8 CVE-2021-36503
MISC
pbootcms — pbootcms SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request. 2023-02-03 9.8 CVE-2021-37497
MISC
MISC
zammad — zammad A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server. 2023-02-03 9.8 CVE-2022-48021
MISC
calendar_event_management_system_project — calendar_event_management_system A vulnerability was found in Calendar Event Management System 2.3.0. It has been rated as critical. This issue affects some unknown processing of the component Login Page. The manipulation of the argument name/pwd leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220175. 2023-02-03 9.8 CVE-2023-0663
MISC
MISC
MISC
online_eyewear_shop_project — online_eyewear_shop A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195. 2023-02-04 9.8 CVE-2023-0673
MISC
MISC
mojojson_project — mojojson Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function. 2023-02-03 9.8 CVE-2023-23086
MISC
mojojson_project — mojojson An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function. 2023-02-03 9.8 CVE-2023-23087
MISC
json-parser_project — json-parser Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function. 2023-02-03 9.8 CVE-2023-23088
MISC
ibm — websphere_application_server IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. 2023-02-03 9.8 CVE-2023-23477
MISC
MISC
totolink — ca300-poe_firmware TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. 2023-02-03 9.8 CVE-2023-24138
MISC
totolink — ca300-poe_firmware TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. 2023-02-03 9.8 CVE-2023-24139
MISC
totolink — ca300-poe_firmware TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. 2023-02-03 9.8 CVE-2023-24140
MISC
totolink — ca300-poe_firmware TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. 2023-02-03 9.8 CVE-2023-24141
MISC
totolink — ca300-poe_firmware TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. 2023-02-03 9.8 CVE-2023-24142
MISC
totolink — ca300-poe_firmware TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. 2023-02-03 9.8 CVE-2023-24143
MISC
totolink — ca300-poe_firmware TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. 2023-02-03 9.8 CVE-2023-24144
MISC
totolink — ca300-poe_firmware TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function. 2023-02-03 9.8 CVE-2023-24145
MISC
totolink — ca300-poe_firmware TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function. 2023-02-03 9.8 CVE-2023-24146
MISC
totolink — ca300-poe_firmware TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function. 2023-02-03 9.8 CVE-2023-24148
MISC
totolink — ca300-poe_firmware TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow. 2023-02-03 9.8 CVE-2023-24149
MISC
totolink — t8_firmware A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03 9.8 CVE-2023-24150
MISC
totolink — t8_firmware A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03 9.8 CVE-2023-24151
MISC
totolink — t8_firmware A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03 9.8 CVE-2023-24152
MISC
totolink — t8_firmware A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03 9.8 CVE-2023-24153
MISC
totolink — t8_firmware TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. 2023-02-03 9.8 CVE-2023-24154
MISC
totolink — t8_firmware TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. 2023-02-03 9.8 CVE-2023-24155
MISC
totolink — t8_firmware A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03 9.8 CVE-2023-24156
MISC
totolink — t8_firmware A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03 9.8 CVE-2023-24157
MISC
raffle_draw_system_project — raffle_draw_system Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters. 2023-02-06 9.8 CVE-2023-24198
MISC
MISC
raffle_draw_system_project — raffle_draw_system Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php. 2023-02-06 9.8 CVE-2023-24199
MISC
MISC
raffle_draw_system_project — raffle_draw_system Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php. 2023-02-06 9.8 CVE-2023-24200
MISC
MISC
raffle_draw_system_project — raffle_draw_system Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. 2023-02-06 9.8 CVE-2023-24201
MISC
MISC
raffle_draw_system_project — raffle_draw_system Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. 2023-02-06 9.8 CVE-2023-24202
MISC
MISC
openssh — openssh OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration. One third-party report states “remote code execution is theoretically possible.” 2023-02-03 9.8 CVE-2023-25136
MISC
MISC
MISC
MISC
MISC
MISC
gnu — glibc sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. 2023-02-03 9.8 CVE-2023-25139
MISC
MLIST
jocms_project — jocms SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php. 2023-02-03 9.1 CVE-2021-36431
MISC
jocms_project — jocms SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php. 2023-02-03 9.1 CVE-2021-36433
MISC
jocms_project — jocms SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php. 2023-02-03 9.1 CVE-2021-36434
MISC
ibm — tivoli_workload_scheduler IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328. 2023-02-03 9.1 CVE-2022-22486
MISC
MISC
cloudfoundry — diego Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate. 2023-02-03 9.1 CVE-2022-31733
MISC
ibm — tivoli_workload_scheduler IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975. 2023-02-03 9.1 CVE-2022-38389
MISC
MISC
phpwcms — phpwcms File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. 2023-02-03 8.8 CVE-2021-36426
MISC
txjia — imcat Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. 2023-02-03 8.8 CVE-2021-36443
MISC
txjia — imcat Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. 2023-02-03 8.8 CVE-2021-36444
MISC
thedaylightstudio — fuel_cms Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. 2023-02-03 8.8 CVE-2021-36569
MISC
thedaylightstudio — fuel_cms Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2—. 2023-02-03 8.8 CVE-2021-36570
MISC
creativeitem — academy_lms A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. 2023-02-03 8.8 CVE-2022-47132
MISC
MISC
MISC
froxlor — froxlor Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. 2023-02-04 8.8 CVE-2023-0671
CONFIRM
MISC
calendar_event_management_system_project — calendar_event_management_system A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220197 was assigned to this vulnerability. 2023-02-04 8.8 CVE-2023-0675
MISC
MISC
MISC
portfoliocms_project — portfoliocms Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php. 2023-02-03 8.1 CVE-2021-36532
MISC
parseplatform — parse-server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header `x-forwarded-for` to determine the client IP address. If Parse Server doesn’t run behind a proxy server, then a client can set this header and Parse Server will trust the value of the header. The incorrect client IP address will be used by various features in Parse Server. This allows to circumvent the security mechanism of the Parse Server option `masterKeyIps` by setting an allowed IP address as the `x-forwarded-for` header value. This issue has been patched in version 5.4.1. The mechanism to determine the client IP address has been rewritten. The correct IP address determination now requires to set the Parse Server option `trustProxy`. 2023-02-03 8.1 CVE-2023-22474
MISC
MISC
json.h_project — json.h Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. 2023-02-03 7.8 CVE-2022-45491
MISC
MISC
json.h_project — json.h Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. 2023-02-03 7.8 CVE-2022-45492
MISC
MISC
json.h_project — json.h Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. 2023-02-03 7.8 CVE-2022-45493
MISC
json.h_project — json.h Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. 2023-02-03 7.8 CVE-2022-45496
MISC
MISC
deltaww — cncsoft All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. 2023-02-03 7.8 CVE-2022-4634
MISC
deltaww — dopsoft Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. 2023-02-03 7.8 CVE-2023-0123
MISC
deltaww — dopsoft Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. 2023-02-03 7.8 CVE-2023-0124
MISC
jocms_project — jocms SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php. 2023-02-03 7.5 CVE-2021-36432
MISC
xpdfreader — xpdf Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. 2023-02-03 7.5 CVE-2021-36493
MISC
tpcms_project — tpcms Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL. 2023-02-03 7.5 CVE-2021-36544
MISC
kitesky — kitecms Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. 2023-02-03 7.5 CVE-2021-36546
MISC
jeecg — jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. 2023-02-03 7.5 CVE-2021-37304
MISC
jeecg — jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. 2023-02-03 7.5 CVE-2021-37305
MISC
jeecg — jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. 2023-02-03 7.5 CVE-2021-37306
MISC
fcitx_5_project — fcitx_5 Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application’s listening port. 2023-02-03 7.5 CVE-2021-37311
MISC
MISC
asus — rt-ac68u_firmware SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. 2023-02-03 7.5 CVE-2021-37316
MISC
biltema — baby_camera_firmware Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information. 2023-02-03 7.5 CVE-2022-34138
MISC
MISC
gin-vue-admin_project — gin-vue-admin In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability. 2023-02-03 7.5 CVE-2022-47762
MISC
multilaser — re057_firmware A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability. 2023-02-03 7.5 CVE-2023-0658
MISC
MISC
bdcom — 1704-wgl_firmware A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220101 was assigned to this vulnerability. 2023-02-03 7.5 CVE-2023-0659
MISC
MISC
totolink — ca300-poe_firmware TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini. 2023-02-03 7.5 CVE-2023-24147
MISC
progress — ws_ftp_server In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. 2023-02-03 7.2 CVE-2023-24029
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
liballeg — allegro Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon. 2023-02-03 6.5 CVE-2021-36489
MISC
modern_honey_network_project — modern_honey_network Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API. 2023-02-03 6.5 CVE-2021-37234
MISC
xwp — stream The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information. 2023-02-06 6.5 CVE-2022-4384
MISC
nrel — api_umbrella_web A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220060. 2023-02-04 6.1 CVE-2015-10072
MISC
MISC
MISC
MISC
share_on_diaspora_project — share_on_diaspora A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0281046a17d1ac8d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220204. 2023-02-06 6.1 CVE-2017-20176
MISC
MISC
MISC
vimium_project — vimium Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature. 2023-02-03 6.1 CVE-2021-37518
MISC
MISC
wpswings — pdf_generator_for_wordpress The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin 2023-02-06 6.1 CVE-2022-4321
MISC
phpipam — phpipam Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. 2023-02-04 6.1 CVE-2023-0676
MISC
CONFIRM
phpipam — phpipam Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. 2023-02-04 6.1 CVE-2023-0677
CONFIRM
MISC
apache — sling_cms An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 2023-02-04 6.1 CVE-2023-22849
MISC
jflyfox — jfinal_cms jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS). 2023-02-03 6.1 CVE-2023-22975
MISC
online_food_ordering_system_project — online_food_ordering_system Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. 2023-02-06 6.1 CVE-2023-24191
MISC
MISC
online_food_ordering_system_project — online_food_ordering_system Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. 2023-02-06 6.1 CVE-2023-24192
MISC
MISC
online_food_ordering_system_project — online_food_ordering_system Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. 2023-02-06 6.1 CVE-2023-24194
MISC
MISC
online_food_ordering_system_project — online_food_ordering_system Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. 2023-02-06 6.1 CVE-2023-24195
MISC
MISC
online_food_ordering_system_project — online_food_ordering_system Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. 2023-02-06 6.1 CVE-2023-24197
MISC
MISC
cesanta — mjs Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf. 2023-02-03 5.5 CVE-2021-36535
MISC
memcached — memcached Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. 2023-02-03 5.5 CVE-2021-37519
MISC
MISC
phpwcms — phpwcms Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. 2023-02-03 5.4 CVE-2021-36425
MISC
gurock — testrail Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports. 2023-02-03 5.4 CVE-2021-36538
MISC
tpcms_project — tpcms Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page. 2023-02-03 5.4 CVE-2021-36545
MISC
yzmcms — yzmcms Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. 2023-02-03 5.4 CVE-2021-36712
MISC
MISC
automad — automad Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user. 2023-02-03 5.4 CVE-2021-37502
MISC
wepanow — print_away WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions. 2023-02-03 5.4 CVE-2022-42908
CONFIRM
CONFIRM
wepanow — print_away WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in. 2023-02-03 5.4 CVE-2022-42909
CONFIRM
CONFIRM
wp_show_posts_project — wp_show_posts The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 5.4 CVE-2022-4459
MISC
goldplugins — easy_testimonials The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 5.4 CVE-2022-4577
MISC
jellyfin — jellyfin In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. 2023-02-03 5.4 CVE-2023-23635
MISC
MISC
MISC
jellyfin — jellyfin In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. 2023-02-03 5.4 CVE-2023-23636
MISC
MISC
MISC
nomachine — nomachine An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. 2023-02-03 5.3 CVE-2022-48074
MISC
arraynetworks — arrayos_ag The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481. 2023-02-03 4.9 CVE-2023-24613
MISC
creativeitem — academy_lms A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. 2023-02-03 4.8 CVE-2022-47131
MISC
MISC
MISC
MISC
MISC
kodi — kodi A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. 2023-02-03 4.6 CVE-2023-23082
MISC
MISC
MISC
MISC
MISC
google — android In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236. 2023-02-06 4.4 CVE-2022-32595
MISC
creativeitem — academy_lms A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. 2023-02-03 4.3 CVE-2022-47130
MISC
MISC
MISC
zammad — zammad An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see. 2023-02-03 4.3 CVE-2022-48022
MISC
zammad — zammad Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags. 2023-02-03 4.3 CVE-2022-48023
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin. 2023-02-08 4.3 CVE-2023-0684
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.. 2023-02-08 4.3 CVE-2023-0685
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin. 2023-02-08 4.3 CVE-2023-0711
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. 2023-02-07 4.3 CVE-2023-0712
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. 2023-02-07 4.3 CVE-2023-0713
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. 2023-02-08 4.3 CVE-2023-0715
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. 2023-02-08 4.3 CVE-2023-0716
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. 2023-02-08 4.3 CVE-2023-0717
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. 2023-02-08 4.3 CVE-2023-0718
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. 2023-02-07 4.3 CVE-2023-0719
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. 2023-02-08 4.3 CVE-2023-0720
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. 2023-02-08 4.3 CVE-2023-0722
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. 2023-02-07 4.3 CVE-2023-0723
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. 2023-02-08 4.3 CVE-2023-0724
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. 2023-02-08 4.3 CVE-2023-0725
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. 2023-02-08 4.3 CVE-2023-0726
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. 2023-02-07 4.3 CVE-2023-0727
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. 2023-02-07 4.3 CVE-2023-0728
MISC
MISC
MISC
wickedplugins — wicked_folders The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. 2023-02-07 4.3 CVE-2023-0730
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info

weblabyrinth — weblabyrinth

A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The name of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is recommended to upgrade the affected component. The identifier VDB-220221 was assigned to this vulnerability. 2023-02-07 not yet calculated CVE-2011-10002
MISC
MISC
MISC
MISC
MISC

xpressengine — xpressengine

A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The name of the patch is c6e94449f21256d6362450b29c7847305e756ad5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220247. 2023-02-07 not yet calculated CVE-2011-10003
MISC
MISC
MISC

tinymighty — wikiseo

A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 089a5797be612b18a820f9f1e6593ad9a91b1dba. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220215. 2023-02-06 not yet calculated CVE-2015-10073
MISC
MISC
MISC
MISC
MISC
openseamap — online_chart A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The name of the patch is 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability. 2023-02-07 not yet calculated CVE-2015-10074
MISC
MISC
MISC
MISC
MISC
custom-content-width — custom-content-width A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely. 2023-02-07 not yet calculated CVE-2015-10075
MISC
MISC
MISC

dimtion — shaarlier

A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability. 2023-02-09 not yet calculated CVE-2015-10076
MISC
MISC
MISC
MISC
webbuilders-group — silverstripe-kapost-bridge A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471. 2023-02-10 not yet calculated CVE-2015-10077
MISC
MISC
MISC
MISC
daschtour — matomo-mediawiki-extension A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.4.3 is able to address this issue. The name of the patch is 681324e4f518a8af4bd1f93867074c728eb9923d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220203. 2023-02-05 not yet calculated CVE-2017-20175
MISC
MISC
MISC
MISC
MISC
wangguard — wangguard A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The name of the patch is 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability. 2023-02-06 not yet calculated CVE-2017-20177
MISC
MISC
MISC
MISC
segmentio — is-url A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability. 2023-02-04 not yet calculated CVE-2018-25079
MISC
MISC
MISC
MISC
MISC
mobiledetect — mobiledetect A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The name of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability. 2023-02-04 not yet calculated CVE-2018-25080
MISC
MISC
MISC
MISC
MISC
huawei — e5573cs-322 There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable. 2023-02-10 not yet calculated CVE-2018-7935
MISC
onshift — turbogears A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The name of the patch is f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059. 2023-02-04 not yet calculated CVE-2019-25101
MISC
MISC
MISC
MISC
MISC
paxswill — eve_ship_replacement_program A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211. 2023-02-06 not yet calculated CVE-2020-36660
MISC
MISC
MISC
MISC
mediatek — en7528/en7580 In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. 2023-02-06 not yet calculated CVE-2021-31573
MISC
mediatek — en7528/en7580 In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. 2023-02-06 not yet calculated CVE-2021-31574
MISC
mediatek — en7528/en7580 In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. 2023-02-06 not yet calculated CVE-2021-31575
MISC
mediatek — en7528/en7580 In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. 2023-02-06 not yet calculated CVE-2021-31576
MISC
mediatek — en7528/en7580 In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. 2023-02-06 not yet calculated CVE-2021-31577
MISC
mediatek — en7528/en7580 In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. 2023-02-06 not yet calculated CVE-2021-31578
MISC
western digital — my_cloud_network_storage_devices Western Digital My Cloud devices before OS5 have a nobody account with a blank password. 2023-02-06 not yet calculated CVE-2021-36224
MISC
MISC
MISC
western digital — my_cloud_network_storage_devices Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation. 2023-02-06 not yet calculated CVE-2021-36225
MISC
MISC
MISC
western digital — my_cloud_network_storage_devices Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files. 2023-02-06 not yet calculated CVE-2021-36226
MISC
MISC
MISC
adminlte — adminlte Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs. 2023-02-07 not yet calculated CVE-2021-36471
MISC
dogecoin_project — dogecoin_core An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function. 2023-02-07 not yet calculated CVE-2021-37491
MISC
MISC
MISC
MISC
MISC

raven_project — ravencoin_core

An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll() function. 2023-02-07 not yet calculated CVE-2021-37492
MISC
MISC
MISC
MISC
wordpress — wordpress The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting 2023-02-08 not yet calculated CVE-2022-2094
MISC
johnson_controls — system_configuration_tool Sensitive Cookie Without ‘HttpOnly’ Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. 2023-02-09 not yet calculated CVE-2022-21939
MISC
MISC
johnson_controls — system_configuration_tool Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. 2023-02-09 not yet calculated CVE-2022-21940
MISC
MISC
opensuse — paste An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions. 2023-02-07 not yet calculated CVE-2022-21948
CONFIRM
suse — rancher A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. 2023-02-07 not yet calculated CVE-2022-21953
CONFIRM
grafana — grafana Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4. 2023-02-03 not yet calculated CVE-2022-23498
MISC
dell — cpg_bios Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces. 2023-02-10 not yet calculated CVE-2022-24410
MISC
symfony — symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim’s session. This issue has been patched and is available for branch 4.4. 2023-02-03 not yet calculated CVE-2022-24894
MISC
MISC
symfony — symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch. 2023-02-03 not yet calculated CVE-2022-24895
MISC
MISC
MISC
MISC
terramaster — nas TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. 2023-02-07 not yet calculated CVE-2022-24990
MISC
MISC
MISC
MISC
semver-tags — semver-tags All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. 2023-02-06 not yet calculated CVE-2022-25853
MISC
MISC
create-choo-app3 — create-choo-app3 All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. 2023-02-06 not yet calculated CVE-2022-25855
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions. 2023-02-06 not yet calculated CVE-2022-27628
MISC
caddy — caddy Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. 2023-02-06 not yet calculated CVE-2022-28923
MISC
wordpress — wordpress The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the ‘zeromk_user’ and ‘zeromk_apikluc’ parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-02-06 not yet calculated CVE-2022-2933
MISC
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions. 2023-02-06 not yet calculated CVE-2022-29416
MISC
dahua_technology — multiple_products Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. 2023-02-09 not yet calculated CVE-2022-30564
MISC
suse — rancher A Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions. 2023-02-07 not yet calculated CVE-2022-31249
CONFIRM
suse — multiple_products A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10. 2023-02-07 not yet calculated CVE-2022-31254
CONFIRM
nvidia — geforce_experience NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution. 2023-02-07 not yet calculated CVE-2022-31611
MISC
unified_intents_ab — unified_remote Because the web management interface for Unified Intents’ Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker’s choosing. 2023-02-06 not yet calculated CVE-2022-3229
MISC
mediatek — multiple_products In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547. 2023-02-06 not yet calculated CVE-2022-32642
MISC
mediatek — multiple_products In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261. 2023-02-06 not yet calculated CVE-2022-32643
MISC
mediatek — multiple_products In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011. 2023-02-06 not yet calculated CVE-2022-32654
MISC
mediatek — multiple_products In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028. 2023-02-06 not yet calculated CVE-2022-32655
MISC
mediatek — multiple_products In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035. 2023-02-06 not yet calculated CVE-2022-32656
MISC
mediatek — multiple_products In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014. 2023-02-06 not yet calculated CVE-2022-32663
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields. 2023-02-10 not yet calculated CVE-2022-33934
MISC
ibm — api_connect IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264. 2023-02-08 not yet calculated CVE-2022-34350
MISC
MISC
ibm — sterling_secure_proxy IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. 2023-02-08 not yet calculated CVE-2022-34362
MISC
MISC
dell — bsafe_ssl-j Dell BSAFE SSL-J when used in debug mode can reveal unnecessary information. An attacker could potentially exploit this vulnerability and have access to private information. 2023-02-10 not yet calculated CVE-2022-34364
MISC
dell — supportassist Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. 2023-02-10 not yet calculated CVE-2022-34366
MISC
dell — poweredge_bios Dell PowerEdge BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. 2023-02-10 not yet calculated CVE-2022-34376
MISC
dell — poweredge_bios Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. 2023-02-10 not yet calculated CVE-2022-34377
MISC
dell — multiple_products Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. 2023-02-11 not yet calculated CVE-2022-34384
MISC
dell — supportassist SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. 2023-02-11 not yet calculated CVE-2022-34385
MISC
dell — supportassist Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. 2023-02-11 not yet calculated CVE-2022-34386
MISC
dell — supportassist Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. 2023-02-11 not yet calculated CVE-2022-34387
MISC
dell — supportassist Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. 2023-02-11 not yet calculated CVE-2022-34388
MISC
dell — supportassist Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. 2023-02-11 not yet calculated CVE-2022-34389
MISC
dell — supportassist SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information. 2023-02-11 not yet calculated CVE-2022-34392
MISC
dell — system_update Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service. 2023-02-11 not yet calculated CVE-2022-34404
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. 2023-02-11 not yet calculated CVE-2022-34444
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. 2023-02-11 not yet calculated CVE-2022-34445
MISC
dell — powerpath_management_appliance PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration. 2023-02-11 not yet calculated CVE-2022-34446
MISC
dell — powerpath_management_appliance PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user. 2023-02-11 not yet calculated CVE-2022-34447
MISC
dell — powerpath_management_appliance PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions. 2023-02-11 not yet calculated CVE-2022-34448
MISC
dell — powerpath_management_appliance PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application. 2023-02-11 not yet calculated CVE-2022-34449
MISC
dell — powerpath_management_appliance PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root. 2023-02-11 not yet calculated CVE-2022-34450
MISC
dell — powerpath_management_appliance PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. 2023-02-11 not yet calculated CVE-2022-34451
MISC
dell — powerpath_management_appliance PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. 2023-02-10 not yet calculated CVE-2022-34452
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters. 2023-02-10 not yet calculated CVE-2022-34454
MISC
wordpress — wordpress The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘cli_path’ parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. 2023-02-10 not yet calculated CVE-2022-3568
MISC
MISC
MISC
MISC
ibm — multiple_products IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. 2023-02-08 not yet calculated CVE-2022-35720
MISC
MISC
intel — oneapi_dpc++/c++_compiler Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2023-02-06 not yet calculated CVE-2022-38136
MISC
zyxel — multiple_products A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands. 2023-02-07 not yet calculated CVE-2022-38547
CONFIRM
elastic — endpoint_security_for_windows An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. 2023-02-08 not yet calculated CVE-2022-38777
MISC
MISC
elastic — kibana A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. 2023-02-08 not yet calculated CVE-2022-38778
MISC
MISC
intel — oneapi_dpc++/c++_compiler Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2023-02-06 not yet calculated CVE-2022-40196
MISC
moxa — sds-3008 A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. 2023-02-07 not yet calculated CVE-2022-40224
MISC
MISC
nordic_semiconductor — nrf5340-dk_dt100112 Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet. 2023-02-08 not yet calculated CVE-2022-40480
MISC
moxa — sds-3008 An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. 2023-02-07 not yet calculated CVE-2022-40691
MISC
MISC
moxa — sds-3008 A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. 2023-02-07 not yet calculated CVE-2022-40693
MISC
MISC
moxa — sds-3008 A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=”webLocationMessage_text” name=”webLocationMessage_text” 2023-02-07 not yet calculated CVE-2022-41311
MISC
MISC
moxa — sds-3008 A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=”Switch Description”, name “switch_description” 2023-02-07 not yet calculated CVE-2022-41312
MISC
MISC
moxa — sds-3008 A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=”switch_contact” 2023-02-07 not yet calculated CVE-2022-41313
MISC
MISC
intel — intelr_c++_compiler_classic Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.7.1. for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. 2023-02-06 not yet calculated CVE-2022-41342
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions. 2023-02-08 not yet calculated CVE-2022-41620
MISC
nvidia — geforce_experience NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory. 2023-02-07 not yet calculated CVE-2022-42291
MISC
ibm — cloud_pak_for_multicloud_management_monitoring IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210. 2023-02-08 not yet calculated CVE-2022-42438
MISC
MISC
ibm — app_connect_enterprise IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211. 2023-02-06 not yet calculated CVE-2022-42439
MISC
MISC
couchbase_server — couchbase_server An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service. 2023-02-06 not yet calculated CVE-2022-42950
MISC
MISC
MISC
couchbase_server — couchbase_server An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials. 2023-02-06 not yet calculated CVE-2022-42951
MISC
MISC
MISC
openssl — openssl A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. 2023-02-08 not yet calculated CVE-2022-4304
MISC
tribe29 — checkmk Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable 2023-02-09 not yet calculated CVE-2022-43440
MISC
zuken_elmic — multiple_products KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones. 2023-02-10 not yet calculated CVE-2022-43501
CONFIRM
JVN
jitsi — jitsi A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution. 2023-02-09 not yet calculated CVE-2022-43550
MISC
curl — curl A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. 2023-02-09 not yet calculated CVE-2022-43552
MISC
suse — rancher A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. 2023-02-07 not yet calculated CVE-2022-43755
CONFIRM
suse — rancher A Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions. 2023-02-07 not yet calculated CVE-2022-43756
CONFIRM
suse — rancher A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. 2023-02-07 not yet calculated CVE-2022-43757
CONFIRM
suse — rancher A Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. 2023-02-07 not yet calculated CVE-2022-43758
CONFIRM
suse — rancher A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10. 2023-02-07 not yet calculated CVE-2022-43759
CONFIRM
b&r_industrial_automation — b&r_aprol Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration. 2023-02-08 not yet calculated CVE-2022-43761
MISC
b&r_industrial_automation — b&r_aprol Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages 2023-02-08 not yet calculated CVE-2022-43762
MISC
b&r_industrial_automation — b&r_aprol Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07. 2023-02-08 not yet calculated CVE-2022-43763
MISC
b&r_industrial_automation — b&r_aprol Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code. 2023-02-08 not yet calculated CVE-2022-43764
MISC
b&r_industrial_automation — b&r_aprol B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service. 2023-02-08 not yet calculated CVE-2022-43765
MISC
monarch_printer_m9855 — monarch_printer_m9855 Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS). 2023-02-10 not yet calculated CVE-2022-44261
MISC
MISC
imagemagick — imagemagick ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. 2023-02-06 not yet calculated CVE-2022-44267
MISC
MISC
imagemagick — imagemagick ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). 2023-02-06 not yet calculated CVE-2022-44268
MISC
MISC
crmeb — crmeb CRMEB 4.4.4 is vulnerable to Any File download. 2023-02-06 not yet calculated CVE-2022-44343
MISC
MISC
openssl — openssl The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the “name” (e.g. “CERTIFICATE”), any header data and the payload data. If the function succeeds then the “name_out”, “header” and “data” arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. 2023-02-08 not yet calculated CVE-2022-4450
MISC
activerecord’s_postgresql — activerecord’s_postgresql A denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. 2023-02-09 not yet calculated CVE-2022-44566
MISC
MISC
rack — rack A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. 2023-02-09 not yet calculated CVE-2022-44570
MISC
rack — rack There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted. 2023-02-09 not yet calculated CVE-2022-44571
MISC
rack — rack A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. 2023-02-09 not yet calculated CVE-2022-44572
MISC
libxpm — libxpm A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. 2023-02-06 not yet calculated CVE-2022-44617
MISC
wordpress — wordpress The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. 2023-02-06 not yet calculated CVE-2022-4489
MISC
dell — unisphere_for_powermax_vapp/solution_enabler_vapp Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system. 2023-02-11 not yet calculated CVE-2022-45104
MISC
microchip_rn4870 — microchip_rn4870 An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device. 2023-02-08 not yet calculated CVE-2022-45190
MISC
microchip_rn4870 — microchip_rn4870 An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. 2023-02-08 not yet calculated CVE-2022-45191
MISC
microchip_rn4870 — microchip_rn4870 An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. 2023-02-08 not yet calculated CVE-2022-45192
MISC
zyxel — nbg-418n A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored malicious scripts and then result in a denial-of-service (DoS) condition when the user visits the Logs page of the GUI on the device. 2023-02-07 not yet calculated CVE-2022-45441
CONFIRM
future-depth_institutional_management_website — future-depth_institutional_management_website SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php. 2023-02-08 not yet calculated CVE-2022-45526
MISC
future-depth_institutional_management_website — future-depth_institutional_management_website File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory. 2023-02-08 not yet calculated CVE-2022-45527
MISC
schlix_web — schlix_cms Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. 2023-02-07 not yet calculated CVE-2022-45544
MISC
MISC
MISC
MISC
talend — remote_engine_gen_2 XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09. 2023-02-03 not yet calculated CVE-2022-45588
MISC
MISC
talend — esb_runtime SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT thru 8.0.1-R2022-10-RT when using the provisioning service. 2023-02-06 not yet calculated CVE-2022-45589
MISC
MISC
apsystems — ecu-r
 
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. 2023-02-10 not yet calculated CVE-2022-45699
MISC
MISC
ezeip — ezeip
 
ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability. 2023-02-06 not yet calculated CVE-2022-45722
MISC
MISC
eyoucms — eyoucms
 
Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page. 2023-02-08 not yet calculated CVE-2022-45755
MISC
key_systems_management — global_facilities_management_software Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes. 2023-02-10 not yet calculated CVE-2022-45766
MISC
edimax — n300_firmware_br428n Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3 allows attacker to execute arbitrary code via the formWlanMP function. 2023-02-07 not yet calculated CVE-2022-45768
MISC
MISC
apache — age There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will add a new function to enable parameterization of the cypher() function, which, in conjunction with the driver updates, will resolve this issue. Background (for those who want more information): After thoroughly researching this issue, we found that due to the nature of the cypher() function, it was not easy to parameterize the values passed into it. This enabled SQL injections, if the developer of the driver wasn’t careful. The developer of the Golang and Pyton drivers didn’t fully utilize parameterization, likely because of this, thus enabling SQL injections. The obvious fix to this issue is to use parameterization in the drivers for all PG SQL queries. However, parameterizing all PG queries is complicated by the fact that the cypher() function call itself cannot be parameterized directly, as it isn’t a real function. At least, not the parameters that would take the graph name and cypher query. The reason the cypher() function cannot have those values parameterized is because the function is a placeholder and never actually runs. The cypher() function node, created by PG in the query tree, is transformed and replaced with a query tree for the actual cypher query during the analyze phase. The problem is that parameters – that would be passed in and that the cypher() function transform needs to be resolved – are only resolved in the execution phase, which is much later. Since the transform of the cypher() function needs to know the graph name and cypher query prior to execution, they can’t be passed as parameters. The fix that we are testing right now, and are proposing to use, is to create a function that will be called prior to the execution of the cypher() function transform. This new function will allow values to be passed as parameters for the graph name and cypher query. As this command will be executed prior to the cypher() function transform, its values will be resolved. These values can then be cached for the immediately following cypher() function transform to use. As added features, the cached values will store the calling session’s pid, for validation. And, the cypher() function transform will clear this cached information after function invocation, regardless of whether it was used. This method will allow the parameterizing of the cypher() function indirectly and provide a way to lock out SQL injection attacks. 2023-02-04 not yet calculated CVE-2022-45786
MISC
zyxel — nwa110ax An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker. 2023-02-07 not yet calculated CVE-2022-45854
CONFIRM
thinkphp — thinkphp thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload. 2023-02-08 not yet calculated CVE-2022-45982
MISC
wordpress — wordpress The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 not yet calculated CVE-2022-4626
MISC
libxpm — libxpm A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. 2023-02-07 not yet calculated CVE-2022-46285
MISC
bticino — door_entry_hometouch BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate. 2023-02-06 not yet calculated CVE-2022-46496
MISC
wordpress — wordpress The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-02-06 not yet calculated CVE-2022-4657
MISC
wordpress — wordpress The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-02-06 not yet calculated CVE-2022-4664
MISC
sierra_wireless — airlink_router Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device. 2023-02-10 not yet calculated CVE-2022-46649
MISC
MISC
MISC
sierra_wireless — airlink_router Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. 2023-02-10 not yet calculated CVE-2022-46650
MISC
MISC
MISC
gnu — less In GNU Less before 609, crafted data can result in “less -R” not filtering ANSI escape sequences sent to the terminal. 2023-02-07 not yet calculated CVE-2022-46663
MISC
MISC
MISC
MLIST
dell — wyse_management_suite Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research. 2023-02-11 not yet calculated CVE-2022-46675
MISC
dell — wyse_management_suite Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized. 2023-02-11 not yet calculated CVE-2022-46676
MISC
dell — wyse_management_suite Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized. 2023-02-11 not yet calculated CVE-2022-46677
MISC
dell — wyse_management_suite Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. 2023-02-11 not yet calculated CVE-2022-46678
MISC
wordpress — wordpress The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2022-4670
MISC
wordpress — wordpress The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack 2023-02-06 not yet calculated CVE-2022-4674
MISC
dell — wyse_management_suite Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities. 2023-02-11 not yet calculated CVE-2022-46754
MISC
dell — wyse_management_suite Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. 2023-02-11 not yet calculated CVE-2022-46755
MISC
wordpress — wordpress The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. 2023-02-06 not yet calculated CVE-2022-4677
MISC
wordpress — wordpress The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. 2023-02-06 not yet calculated CVE-2022-4681
MISC
nvs365 — nvs365 NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information. 2023-02-03 not yet calculated CVE-2022-47070
MISC
MISC
nvs365 — nvs365 In NVS365 V01, the background network test function can trigger command execution. 2023-02-06 not yet calculated CVE-2022-47071
MISC
MISC
wordpress — wordpress The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 not yet calculated CVE-2022-4717
MISC
onlyoffice — workspace Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition. 2023-02-07 not yet calculated CVE-2022-47412
MISC
openkm — openkm Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or “Type II”) XSS condition. 2023-02-07 not yet calculated CVE-2022-47413
MISC
openkm — openkm If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document “note” functionality. 2023-02-07 not yet calculated CVE-2022-47414
MISC
logicaldoc — logicaldoc LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies). 2023-02-07 not yet calculated CVE-2022-47415
MISC
logicaldoc — logicaldoc LogicalDOC Enterprise is vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the in-app chat system. 2023-02-07 not yet calculated CVE-2022-47416
MISC
logicaldoc — logicaldoc LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the document file name. 2023-02-07 not yet calculated CVE-2022-47417
MISC
logicaldoc — logicaldoc LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the document version comments. 2023-02-07 not yet calculated CVE-2022-47418
MISC
mayan — mayan_edms An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system. 2023-02-07 not yet calculated CVE-2022-47419
MISC
wordpress — wordpress The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 not yet calculated CVE-2022-4747
MISC
wordpress — wordpress The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 not yet calculated CVE-2022-4756
MISC
wordpress — wordpress The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 not yet calculated CVE-2022-4762
MISC
bosch_security_systems — b420_firmware Bosch Security Systems B420 firmware 02.02.0001 employs IP based authorization in its authentication mechanism, allowing attackers to access the device as long as they are on the same network as a legitimate user. 2023-02-08 not yet calculated CVE-2022-47648
MISC
MISC
another_eden — another_eden The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload. 2023-02-06 not yet calculated CVE-2022-48019
MISC
MISC
MISC
MISC
MISC
pycdc — pycdc pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component ASTree.cpp:BuildFromCode. 2023-02-06 not yet calculated CVE-2022-48078
MISC
softr — softr Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter. 2023-02-06 not yet calculated CVE-2022-48085
MISC
MISC
MISC
MISC
MISC
wavlink — wl-wn533a8 An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. 2023-02-06 not yet calculated CVE-2022-48164
MISC
MISC
wavlink — wl-wn530hg4 An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. 2023-02-03 not yet calculated CVE-2022-48165
MISC
MISC
wavlink — wl-wn530hg4 An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. 2023-02-06 not yet calculated CVE-2022-48166
MISC
MISC
wordpress — wordpress The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 not yet calculated CVE-2022-4824
MISC
wordpress — wordpress The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 not yet calculated CVE-2022-4825
MISC
wordpress — wordpress The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-02-06 not yet calculated CVE-2022-4826
MISC
huawei — harmonyos The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. 2023-02-09 not yet calculated CVE-2022-48286
MISC
MISC
huawei — harmonyos/emui The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity. 2023-02-09 not yet calculated CVE-2022-48287
MISC
MISC
huawei — harmonyos/emui The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. 2023-02-09 not yet calculated CVE-2022-48288
MISC
MISC
huawei — harmonyos/emui The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. 2023-02-09 not yet calculated CVE-2022-48289
MISC
MISC
huawei — harmonyos The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. 2023-02-09 not yet calculated CVE-2022-48290
MISC
MISC
huawei — multiple_products The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. 2023-02-09 not yet calculated CVE-2022-48292
MISC
MISC
huawei — harmonyos/emui The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. 2023-02-09 not yet calculated CVE-2022-48293
MISC
MISC
huawei — harmonyos/emui The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality. 2023-02-09 not yet calculated CVE-2022-48294
MISC
MISC
huawei — harmonyos/emui The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). 2023-02-09 not yet calculated CVE-2022-48295
MISC
MISC
huawei — harmonyos/emui The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. 2023-02-09 not yet calculated CVE-2022-48296
MISC
MISC
huawei — harmonyos/emui The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. 2023-02-09 not yet calculated CVE-2022-48297
MISC
MISC
huawei — harmonyos/emui The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. 2023-02-09 not yet calculated CVE-2022-48298
MISC
MISC
huawei — harmonyos/emui The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. 2023-02-09 not yet calculated CVE-2022-48299
MISC
MISC
huawei — harmonyos/emui The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. 2023-02-09 not yet calculated CVE-2022-48300
MISC
MISC
huawei — harmonyos/emui The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. 2023-02-09 not yet calculated CVE-2022-48301
MISC
MISC
huawei — harmonyos/emui The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality. 2023-02-09 not yet calculated CVE-2022-48302
MISC
MISC
wordpress — wordpress The YourChannel: Everything you want in a YouTube plugin WordPress plugin before 1.2.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 not yet calculated CVE-2022-4833
MISC
wordpress — wordpress The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 not yet calculated CVE-2022-4836
MISC
wordpress — wordpress The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 not yet calculated CVE-2022-4838
MISC
libxpm — libxpm A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. 2023-02-07 not yet calculated CVE-2022-4883
MISC
exo_chat_app — exo_chat_app A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.3.0-20220417 is able to address this issue. The name of the patch is 26bf307d3658d1403cfd5c3ad423ce4c4d1cb2dc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220212. 2023-02-06 not yet calculated CVE-2022-4902
MISC
MISC
MISC
MISC
MISC
MISC
codenameone — codenameone A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. Upgrading to version 7.0.71 is able to address this issue. The name of the patch is dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability. 2023-02-10 not yet calculated CVE-2022-4903
MISC
MISC
MISC
MISC
MISC
palo_alto_networks — cortex_xdr An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent. 2023-02-08 not yet calculated CVE-2023-0001
MISC
palo_alto_networks — cortex_xdr A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. 2023-02-08 not yet calculated CVE-2023-0002
MISC
palo_alto_networks — cortex_xsoar A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. 2023-02-08 not yet calculated CVE-2023-0003
MISC
wordpress — wordpress The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0062
MISC
wordpress — wordpress The ResponsiveVoice Text To Speech WordPress plugin through 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0070
MISC
wordpress — wordpress The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0072
MISC
wordpress — wordpress The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0081
MISC
wordpress — wordpress The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0082
MISC
wordpress — wordpress The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0095
MISC
wordpress — wordpress The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0096
MISC
d-link — dwl-2600ap A command injection vulnerability in the firmware_update command, in the device’s restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. 2023-02-11 not yet calculated CVE-2023-0127
MISC
wordpress — wordpress The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-02-06 not yet calculated CVE-2023-0143
MISC
wordpress — wordpress The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0144
MISC
wordpress — wordpress The Naver Map WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0146
MISC
wordpress — wordpress The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-02-06 not yet calculated CVE-2023-0147
MISC
wordpress — wordpress The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0148
MISC
wordpress — wordpress The WordPrezi WordPress plugin through 0.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-02-06 not yet calculated CVE-2023-0149
MISC
wordpress — wordpress The Cloak Front End Email WordPress plugin through 1.9.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-02-06 not yet calculated CVE-2023-0150
MISC
wordpress — wordpress The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0153
MISC
wordpress — wordpress The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0154
MISC
wordpress — wordpress The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0170
MISC
wordpress — wordpress The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0171
MISC
wordpress — wordpress The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0173
MISC
wordpress — wordpress The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0174
MISC
wordpress — wordpress The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0176
MISC
wordpress — wordpress The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0178
MISC
openssl — openssl The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. 2023-02-08 not yet calculated CVE-2023-0215
MISC
openssl — openssl An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data. 2023-02-08 not yet calculated CVE-2023-0216
MISC
openssl — openssl An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3. 2023-02-08 not yet calculated CVE-2023-0217
MISC
wordpress — wordpress The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. 2023-02-06 not yet calculated CVE-2023-0234
MISC
MISC
MISC
wordpress — wordpress The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-02-06 not yet calculated CVE-2023-0236
MISC
delta_electronics — diascreen Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. 2023-02-08 not yet calculated CVE-2023-0249
MISC
delta_electronics — diascreen Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. 2023-02-08 not yet calculated CVE-2023-0250
MISC
delta_electronics — diascreen
 
Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code. 2023-02-08 not yet calculated CVE-2023-0251
MISC
wordpress — wordpress The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-02-06 not yet calculated CVE-2023-0252
MISC
wordpress — wordpress The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. 2023-02-06 not yet calculated CVE-2023-0282
MISC
openssl — openssl There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. 2023-02-08 not yet calculated CVE-2023-0286
MISC
openssl — openssl A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data. 2023-02-08 not yet calculated CVE-2023-0401
MISC
yugabyte — yugabyte_managed Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0 through 2.13. 2023-02-09 not yet calculated CVE-2023-0574
MISC
yugabyte — yugabyte_db External Control of Critical State Data, Improper Control of Generation of Code (‘Code Injection’) vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2. 2023-02-09 not yet calculated CVE-2023-0575
MISC
linux — kernel A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled. 2023-02-06 not yet calculated CVE-2023-0615
MISC
orangescrum — orangescrum OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. 2023-02-09 not yet calculated CVE-2023-0624
MISC
MISC
forta — goanywhere_mft Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. 2023-02-06 not yet calculated CVE-2023-0669
MISC
MISC
MISC
MISC
MISC
MISC
MISC
xxl-job — xxl-job A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196. 2023-02-04 not yet calculated CVE-2023-0674
MISC
MISC
MISC
phpipam — phpipam Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. 2023-02-04 not yet calculated CVE-2023-0678
MISC
CONFIRM
sourcecodester — canteen_management_system A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220. 2023-02-06 not yet calculated CVE-2023-0679
MISC
MISC
MISC
sourcecodester — online_eyewear_shop A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-220245 was assigned to this vulnerability. 2023-02-06 not yet calculated CVE-2023-0686
MISC
MISC
gnu — c_library A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. 2023-02-06 not yet calculated CVE-2023-0687
MISC
MISC
MISC
MISC
hashicorp — boundary HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0. 2023-02-08 not yet calculated CVE-2023-0690
MISC
google — chrome Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-02-07 not yet calculated CVE-2023-0696
MISC
MISC
google — chrome Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) 2023-02-07 not yet calculated CVE-2023-0697
MISC
MISC
google — chrome Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) 2023-02-07 not yet calculated CVE-2023-0698
MISC
MISC
google — chrome Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) 2023-02-07 not yet calculated CVE-2023-0699
MISC
MISC
google — chrome Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) 2023-02-07 not yet calculated CVE-2023-0700
MISC
MISC
google — chrome Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium) 2023-02-07 not yet calculated CVE-2023-0701
MISC
MISC
google — chrome Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2023-02-07 not yet calculated CVE-2023-0702
MISC
MISC
google — chrome Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium) 2023-02-07 not yet calculated CVE-2023-0703
MISC
MISC
google — chrome Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) 2023-02-07 not yet calculated CVE-2023-0704
MISC
MISC
google — chrome Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) 2023-02-07 not yet calculated CVE-2023-0705
MISC
MISC
sourcecodester — medical_certificate_generator A vulnerability, which was classified as critical, has been found in SourceCodester Medical Certificate Generator App 1.0. Affected by this issue is some unknown functionality of the file manage_record.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-220340. 2023-02-07 not yet calculated CVE-2023-0706
MISC
MISC
sourcecodester — medical_certificate_generator A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this vulnerability. 2023-02-07 not yet calculated CVE-2023-0707
MISC
MISC
wordpress — wordpress The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-02-07 not yet calculated CVE-2023-0731
MISC
MISC
sourcecodester — online_eyewear_shop A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/email/contact leads to cross site scripting. The attack can be launched remotely. The identifier VDB-220369 was assigned to this vulnerability. 2023-02-07 not yet calculated CVE-2023-0732
MISC
MISC
wallabag — wallabag Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. 2023-02-07 not yet calculated CVE-2023-0735
MISC
CONFIRM
wallabag — wallabag Cross-site Scripting (XSS) – Stored in GitHub repository wallabag/wallabag prior to 2.5.4. 2023-02-07 not yet calculated CVE-2023-0736
CONFIRM
MISC
answerdev — answerdev Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4. 2023-02-08 not yet calculated CVE-2023-0739
CONFIRM
MISC
answerdev — answerdev Cross-site Scripting (XSS) – Stored in GitHub repository answerdev/answer prior to 1.0.4. 2023-02-08 not yet calculated CVE-2023-0740
CONFIRM
MISC
answerdev — answerdev Cross-site Scripting (XSS) – DOM in GitHub repository answerdev/answer prior to 1.0.4. 2023-02-08 not yet calculated CVE-2023-0741
CONFIRM
MISC
answerdev — answerdev Cross-site Scripting (XSS) – Stored in GitHub repository answerdev/answer prior to 1.0.4. 2023-02-08 not yet calculated CVE-2023-0742
CONFIRM
MISC
answerdev — answerdev Cross-site Scripting (XSS) – Generic in GitHub repository answerdev/answer prior to 1.0.4. 2023-02-08 not yet calculated CVE-2023-0743
MISC
CONFIRM
answerdev — answerdev Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4. 2023-02-08 not yet calculated CVE-2023-0744
CONFIRM
MISC
yugabyte — yugabyte_managed Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Managed (PlatformReplicationManager.Java modules) allows Path Traversal. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects Yugabyte Managed: from 2.0 through 2.13. 2023-02-09 not yet calculated CVE-2023-0745
MISC
btcpayserver — btcpayserver Cross-site Scripting (XSS) – Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. 2023-02-08 not yet calculated CVE-2023-0747
MISC
CONFIRM
btcpayserver — btcpayserver Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. 2023-02-08 not yet calculated CVE-2023-0748
MISC
CONFIRM
freebsd — freebsd When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key. 2023-02-08 not yet calculated CVE-2023-0751
MISC
glorylion — jfinaloa A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220469 was assigned to this vulnerability. 2023-02-09 not yet calculated CVE-2023-0758
MISC
MISC
MISC
cockpit-hq — cockpit-hq Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. 2023-02-09 not yet calculated CVE-2023-0759
MISC
CONFIRM
gpac — gpac Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. 2023-02-09 not yet calculated CVE-2023-0760
CONFIRM
MISC
gpac — gpac Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. 2023-02-09 not yet calculated CVE-2023-0770
MISC
CONFIRM
ampache — ampache SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop. 2023-02-10 not yet calculated CVE-2023-0771
CONFIRM
MISC
sourcecodester — medical_certificate_generator_app A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220558 is the identifier assigned to this vulnerability. 2023-02-10 not yet calculated CVE-2023-0774
MISC
MISC
MISC
baicells — multiple_products Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. 2023-02-11 not yet calculated CVE-2023-0776
MISC
modoboa — modoboa Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. 2023-02-10 not yet calculated CVE-2023-0777
MISC
CONFIRM
cockpit-hq — cockpit-hq Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. 2023-02-11 not yet calculated CVE-2023-0780
CONFIRM
MISC
sourcecodester — canteen_management_system A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220624. 2023-02-11 not yet calculated CVE-2023-0781
MISC
MISC
MISC
tenda — ac23 A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220640. 2023-02-11 not yet calculated CVE-2023-0782
MISC
MISC
MISC
ecshop — ecshop A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability. 2023-02-11 not yet calculated CVE-2023-0783
MISC
MISC
MISC
mediatek — multiple_products In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494107; Issue ID: ALPS07494107. 2023-02-06 not yet calculated CVE-2023-20602
MISC
mediatek — multiple_products In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494067; Issue ID: ALPS07494067. 2023-02-06 not yet calculated CVE-2023-20604
MISC
mediatek — multiple_products In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550104. 2023-02-06 not yet calculated CVE-2023-20605
MISC
mediatek — multiple_products In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571104; Issue ID: ALPS07571104. 2023-02-06 not yet calculated CVE-2023-20606
MISC
mediatek — ccu In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07512839; Issue ID: ALPS07512839. 2023-02-06 not yet calculated CVE-2023-20607
MISC
mediatek — display_drm In display drm, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363599; Issue ID: ALPS07363599. 2023-02-06 not yet calculated CVE-2023-20608
MISC
mediatek — ccu In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570864; Issue ID: ALPS07570864. 2023-02-06 not yet calculated CVE-2023-20609
MISC
mediatek — display_drm In display drm, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363469; Issue ID: ALPS07363469. 2023-02-06 not yet calculated CVE-2023-20610
MISC
mediatek — gpu In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588678; Issue ID: ALPS07588678. 2023-02-06 not yet calculated CVE-2023-20611
MISC
mediatek — ril In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629571; Issue ID: ALPS07629571. 2023-02-06 not yet calculated CVE-2023-20612
MISC
mediatek — ril In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614. 2023-02-06 not yet calculated CVE-2023-20613
MISC
mediatek — ril In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628615; Issue ID: ALPS07628615. 2023-02-06 not yet calculated CVE-2023-20614
MISC
mediatek — ril In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629572; Issue ID: ALPS07629572. 2023-02-06 not yet calculated CVE-2023-20615
MISC
mediatek — ion In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720. 2023-02-06 not yet calculated CVE-2023-20616
MISC
mediatek — vcu In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184. 2023-02-06 not yet calculated CVE-2023-20618
MISC
mediatek — vcu In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159. 2023-02-06 not yet calculated CVE-2023-20619
MISC
samsung — secure_folder An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. 2023-02-09 not yet calculated CVE-2023-21419
MISC
samsung — stst_ta Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. 2023-02-09 not yet calculated CVE-2023-21420
MISC
samsung — knoxcustommanagerservice Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. 2023-02-09 not yet calculated CVE-2023-21421
MISC
samsung — wifiservice Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. 2023-02-09 not yet calculated CVE-2023-21422
MISC
samsung — chnfilesharekit Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. 2023-02-09 not yet calculated CVE-2023-21423
MISC
samsung — semchameleonhelper Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. 2023-02-09 not yet calculated CVE-2023-21424
MISC
samsung — telecom_application Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. 2023-02-09 not yet calculated CVE-2023-21425
MISC
samsung — nfc Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. 2023-02-09 not yet calculated CVE-2023-21426
MISC
samsung — nfctile Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition. 2023-02-09 not yet calculated CVE-2023-21427
MISC
samsung — telephonyui Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code. 2023-02-09 not yet calculated CVE-2023-21428
MISC
samsung — epdg Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. 2023-02-09 not yet calculated CVE-2023-21429
MISC
samsung — maptobuffer An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault. 2023-02-09 not yet calculated CVE-2023-21430
MISC
samsung — bixby Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision. 2023-02-09 not yet calculated CVE-2023-21431
MISC
samsung — smart_things Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. 2023-02-09 not yet calculated CVE-2023-21432
MISC
samsung — galaxy_store Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. 2023-02-09 not yet calculated CVE-2023-21433
MISC
samsung — galaxy_store Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. 2023-02-09 not yet calculated CVE-2023-21434
MISC
samsung — fingerprint_ta Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log. 2023-02-09 not yet calculated CVE-2023-21435
MISC
samsung — contacts Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID. 2023-02-09 not yet calculated CVE-2023-21436
MISC
samsung — phone_application Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. 2023-02-09 not yet calculated CVE-2023-21437
MISC
samsung — homescreen Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder. 2023-02-09 not yet calculated CVE-2023-21438
MISC
samsung — uwbdatatxstatusevent Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities. 2023-02-09 not yet calculated CVE-2023-21439
MISC
samsung — windowmanagerservice Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. 2023-02-09 not yet calculated CVE-2023-21440
MISC
samsung — multiple_products Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code. 2023-02-09 not yet calculated CVE-2023-21441
MISC
samsung — multiple_products Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information. 2023-02-09 not yet calculated CVE-2023-21442
MISC
samsung — samsung_flow Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. 2023-02-09 not yet calculated CVE-2023-21443
MISC
samsung — samsung_flow Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. 2023-02-09 not yet calculated CVE-2023-21444
MISC
samsung — multiple_products Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent. 2023-02-09 not yet calculated CVE-2023-21445
MISC
samsung — multiple_products Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles. 2023-02-09 not yet calculated CVE-2023-21446
MISC
samsung — samsung_cloud Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud&#39;s privilege via implicit intent. 2023-02-09 not yet calculated CVE-2023-21447
MISC
samsung — samsung_cloud Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file. 2023-02-09 not yet calculated CVE-2023-21448
MISC
samsung — one_hand_operation_+ Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner&#39;s widget without authorization via gesture setting. 2023-02-09 not yet calculated CVE-2023-21450
MISC
samsung — secril A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. 2023-02-09 not yet calculated CVE-2023-21451
MISC
suse — multiple_products An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. 2023-02-07 not yet calculated CVE-2023-22643
CONFIRM
zulip — zulip Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no `Content-Security-Policy` header, allowing them to trick other users into executing arbitrary Javascript in the context of the Zulip application. Among other things, this enables session theft. Only deployments which use the S3 storage (not the local-disk storage) are affected, and only deployments which deployed commit 04cf68b45ebb5c03247a0d6453e35ffc175d55da, which has only been in `main`, not any numbered release. Users affected should upgrade from main again to deploy this fix. Switching from S3 storage to the local-disk storage would nominally mitigate this, but is likely more involved than upgrading to the latest `main` which addresses the issue. 2023-02-07 not yet calculated CVE-2023-22735
MISC
MISC
MISC
MISC
ckan — ckan CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn’t set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images) keitaroinc/docker-ckan (keitaro/ckan images). 2023-02-03 not yet calculated CVE-2023-22746
MISC
MISC
MISC
ruby — ruby_gem A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. 2023-02-09 not yet calculated CVE-2023-22792
MISC
ruby — ruby_gem A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. 2023-02-09 not yet calculated CVE-2023-22794
MISC
ruby — ruby_gem A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. 2023-02-09 not yet calculated CVE-2023-22795
MISC
ruby — ruby_gem A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. 2023-02-09 not yet calculated CVE-2023-22796
MISC
ruby — rails An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability. 2023-02-09 not yet calculated CVE-2023-22797
MISC
brave — adblock-lists Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave’s redirect interceptor removal feature is known as “debouncing” and is intended to remove unnecessary redirects that track users across the web. 2023-02-09 not yet calculated CVE-2023-22798
MISC
ruby — ruby_gem A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. 2023-02-09 not yet calculated CVE-2023-22799
MISC
apache — nifi The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor. 2023-02-10 not yet calculated CVE-2023-22832
MISC
MISC
expressionengine — expressionengine In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. 2023-02-09 not yet calculated CVE-2023-22953
MISC
CONFIRM
invoiceplane — invoiceplane Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. 2023-02-07 not yet calculated CVE-2023-23011
MISC
MISC
sourcecodester — oretnom23_sales_management_system Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php. 2023-02-07 not yet calculated CVE-2023-23026
MISC
phpgurukul — art_gallery_management_system_project
 
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. 2023-02-10 not yet calculated CVE-2023-23161
MISC
MISC
MISC
phpgurukul — art_gallery_management_system_project Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php. 2023-02-10 not yet calculated CVE-2023-23162
MISC
MISC
MISC
phpgurukul — art_gallery_management_system_project Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter. 2023-02-10 not yet calculated CVE-2023-23163
MISC
MISC
MISC
provide — server Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form. 2023-02-10 not yet calculated CVE-2023-23286
MISC
MISC
solarview_compact — solarview_compact There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. 2023-02-06 not yet calculated CVE-2023-23333
MISC
ibm — infosphere_information_server IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423. 2023-02-08 not yet calculated CVE-2023-23475
MISC
wallix — access_manager WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information. 2023-02-09 not yet calculated CVE-2023-23592
MISC
MISC
discourse — discourse Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts. 2023-02-03 not yet calculated CVE-2023-23615
MISC
go-unixfs — go-unixfs go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes. Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions. 2023-02-09 not yet calculated CVE-2023-23625
MISC
MISC
ipfs — go-bitfield go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the `size` is a not a multiple of `8` or is negative. There were already a note in the `NewBitfield` documentation, however known users of this package are subject to this issue. Users are advised to upgrade. Users unable to upgrade should ensure that `size` is a multiple of 8 before calling `NewBitfield` or `FromBytes`. 2023-02-09 not yet calculated CVE-2023-23626
MISC
MISC
ipfs — go_unixfsnode github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb’s implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-02-09 not yet calculated CVE-2023-23631
MISC
MISC
MISC
MISC
dell — command_intel_vpro_out_of_Band Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system. 2023-02-07 not yet calculated CVE-2023-23696
MISC
dell — command_update
 
Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete. 2023-02-10 not yet calculated CVE-2023-23698
MISC
synopsys — coverity Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C 2023-02-06 not yet calculated CVE-2023-23849
MISC
ubiquiti — multiple_products A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability. 2023-02-09 not yet calculated CVE-2023-23912
MISC
switcherapi –switcher-client-master Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version 3.1.4. As a workaround, avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations. 2023-02-03 not yet calculated CVE-2023-23925
MISC
MISC
pyca — cryptography cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8. 2023-02-07 not yet calculated CVE-2023-23931
MISC
MISC
opendds — opendds OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1. 2023-02-03 not yet calculated CVE-2023-23932
MISC
MISC
opensearch-project — anomaly_detection OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data (e.g. averages, sums) of fields that are otherwise restricted to them. This issue only affects authenticated users who were previously granted read access to the indexes containing the restricted fields. This issue has been patched in versions 1.3.8 and 2.6.0. There are no known workarounds for this issue. 2023-02-03 not yet calculated CVE-2023-23933
MISC
pimcore — pimcore Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16. 2023-02-03 not yet calculated CVE-2023-23937
MISC
MISC
openzeppelin — cairo_contracts OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount` preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. The issue has been patched in 0.6.1. 2023-02-03 not yet calculated CVE-2023-23940
MISC
MISC
shopware — swagpaypal SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has been fixed with version 5.4.4. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21. 2023-02-03 not yet calculated CVE-2023-23941
MISC
MISC
nextcloud — desktop_client The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue. 2023-02-06 not yet calculated CVE-2023-23942
MISC
MISC
MISC
nextcloud — mail Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app. 2023-02-06 not yet calculated CVE-2023-23943
MISC
MISC
MISC
MISC
MISC
nextcloud — mail Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user’s passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed. It is recommended that the Nextcloud Mail app is upgraded to 2.2.2. There are no known workarounds for this issue. 2023-02-06 not yet calculated CVE-2023-23944
MISC
MISC
MISC
formwork — formwork A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter. 2023-02-10 not yet calculated CVE-2023-24230
MISC
MISC
inventory-management-system — inventory-management-system A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter. 2023-02-10 not yet calculated CVE-2023-24231
MISC
MISC

php-inventory-management-system — php-inventory-management-system

A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. 2023-02-10 not yet calculated CVE-2023-24232
MISC
MISC
php-inventory-management-system — php-inventory-management-system A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter. 2023-02-10 not yet calculated CVE-2023-24233
MISC
MISC
php-inventory-management-system — php-inventory-management-system A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter. 2023-02-10 not yet calculated CVE-2023-24234
MISC
MISC
totolink — a7100ru TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules. 2023-02-06 not yet calculated CVE-2023-24276
MISC
mojoportal — mojoportal A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. 2023-02-09 not yet calculated CVE-2023-24322
MISC
MISC
MISC
mojoportal — mojoportal Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. 2023-02-09 not yet calculated CVE-2023-24323
MISC
MISC
MISC
d-link — n300_wi-fi_router_ dir-605l D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule. 2023-02-10 not yet calculated CVE-2023-24343
MISC
MISC
d-link — n300_wi-fi_router_ dir-605l D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup. 2023-02-10 not yet calculated CVE-2023-24344
MISC
MISC
d-link — n300_wi-fi_router_ dir-605l D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus. 2023-02-10 not yet calculated CVE-2023-24345
MISC
MISC
d-link — n300_wi-fi_router_ dir-605l D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3. 2023-02-10 not yet calculated CVE-2023-24346
MISC
MISC
d-link — n300_wi-fi_router_ dir-605l D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus. 2023-02-10 not yet calculated CVE-2023-24347
MISC
MISC
d-link — n300_wi-fi_router_ dir-605l D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter. 2023-02-10 not yet calculated CVE-2023-24348
MISC
MISC
d-link — n300_wi-fi_router_ dir-605l D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute. 2023-02-10 not yet calculated CVE-2023-24349
MISC
MISC
d-link — n300_wi-fi_router_ dir-605l D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail. 2023-02-10 not yet calculated CVE-2023-24350
MISC
MISC
d-link — n300_wi-fi_router_ dir-605l D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin. 2023-02-10 not yet calculated CVE-2023-24351
MISC
MISC
d-link — n300_wi-fi_router_ dir-605l D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS. 2023-02-10 not yet calculated CVE-2023-24352
MISC
MISC
dell — alienware_command_center Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system. 2023-02-10 not yet calculated CVE-2023-24569
MISC
dell — command_monitor Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. 2023-02-10 not yet calculated CVE-2023-24573
MISC

churchcrm — churchcrm

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. 2023-02-09 not yet calculated CVE-2023-24684
MISC
MISC
MISC
churchcrm — churchcrm ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. 2023-02-09 not yet calculated CVE-2023-24685
MISC
MISC
MISC
churchcrm — churchcrm An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file. 2023-02-09 not yet calculated CVE-2023-24686
MISC
MISC
MISC
mojoportal — mojoportal Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. 2023-02-09 not yet calculated CVE-2023-24687
MISC
MISC
MISC
mojoportal — mojoportal An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. 2023-02-09 not yet calculated CVE-2023-24688
MISC
MISC
mojoportal — mojoportal An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the “s” parameter in /DesignTools/ManageSkin.aspx 2023-02-09 not yet calculated CVE-2023-24689
MISC
MISC
churchcrm — churchcrm ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. 2023-02-09 not yet calculated CVE-2023-24690
MISC
MISC
pdfio — pdfio PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28kb in size and was discovered via fuzzing. Anyone who uses this library either as a standalone binary or as a library can be DOSed when attempting to parse this type of file. Web servers or other automated processes which rely on this code to turn pdf submissions into plaintext can be DOSed when an attacker uploads the pdf. Please see the linked GHSA for an example pdf. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-02-07 not yet calculated CVE-2023-24808
MISC
MISC
dompdf — dompdf Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if `href` is specified. However, php-svg-lib, which is later used to parse the svg file, parses the href attribute. Since `href` is respected if both `xlink:href` and `href` is specified, it’s possible to bypass the protection on the Dompdf side by providing an empty `xlink:href` attribute. An attacker can exploit the vulnerability to call arbitrary URLs with arbitrary protocols if they provide an SVG file to the Dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, which will lead, at the very least, to arbitrary file deletion and might lead to remote code execution, depending on available classes. This vulnerability has been addressed in commit `95009ea98` which has been included in release version 2.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-02-07 not yet calculated CVE-2023-24813
MISC
MISC
typo3 — typo3 TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv(‘SCRIPT_NAME’)` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto – e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation. 2023-02-07 not yet calculated CVE-2023-24814
MISC
MISC
MISC
MISC
MISC
MISC
MISC
vert-x3 — vertx-web Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return “/” + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized “ are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability. 2023-02-09 not yet calculated CVE-2023-24815
MISC
MISC
MISC
ipython — ipython IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input. 2023-02-10 not yet calculated CVE-2023-24816
MISC
MISC
MISC
MISC
anchore — syft syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFT_ATTEST_PASSWORD environment variable. The `SYFT_ATTEST_PASSWORD` environment variable is for the `syft attest` command to generate attested SBOMs for the given container image. This environment variable is used to decrypt the private key (provided with `syft attest –key <path-to-key-file>`) during the signing process while generating an SBOM attestation. This vulnerability affects users running syft that have the `SYFT_ATTEST_PASSWORD` environment variable set with credentials (regardless of if the attest command is being used or not). Users that do not have the environment variable `SYFT_ATTEST_PASSWORD` set are not affected by this issue. The credentials are leaked in two ways: in the syft logs when `-vv` or `-vvv` are used in the syft command (which is any log level >= `DEBUG`) and in the attestation or SBOM only when the `syft-json` format is used. Note that as of v0.69.0 any generated attestations by the `syft attest` command are uploaded to the OCI registry (if you have write access to that registry) in the same way `cosign attach` is done. This means that any attestations generated for the affected versions of syft when the `SYFT_ATTEST_PASSWORD` environment variable was set would leak credentials in the attestation payload uploaded to the OCI registry. This issue has been patched in commit `9995950c70` and has been released as v0.70.0. There are no workarounds for this vulnerability. Users are advised to upgrade. 2023-02-07 not yet calculated CVE-2023-24827
MISC
MISC
theonedev — onedev Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-02-08 not yet calculated CVE-2023-24828
MISC
MISC
couchbase — couchbase_server Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor. 2023-02-06 not yet calculated CVE-2023-25016
MISC
MISC
MISC
nextcloud — security-advisories
 
Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue. 2023-02-08 not yet calculated CVE-2023-25150
MISC
MISC
MISC
open-telemetry — opentelemetry-go-contrib
 
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` instruments. The `ServerRequest` function sets the `http.target` attribute value to be the whole request URI (including the query string)[^1]. The metric instruments do not “forget” previous measurement attributes when `cumulative` temporality is used, this means the cardinality of the measurements allocated is directly correlated with the unique URIs handled. If the query string is constantly random, this will result in a constant increase in memory allocation that can be used in a denial-of-service attack. This issue has been addressed in version 0.39.0. Users are advised to upgrade. There are no known workarounds for this issue. 2023-02-08 not yet calculated CVE-2023-25151
MISC
MISC
pterodactyl — wings
 
Wings is Pterodactyl’s server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, or potentially add ssh authorized keys to allow the attacker access to a remote shell on the target machine. In order to use this exploit, an attacker must have an existing “server” allocated and controlled by the Wings Daemon. This vulnerability has been resolved in version `v1.11.3` of the Wings Daemon, and has been back-ported to the 1.7 release series in `v1.7.3`. Anyone running `v1.11.x` should upgrade to `v1.11.3` and anyone running `v1.7.x` should upgrade to `v1.7.3`. There are no known workarounds for this vulnerability. ### Workarounds None at this time. 2023-02-08 not yet calculated CVE-2023-25152
MISC
MISC
argoproj — argo-cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an Application via the Argo CD API (and therefor the UI or CLI). The user must have `applications, create` or `applications, update` RBAC access to reach the code which may produce the error. The user is not guaranteed to be able to trigger the error message. They may attempt to spam the API with requests to trigger a rate limit error from the upstream repository. If the user has `repositories, update` access, they may edit an existing repository to introduce a URL typo or otherwise force an error message. But if they have that level of access, they are probably intended to have access to the credentials anyway. A patch for this vulnerability has been released in version 2.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-02-08 not yet calculated CVE-2023-25163
MISC
MISC
MISC
MISC
tinacms — tinacms
 
Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be added in plaintext to the index.js file. If you’re on a version prior to 1.0.0 this vulnerability does not affect you. If you are affected and your Tina-enabled website has sensitive credentials stored as environment variables (eg. Algolia API keys) you should rotate those keys immediately. This issue has been patched in @tinacms/cli@1.0.9. Users are advised to upgrade. There are no known workarounds for this issue. 2023-02-08 not yet calculated CVE-2023-25164
MISC
MISC
helm — helm
 
Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers. 2023-02-08 not yet calculated CVE-2023-25165
MISC
MISC
hapijs — formula
 
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula’s parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability. 2023-02-08 not yet calculated CVE-2023-25166
MISC
MISC
discourse — discourse
 
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue. 2023-02-08 not yet calculated CVE-2023-25167
MISC
MISC
pterodactyl — wings
 
Wings is Pterodactyl’s server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing “server” allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue. 2023-02-09 not yet calculated CVE-2023-25168
MISC
MISC
MISC
harfbuzz — harfbuzz
 
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. 2023-02-04 not yet calculated CVE-2023-25193
MISC
MISC
MISC
FEDORA
apache — kafka_connect
 
A possible security vulnerability has been identified in Apache Kafka Connect. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka 2.3.0. When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector’s Kafka clients to “com.sun.security.auth.module.JndiLoginModule”, which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker’s LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.4.0, we have added a system property (“-Dorg.apache.kafka.disallowed.login.modules”) to disable the problematic login modules usage in SASL JAAS configuration. Also by default “com.sun.security.auth.module.JndiLoginModule” is disabled in Apache Kafka 3.4.0. We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the “org.apache.kafka.disallowed.login.modules” system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot. 2023-02-07 not yet calculated CVE-2023-25194
MISC
MISC
caphyon — advanced_installer
 
Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files. 2023-02-08 not yet calculated CVE-2023-25396
MISC
datahub — datahub
 
DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store (GMS). It has been discovered that the proxy does not adequately construct the URL when forwarding data to GMS, allowing external users to reroute requests from the DataHub Frontend to any arbitrary hosts. As a result attackers may be able to reroute a request from originating from the frontend proxy to any other server and return the result. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076. 2023-02-11 not yet calculated CVE-2023-25557
MISC
datahub — datahub
 
DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the `id_token` is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the id_token claims value start with the {#sb64} prefix, pac4j considers the value to be a serialized Java object and will deserialize it. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. Users are advised to upgrade. There are no known workarounds. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-086. 2023-02-11 not yet calculated CVE-2023-25558
MISC
MISC
datahub — datahub
 
DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieves the header, its name is retrieved in a case-insensitive way. This case differential can be abused by an attacker to smuggle an X-DataHub-Actor header with different casing (eg: X-DATAHUB-ACTOR). This issue may lead to an authorization bypass by allowing any user to impersonate the system user account and perform any actions on its behalf. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-079. 2023-02-11 not yet calculated CVE-2023-25559
MISC
datahub — datahub
 
DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be able to augment these JSON strings to be sent to the backend and that can potentially be abused by including new or colliding values. This issue may lead to an authentication bypass and the creation of system accounts, which effectively can lead to full system compromise. Users are advised to upgrade. There are no known workarounds for this vulnerability. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-080. 2023-02-11 not yet calculated CVE-2023-25560
MISC
datahub — datahub
 
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. The reason for this is that while an error is thrown in the `authenticateJaasUser` method it is swallowed without propagating the error. As a result of this issue unauthenticated users may gain access to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-081. 2023-02-11 not yet calculated CVE-2023-25561
MISC
MISC
datahub — datahub
 
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be bypassed by using a cookie from a logged out session, as a result any logged out session cookie may be accepted as valid and therefore lead to an authentication bypass to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-083. 2023-02-11 not yet calculated CVE-2023-25562
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Posted by

in